Joseph Steinberg

NOVEMBER 1, 2023

While many people seem to be discussing the dangers of Artificial Intelligence (AI) – many of these discussions seem to focus on, what I believe, are the wrong issues. I began my formal work with AI while a graduate student at NYU in the mid-1990s; the world of AI has obviously advanced quite a bit since that time period, but, many of the fundamental issues that those of us in the field began recognizing almost 3 decades ago not only remain un-addressed, but continue to pose increasingly l

Artificial Intelligence 169

Artificial Intelligence Social Engineering Engineering Phishing 169

Tech Republic Security

NOVEMBER 1, 2023

Research has found 91% of CEOs view IT security as a technical function that's the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.

Cyber Risk 161

Cyber Risk CISO Risk Data breaches 161

Thales Cloud Protection & Licensing

NOVEMBER 1, 2023

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. Protecting our customers from cybersecurity threats brings us immense satisfaction, and being recognized for our efforts is both humbling and validating. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes.

Marketing 143

Marketing Cybersecurity Technology CISO 143

Tech Republic Security

NOVEMBER 1, 2023

The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe's stringent data laws.

Big data 161

Big data 161

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 1, 2023

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version. [.

137

137

Security Boulevard

NOVEMBER 1, 2023

Orca Security is adding LLMs hosted on the AWS cloud to those from Microsoft and OpenAI to provide additional generative AI capabilities to cybersecurity teams. The post Orca Security Taps Amazon for Generative AI Expertise appeared first on Security Boulevard.

Cybersecurity 127

Cybersecurity 127

Bleeping Computer

NOVEMBER 1, 2023

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July. [.

Advertising 122

Advertising Technology 122

We Live Security

NOVEMBER 1, 2023

ESET researchers describe how they found a kill switch that had been used to take down one of the most prolific botnets out there – Mozi

IoT 139

IoT 139

Dark Reading

NOVEMBER 1, 2023

The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.

142

142

The Hacker News

NOVEMBER 1, 2023

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST said in a statement.

118

118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 1, 2023

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. [.

Malware 118

Malware 118

Security Affairs

NOVEMBER 1, 2023

Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023

Authentication 117

Authentication Hacking Cybersecurity Information Security 117

Bleeping Computer

NOVEMBER 1, 2023

Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant. [.

112

112

Security Affairs

NOVEMBER 1, 2023

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. The British Library is the national library of the United Kingdom and one of the world’s largest libraries.

Technology 115

Technology Cyber Attacks Hacking Cybersecurity 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

NOVEMBER 1, 2023

Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations. [.

109

109

Security Affairs

NOVEMBER 1, 2023

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog. CISA has the two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation.

Authentication 114

Authentication Hacking Risk Cybersecurity 114

Malwarebytes

NOVEMBER 1, 2023

The Securities and Exchange Commission (SEC) has announced charges against software company SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 2020, SolarWinds announced it had been hacked and that its compromised software channel was used to push out malicious updates onto 18,000 of its Orion platform customers.

CISO 108

CISO Risk Software Cybersecurity 108

Bleeping Computer

NOVEMBER 1, 2023

Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. [.

Government 108

Government 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Graham Cluley

NOVEMBER 1, 2023

Workers wonder if their colleagues are actually AI, and we take a deeper look into the curious scams going on via Booking.com. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Scams 104

Scams Cybersecurity Phishing Malware 104

Bleeping Computer

NOVEMBER 1, 2023

F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution. [.

105

105

The Hacker News

NOVEMBER 1, 2023

A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years.

104

104

Bleeping Computer

NOVEMBER 1, 2023

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. [.

Internet 111

Internet Internet 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

NOVEMBER 1, 2023

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution.

Ransomware 104

Ransomware Cybersecurity 104

Dark Reading

NOVEMBER 1, 2023

The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.

Cybersecurity 118

Cybersecurity Education 118

The Hacker News

NOVEMBER 1, 2023

The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar. The new findings come from Palo Alto Networks Unit 42, which is tracking the adversary under its constellation-themed moniker Pensive Ursa.

Hacking 98

Hacking 98

WIRED Threat Level

NOVEMBER 1, 2023

The slow-motion implosion of Elon Musk’s X has given rise to a slew of competitors, where privacy invasions that ran rampant over the past decade still largely persist.

Media 97

Media 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

NOVEMBER 1, 2023

A threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year.

Government 96

Government Telecommunications Cybersecurity 96

Dark Reading

NOVEMBER 1, 2023

Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.

CISO 102

CISO 102

Fox IT

NOVEMBER 1, 2023

Authored by Mick Koomen Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a half years and take a look at recent activity of Blister. The overview shows that since its support for environmental keying, most samples have this feature enabled, indicating that attackers mostly use Blister in a targeted manner.

Computers and Electronics 92

Computers and Electronics Encryption DNS Ransomware 92

Dark Reading

NOVEMBER 1, 2023

Detection and incident response in a cloud environment can be a new challenge for security professionals who build their expertise before the cloud, and requires coordination between your organization’s internal teams and your cloud security provider’s security apparatus.

94

94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.