Joseph Steinberg

AUGUST 9, 2023

Newsweek recently profiled Joseph Steinberg, a member of its Expert Forum, who regularly serves as a cybersecurity expert witness in both civil and criminal cases throughout the United States and Canada. Cybercrime-related civil lawsuits and criminal prosecutions are, of course, highly dependent on complex technical details — complicating the task of judges and juries in their quest to deliver justice.

Cybersecurity 241

Cybersecurity Artificial Intelligence Cybercrime 241

Schneier on Security

AUGUST 9, 2023

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever.

Software 182

Software 182

Anton on Security

AUGUST 9, 2023

Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 6 most popular posts of all times (these ended up being the same as last quarter, and a few quarters before) : “Security Correlation Then and Now:

Threat Detection 130

Threat Detection Cloud Migration Encryption CISO 130

Tech Republic Security

AUGUST 9, 2023

Your computer network is under constant attack. The hard reality is that one of those cyberattacks will succeed, and you had better be prepared. This quick glossary from TechRepublic Premium explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. From the glossary: EVIDENCE COLLECTION POLICY.

Cybersecurity 119

Cybersecurity 119

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

AUGUST 9, 2023

New York, N.Y., Aug.9, 2023 – Today, the Fireblocks Cryptography Research Team announced the findings of multiple zero-day vulnerabilities in some of the most used cryptographic multi-party computation (MPC) protocols, including GG-18, GG-20, and implementations of Lindell 17. If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor.

Technology 100

Technology Retail Insurance CISO 100

Dark Reading

AUGUST 9, 2023

A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.

Malware 98

Malware 98

Security Affairs

AUGUST 9, 2023

The Balada Injector is still at large and still evading security software by utilizing new domain names and using new obfuscation. During a routine web monitoring operation, we discovered an address that led us down a rabbit hole of WordPress-orientated “hack waves” caused by the Balada Injector malware. This evidence suggests that the malware is still at large and still evading security software by utilizing new domain names and slight changes between the waves of obfuscated attacks.

Malware 95

Malware Software Hacking Engineering 95

Heimadal Security

AUGUST 9, 2023

The UK Electoral Commission revealed a cyberattack that exposed the personal data of all registered voters between 2014 and 2022. The attack took place in August 2021, but the Commission only discovered the breach in October 2022. Threat actors had access to the Commission’s servers, including the email system, control systems, and copies of the […] The post UK Electoral Commission Data Breach Exposes Information of 40 Million Voters appeared first on Heimdal Security Blog.

Data breaches 92

Data breaches Cybersecurity 92

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months. Most of the attacks targeted high-ranking executives.

Accountability 93

Accountability Phishing Authentication Architecture 93

WIRED Threat Level

AUGUST 9, 2023

Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.

Hacking 98

Hacking 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 9, 2023

From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.

Cybersecurity 89

Cybersecurity Risk 89

Malwarebytes

AUGUST 9, 2023

August’s Patch Tuesday is a lot quieter than it was last month, when Microsoft patched a whopping 130 vulnerabilities. That number went down to 87 this month but it does include two actively exploited vulnerabilities. Let’s start by looking at those two: CVE-2023-38180 ( CVSS score 7.5 out of 10): a.NET and Visual Studio Denial of Service (DoS) vulnerability.

Risk 86

Risk Cybersecurity 86

Dark Reading

AUGUST 9, 2023

A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause.

88

88

ZoneAlarm

AUGUST 9, 2023

Researchers from the Technical University of Berlin have shaken the automotive industry by uncovering vulnerabilities within Tesla’s advanced infotainment systems. This groundbreaking discovery demonstrates the lengths to which modern vehicles can be exploited, particularly as car manufacturers increasingly intertwine their designs with sophisticated technology.

Manufacturing 85

Manufacturing Technology Data privacy 85

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

AUGUST 9, 2023

Hackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023.

Cybersecurity 84

Cybersecurity 84

Dark Reading

AUGUST 9, 2023

Wi-Fi settings are easily stolen when old gadgets are gotten rid of, which puts end users in the crosshairs for network attacks.

Hacking 97

Hacking 97

The Hacker News

AUGUST 9, 2023

Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan.

Phishing 85

Phishing 85

Dark Reading

AUGUST 9, 2023

At Black Hat USA 2023, Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.

87

87

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

AUGUST 9, 2023

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC), it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their side, and a host of tactics, techniques, and procedures (TTPs) that have evolved.

Penetration Testing 76

Penetration Testing 76

SecureBlitz

AUGUST 9, 2023

Here, I will talk about the transformative impact of Artificial Intelligence on surveillance and safety. Artificial Intelligence (AI): it's not just a buzzword or the latest fad. It's become the buddy cop, the trusty sidekick to security professionals in their daily operations. Remember the days when security meant bulky cameras and slow response times?

Artificial Intelligence 74

Artificial Intelligence Surveillance Cybersecurity 74

The Hacker News

AUGUST 9, 2023

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs.

Architecture 82

Architecture Cybersecurity 82

WIRED Threat Level

AUGUST 9, 2023

You can also set up alerts for whenever your home address, phone number, or email address appears in Search.

97

97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

DoublePulsar

AUGUST 9, 2023

You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented. The Electoral Commission ran Microsoft Exchange Server on IP 167.98.206.41 ( found by TechCrunch ) — this was online until later in 2022, at which point it dropped offline.

Internet 72

Internet Internet Hacking Government 72

Dark Reading

AUGUST 9, 2023

Operation Jackal involved law enforcement agencies in 21 countries and yielded more than 100 arrests.

Cybercrime 98

Cybercrime 98

Heimadal Security

AUGUST 9, 2023

Downfall vulnerability impacts various Intel microprocessors and enables encryption keys, passwords, and other sensitive data exfiltration. The flaw was dubbed CVE-2022-40982 and was reported to Intel by security researcher Daniel Moghimi. The researcher provided a proof-of-concept that leverages the Gather instruction in two ways. Intel released patches for the Downfall vulnerability that impacts recently sold […] The post Downfall Vulnerability Exposes Intel CPUs to Data and Encryption K

Encryption 70

Encryption Passwords Cybersecurity 70

Dark Reading

AUGUST 9, 2023

Bugs in popular digital signature schemes designed to protect crypto investors allow attackers to steal private keys gain full access to digital wallets.

77

77

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

AUGUST 9, 2023

Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU. Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. An attacker can exploit this vulnerability to access and steal data from other users who share the same systems.

Firmware 70

Firmware Encryption Software Banking 70

Dark Reading

AUGUST 9, 2023

The APT has been rampaging across three continents on behalf of China's Ministry of State Security, and now claims the throne as kings of intelligence gathering and economic espionage.

70

70

Graham Cluley

AUGUST 9, 2023

Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call? Meanwhile, Graham rants about public EV chargers. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Cybersecurity 69

Cybersecurity Data breaches Cryptocurrency Malware 69

The Security Ledger

AUGUST 9, 2023

In this episode of the podcast, host Paul Roberts speaks with Colin O'Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home's electric oven - and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff. The post Black Hat: Colin O’Flynn On. Read the whole entry. » Click the icon below to listen.

Hacking 75

Hacking IoT Software Internet 75

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.