Schneier on Security

AUGUST 22, 2023

License plate scanners aren’t new. Neither is using them for bulk surveillance. What’s new is that AI is being used on the data, identifying “suspicious” vehicle behavior: Typically, Automatic License Plate Recognition (ALPR) technology is used to search for plates linked to specific crimes. But in this case it was used to examine the driving patterns of anyone passing one of Westchester County’s 480 cameras over a two-year period.

Surveillance 203

Surveillance Mobile Technology Artificial Intelligence 203

Krebs on Security

AUGUST 22, 2023

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Ransomware 182

Ransomware DNS Firewall 182

Tech Republic Security

AUGUST 22, 2023

If you have users that need certain admin privileges on your Linux machines, here's a walk-through of the process for granting full or specific rights.

151

151

The Last Watchdog

AUGUST 22, 2023

Fremont, Calif., Aug. 22, 2023 — AVer Information Inc. USA , the award-winning provider of video collaboration and education solutions, announces a technology collaboration with Nureva to streamline hybrid meeting room connectivity. The plug-and-play hybrid meeting bundles include AVer’s CAM550 , a 4K dual lens PTZ camera, and Nureva’s HDL300 audio system , an integrated microphone and speaker bar.

Artificial Intelligence 100

Artificial Intelligence Education Technology Mobile 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 22, 2023

Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.

Cybersecurity 132

Cybersecurity Artificial Intelligence Phishing 132

eSecurity Planet

AUGUST 22, 2023

Cybersecurity can be difficult to implement, and to make matters worse, the security professionals needed to do it right are in short supply. Managed IT security service providers (MSSPs) make life easier for organizations by providing outsourced expertise and tools at a fraction of the cost, time, and trouble of doing it yourself. This article will explore the nature of MSSPs and how they can help businesses, nonprofits, governments, and other organizations have better security with less effort

Telecommunications 98

Telecommunications Firewall Penetration Testing Cybersecurity 98

The Hacker News

AUGUST 22, 2023

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis.

Malware 94

Malware 94

eSecurity Planet

AUGUST 22, 2023

With the ever-present threat of data breaches, organizations need to adopt best practices to help prevent breaches and to respond to them when they occur to limit any damage. And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices. Here are some data breach prevention and response practices that have stood the test of time, followed by a reference list of some vendor resources that can help you improve your own cybersecurity and inciden

Data breaches 98

Data breaches Big data Penetration Testing Cyber Attacks 98

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The Snatch ransomware group added the Department of Defence South Africa to its data leak site. The mission of the Department of Defence is to provide, manage, prepare and employ defence capabilities commensurate with the needs of South Africa, as regulated by the Constitution, national legislation, parliamentary and executive direction.

Hacking 96

Hacking Computers and Electronics Ransomware Risk 96

Malwarebytes

AUGUST 22, 2023

A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. All the victim has to do is to open a specially crafted archive. After receiving a report about the vulnerability in June, a new version of the software was published on August 2, 2023. Users should install the latest version (WinRAR 6.23 or later) at their earliest convenience.

Malware 94

Malware Backups Software Ransomware 94

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

AUGUST 22, 2023

Remote access security is critical for protecting increasingly distributed work environments, ensuring that only authorized users can access your valuable information regardless of their location. Remote access security acts as something of a virtual barrier, preventing unauthorized access to data and assets beyond the traditional network perimeter.

Passwords 96

Passwords Authentication Encryption VPN 96

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

VPN 94

VPN Ransomware Hacking Education 94

Dark Reading

AUGUST 22, 2023

Spin.AI's risk assessment of some 300,000 browser extensions had overly permissive access and could execute potentially malicious behaviors.

Risk 98

Risk 98

SecureWorld News

AUGUST 22, 2023

CyCognito has released its semi-annual State of External Exposure Management Report , revealing a staggering number of vulnerable public cloud, mobile, and web applications exposing sensitive data, including unsecured APIs and personally identifiable information (PII). Developed by CyCognito's research division, the report is based on analysis of 3.5 million assets across its enterprise customer base, including a number of Fortune 500 companies.

Mobile 87

Mobile Penetration Testing Backups Data breaches 87

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

AUGUST 22, 2023

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.

85

85

Trend Micro

AUGUST 22, 2023

In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.

Malware 86

Malware 86

ZoneAlarm

AUGUST 22, 2023

In today’s interconnected digital landscape, the importance of cybersecurity has become undeniable. LinkedIn, the renowned professional networking platform, faces a mounting concern with a sudden surge in account takeovers and user frustrations. This rise in security breaches shines a light on the challenges of online safety, especially when personal and professional worlds merge seamlessly.

Accountability 86

Accountability Cybersecurity Data privacy Passwords 86

Security Affairs

AUGUST 22, 2023

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can lead to arbitrary code execution in the context of the current us

Hacking 89

Hacking Risk Cybersecurity Information Security 89

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

AUGUST 22, 2023

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee.

Software 78

Software Cybersecurity 78

Security Affairs

AUGUST 22, 2023

The Australian software provider Energy One announced it was hit by a cyberattack last week that affected certain corporate systems in Australia and the UK. The Australian software provider Energy One announced that a cyberattack hit certain corporate systems in Australia and the UK last week. Energy One is a global supplier of software products and services to wholesale energy, environmental and carbon trading markets. “On Friday, 18 August 2023, Energy One Limited established that certai

Cyber Attacks 89

Cyber Attacks Software Marketing Hacking 89

WIRED Threat Level

AUGUST 22, 2023

Unlike web browsers, mobile apps increasingly make it difficult or impossible to see what companies are really doing with your data. The answer? An inspectability API.

Internet 82

Internet Internet Mobile 82

Security Affairs

AUGUST 22, 2023

US Government and defense contractor Belcan left its super admin credentials open to the public, Cybernews research team reveals. Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions. The company, with reported revenue of $950 million in 2022, is a trusted strategic partner to more than 40 US Federal agencies.

Passwords 89

Passwords Penetration Testing Engineering Manufacturing 89

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Naked Security

AUGUST 22, 2023

Cryptography isn’t just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

Passwords 92

Passwords Authentication 92

Dark Reading

AUGUST 22, 2023

Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.

Risk 77

Risk Cybersecurity 77

SecureBlitz

AUGUST 22, 2023

Finding the proper software development company is critical in today's digital world for organizations looking to boost their online presence, increase productivity, and build novel solutions. It can be difficult to choose the best solution for your needs from the profusion of possibilities accessible in the United States. The purpose of this article is to […] The post How to Choose the Best Software Development Company in the USA appeared first on SecureBlitz Cybersecurity.

Software 78

Software Cybersecurity 78

Dark Reading

AUGUST 22, 2023

The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.

Cybercrime 85

Cybercrime 85

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Guardian

AUGUST 22, 2023

In this blog, we ask six data protection experts how modern organizations can protect their data now and in the future.

98

98

Dark Reading

AUGUST 22, 2023

Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.

Software 84

Software 84

The Hacker News

AUGUST 22, 2023

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity.

Cybersecurity 76

Cybersecurity CISO Cyber threats 76

Dark Reading

AUGUST 22, 2023

Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.

Malware 88

Malware Software 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.