Schneier on Security
AUGUST 23, 2023
Imagine that we’ve all—all of us, all of society—landed on some alien planet, and we have to form a government: clean slate. We don’t have any legacy systems from the US or any other country. We don’t have any special or unique interests to perturb our thinking. How would we govern ourselves? It’s unlikely that we would use the systems we have today.
Bleeping Computer
AUGUST 23, 2023
Microsoft has released the optional KB5029331 Preview cumulative update for Windows 10 22H2 with sixteen improvements or fixes, including the introduction of a new Backup app. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
IT Security Guru
AUGUST 23, 2023
BizDevOps in a nutshell Many organisations claim to be data-centric and data-driven. Making informed decisions based on what their organisation’s data is telling them. But how many organisations can truly say they have an effective and operational Data Management framework in place? The good news is that it is relatively easy to remove the toil and burden with automation and implementing a Data Model program to improve the accuracy and quality of the underlying data.
Bleeping Computer
AUGUST 23, 2023
Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
eSecurity Planet
AUGUST 23, 2023
Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets. A typical spear phishing attack follows a familiar pattern of emails with attachments.
Malwarebytes
AUGUST 23, 2023
In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an AutoIT script where the payload was obfuscated to avoid detection.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
AUGUST 23, 2023
Starting on Monday, Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information (PII) was exposed in the incident. [.
Security Affairs
AUGUST 23, 2023
The U.S. DoJ charged two men with operating the Tornado Cash service and laundering more than $1 Billion in criminal proceeds. The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV have been charged with one count of conspiracy to commit money laundering and one count of conspiracy to violate the International Economic Emergency Powers Act.
Bleeping Computer
AUGUST 23, 2023
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information. [.
Heimadal Security
AUGUST 23, 2023
Malicious actors exposed 2.6 million DuoLingo users` data on the dark web. The announcement posted on August 22nd made the data available for a cost of only $2.13. The scraped DuoLingo data was previously for sale on another dark forum, in January 2023, at a cost of $1,500. How Did Hackers Obtain the Data The […] The post Threat Actors Leak 2.6 Million DuoLingo Users` Data on Hacking Forum appeared first on Heimdal Security Blog.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 23, 2023
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. [.
The Hacker News
AUGUST 23, 2023
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week.
Heimadal Security
AUGUST 23, 2023
Researchers observed a critical Ivanti Sentry API authentication bypass vulnerability exploited in the wild. The flaw was dubbed CVE-2023-38035 and it enables authentication bypass on Ivanti Sentry versions 9.18 and prior, due to improper Apache HTTPD configuration. According to the company, CVE-2023-38035 doesn`t impact any of its other products, such as Ivanti EPMM, MobileIron Cloud […] The post New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs appeared first on H
Security Affairs
AUGUST 23, 2023
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
AUGUST 23, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 11, 2023 to protect their networks against active threats.
The Hacker News
AUGUST 23, 2023
The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as TraderTraitor, which is also known by the name Jade Sleet.
WIRED Threat Level
AUGUST 23, 2023
Here’s what the science really says about teens and screens—and how to start the conversation with young people of any age.
Graham Cluley
AUGUST 23, 2023
The BlackCat ransomware gang has claimed credit for a cybersecurity attack against Japanese watchmaker Seiko. BlackCat (also known as ALPHAV) posted on its dark web leak site what it claims are files stolen from Seiko's servers.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
AUGUST 23, 2023
Threat actors launched a reconnaissance attack against a server belonging to the U.S. Department of Defense, as part of HiatusRAT Malware Campaign. The adversaries also targeted Taiwan-based organizations, such as several companies and a municipal government institution. HiatusRAT was first observed at the beginning of 2023, targeting organizations in Europe and Latin America.
GlobalSign
AUGUST 23, 2023
Curious about the ACME protocol and its advantages? Discover how this protocol works and the benefits it brings to businesses and individuals.
SecureWorld News
AUGUST 23, 2023
On August 8, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Initial Public Draft of its Cybersecurity Framework (CSF) version 2.0. For a solid rundown of what the updates mean, check out this SecureWorld article from Kip Boyle , vCISO, Cyber Risk Opportunities LLC. Boyle is teaching PLUS Courses on the NIST CSF at all six in-person regional SecureWorld conferences this fall , including Denver on Sept. 19, Detroit on Sept. 28, St.
Dark Reading
AUGUST 23, 2023
The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureWorld News
AUGUST 23, 2023
This morning, Critical Start released its first ever Cyber Risk Landscape Peer Report , which explores some of the major concerns and challenges currently confronting cybersecurity leaders as they manage risk within their organizations. The report also examines the amount of risk that organizations are willing to accept, resource constraints, and key priorities for approaching cyber risk in the future.
Dark Reading
AUGUST 23, 2023
Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.
The Hacker News
AUGUST 23, 2023
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally.
Dark Reading
AUGUST 23, 2023
The eSentire LLM Gateway provides monitoring and governance of ChatGPT and other Large Language Models being used in the organization.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureBlitz
AUGUST 23, 2023
Here, I will talk about API Development. In the rapidly evolving landscape of technology, Application Programming Interfaces play a pivotal role in enabling seamless communication and integration between different software systems. From powering web applications to facilitating data sharing, they have become a cornerstone of enterprise software development services.
Dark Reading
AUGUST 23, 2023
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
The Hacker News
AUGUST 23, 2023
Developers are not the only people who have adopted the agile methodology for their development processes.
Dark Reading
AUGUST 23, 2023
The Defense Department must modernize user activity monitoring by prioritizing data that can be used early to proactively mitigate insider risk.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
199 
Let's personalize your content