Schneier on Security

AUGUST 21, 2023

At Black Hat last week, the White House announced an AI Cyber Challenge. Gizmodo reports : The new AI cyber challenge (which is being abbreviated “AIxCC”) will have a number of different phases. Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate in a 2024 “qualifying event.” During that event, the top 20 teams will be invited to a semifinal competi

Cybersecurity 191

Cybersecurity Small Business Government Software 191

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Scams 246

Scams Banking Accountability Authentication 246

Tech Republic Security

AUGUST 21, 2023

Smart spaces bring together universal connectivity, security, and intelligence to modernize the workspace experience. But what are technology leaders saying about this accelerated digital transition to smarter spaces? What are the benefits? Where is the room for growth? A recent CIO Dive survey reveals how teams across industries are working toward answering these questions.

Technology 106

Technology 106

The Last Watchdog

AUGUST 21, 2023

Boston, Mass, Aug. 22, 2023 – airSlate , a leader in document workflow automation solutions, today announced the launch of QuickStart in collaboration with partner Forthright Technology Providers , a leading provider of user-centric IT solutions and services. The comprehensive package, available at a fixed price, combines airSlate’s automation tools, including customizable workflows and built-in eSignatures, with Forthright’s professional services, enabling organizations to streamline business

Digital transformation 100

Digital transformation Media Technology Engineering 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

AUGUST 21, 2023

Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. [.

Authentication 98

Authentication Technology 98

The Hacker News

AUGUST 21, 2023

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.

98

98

Digital Guardian

AUGUST 21, 2023

The Australian Privacy Act 1988 has been a cornerstone in protecting Australians’ privacy rights and governing how personal information is collected, used, and managed by organizations. Here you’ll find more about what the Privacy Act is and how it could impact you or your organization.

Government 98

Government 98

Security Boulevard

AUGUST 21, 2023

In the second episode of Conversations from the Inside: The Psychology of Insider Risk Management: Time and Place Matters, renowned intelligence and security expert Christopher Burgess sat down with MITRE’s Chief Scientist for Insider Threat Research & Solutions and Senior Principal Behavioral Scientist for Insider Threat, Dr. Deanna Caputo, to discuss the role of human … Continued The post The Psychology of Insider Risk Management appeared first on DTEX Systems Inc.

Risk 97

Risk 97

Bleeping Computer

AUGUST 21, 2023

Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password. [.

Passwords 96

Passwords 96

Security Boulevard

AUGUST 21, 2023

In the fast-paced world of modern development that is driven by the constant need for innovation and rapid delivery, security teams are facing an increasing challenge in ensuring secure application delivery. The adoption of agile and CI/CD practices results in hundreds of code changes that are being pushed into production every day. To keep up with the pace of innovation and ensure that these changes aren’t introducing new risks and critical vulnerabilities into the software development lifecyc

Software 96

Software Risk 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

AUGUST 21, 2023

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests.

Malware 97

Malware Hacking 97

eSecurity Planet

AUGUST 21, 2023

Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and similar backdoors on vulnerable systems.

Encryption 98

Encryption Cybersecurity Security Defenses Software 98

Malwarebytes

AUGUST 21, 2023

Researchers have published details about a phishing campaign that uses QR codes to phish for Microsoft credentials. A QR (Quick Response) code is a kind of two-dimensional barcode that holds encoded data in a graphical black-and-white pattern. The data that a QR code stores can include URLs, email addresses, network details, Wi-Fi passwords, serial numbers, etc.

Phishing 94

Phishing Mobile Passwords Media 94

Bleeping Computer

AUGUST 21, 2023

The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese firm earlier this month. [.

Ransomware 95

Ransomware 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

AUGUST 21, 2023

Even if You Are not a Pirate: Fix for CVE-2023-40477 now available. The post LOL WinRAR: Serious One-Click Bug (Patch NOW) appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Engineering Security Awareness Risk 98

Malwarebytes

AUGUST 21, 2023

Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117 , Chrome will “proactively highlight to users when an extension they have installed is no longer in the Chrome web store” Previously, if you installed an extension which was subsequently unpublished by the developer or removed by Google, the extension you installed would remain in place, even if it was malicious.

Malware 92

Malware Accountability Risk Cybersecurity 92

Security Affairs

AUGUST 21, 2023

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.

Hacking 91

Hacking Ransomware Data breaches Cyber Attacks 91

The Hacker News

AUGUST 21, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.

Cybersecurity 91

Cybersecurity 91

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

AUGUST 21, 2023

White hat hackers at the recent hacking conference Def Con demonstrated how to spoof an Apple device and trick users into sharing their sensitive data. At the recent Def Con hacking conference, white hat hackers demonstrated how to spoof an Apple device and trick users into sharing their sensitive data. As reported by Techcrunch, attendees at the conference using iPhones started observing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.

Advertising 89

Advertising Hacking Passwords Mobile 89

The Hacker News

AUGUST 21, 2023

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.

Software 90

Software Authentication 90

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product. The vulnerability could be exploited to access sensitive API data and configurations, run system commands, or write files onto the system.

Authentication 87

Authentication Internet Internet Mobile 87

Identity IQ

AUGUST 21, 2023

What is Clone Phishing and How Do I Avoid It? IdentityIQ Nowadays, cyber threats are something we can’t ignore – and as technology advances, so do the methods used by scammers. One of the most devious tricks that they use is called clone phishing. In this blog post, we dive into the world of clone phishing, shedding light on what it is, the potential risks it poses, and most importantly, how to protect yourself from falling victim to it.

Phishing 87

Phishing Authentication Passwords Identity Theft 87

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

AUGUST 21, 2023

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild. [.

Authentication 93

Authentication Software 93

Dark Reading

AUGUST 21, 2023

AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.

85

85

Bleeping Computer

AUGUST 21, 2023

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser. [.

Scams 94

Scams 94

Security Affairs

AUGUST 21, 2023

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. Threat actors leveraged edge routers, or “living on the edge” access, to passively collect traffic and set up a covert C2 infrastructure.

Architecture 84

Architecture Manufacturing Malware Government 84

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

AUGUST 21, 2023

Heimdal® has announced its entry into the Extended Detection and Response (XDR) market with a disruptive SaaS platform. The company offers the widest XDR suite in the industry, featuring 10-in-1 award-winning solutions, all in one unified, easy-to-use console. Discover Extended Detection and Response. XDR Solution by Heimdal. XDR represents a paradigm shift in cybersecurity, offering comprehensive […] The post Introducing Heimdal XDR: A Game-Changer Disrupting the Market with the Widest Ra

Marketing 84

Marketing Cybersecurity 84

The Hacker News

AUGUST 21, 2023

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking.

Accountability 83

Accountability 83

Dark Reading

AUGUST 21, 2023

Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.

Media 92

Media 92

SecureBlitz

AUGUST 21, 2023

Power BI has become a powerhouse in the constantly changing world of business intelligence and data analysis, helping enterprises to turn raw data into useful insights. Power BI Report Builder's ability to produce paginated reports stands out among its variety of capabilities for its accuracy and organized reporting style. Using Power BI Paginated reports, we'll […] The post Simplified Reporting: Paginated Reports via Power BI Report Builder appeared first on SecureBlitz Cybersecurity.

Cybersecurity 79

Cybersecurity 79

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.