Schneier on Security

AUGUST 14, 2023

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story : The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matte

Hacking 209

Hacking Cybersecurity 209

Troy Hunt

AUGUST 14, 2023

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are: Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data bre

Data breaches 209

Data breaches Mobile Engineering 209

Krebs on Security

AUGUST 14, 2023

John Clifton Davies , a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch , and Diligere[.]co.uk , a scam due diligence company that Equity-Invest insists all investment partners use.

Scams 162

Scams Software Technology 162

Tech Republic Security

AUGUST 14, 2023

With security schema, Splunk and collaborators aim to transform alert telemetry from cacophony to chorus with one taxonomy across vendors and tools.

Cybersecurity 143

Cybersecurity Software 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

AUGUST 14, 2023

"Freedom" is a big word, and for many parents today, it's a word that includes location tracking. Across America, parents are snapping up Apple AirTags, the inexpensive location tracking devices that can help owners find lost luggage, misplaced keys, and—increasingly so—roving toddlers setting out on mini-adventures. The parental fear right now, according to The Washington Post technology reporter Heather Kelly, is that "anybody who can walk, therefore can walk away.

Mobile 98

Mobile Internet Internet Technology 98

Tech Republic Security

AUGUST 14, 2023

This attack sent approximately 120,000 phishing emails to organizations worldwide with the goal to steal Microsoft 365 credentials.

Phishing 145

Phishing Authentication Cybersecurity 145

Tech Republic Security

AUGUST 14, 2023

Unmanned aircraft systems, more commonly known as drones, have quite literally taken off by performing many new and inventive commercial applications. Delivering packages, recording terrain, reporting news, documenting wildlife and even providing internet access are just a few of the functions drones can offer. The list is sure to grow longer and more diverse as.

Internet 116

Internet Internet 116

Bleeping Computer

AUGUST 14, 2023

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows. [.

96

96

Tech Republic Security

AUGUST 14, 2023

Discover strategies for securing data on your personal Mac for work tasks. Learn how to protect your device against potential threats.

Big data 129

Big data Passwords Cybersecurity 129

Bleeping Computer

AUGUST 14, 2023

The Monti ransomware has returned to action after a two-month hiatus, now targeting primarily legal and government organizations, and VMware ESXi servers using a new Linux variant that is vastly different from its predecessors. [.

Ransomware 93

Ransomware Government 93

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

AUGUST 14, 2023

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and Lincoln vehicles. The company said it started an investigation and subsequently decided that the vulnerability does not affect vehicle driving safety.

Wireless 91

Wireless VPN Software Engineering 91

The Hacker News

AUGUST 14, 2023

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.

Software 91

Software 91

Security Affairs

AUGUST 14, 2023

Multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning ( ZTP ) can expose to several attacks. Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning ( ZTP ) that could be exploited by an attacker to conduct several attacks. The experts presented their findings at the Black Hat USA security conference last week.

Firmware 91

Firmware Authentication Passwords Hacking 91

Digital Guardian

AUGUST 14, 2023

Bad bots, malicious programs and applications designed to deface websites and carry out DDoS attacks, can negatively impact a company's business.

DDOS 98

DDOS 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

AUGUST 14, 2023

The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the personal and health information of the impacted individuals. “After IBM notified HCPF that it was impacted by the MOVEit incident, HCPF launched an in

Identity Theft 88

Identity Theft Data breaches Ransomware Education 88

Bleeping Computer

AUGUST 14, 2023

Researchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Many of the computers belong to hackers, the researchers say. [.

Accountability 91

Accountability Cybercrime Hacking Malware 91

Dark Reading

AUGUST 14, 2023

Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.

Small Business 85

Small Business Government Network Security 85

Bleeping Computer

AUGUST 14, 2023

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. [.

Data breaches 98

Data breaches 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

AUGUST 14, 2023

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively exploiting a server-side template injection issue, tracked as CVE-2022-24086 , (CVSS score: 9.8), in Adobe Commerce and Magento Open Source.

Internet 85

Internet Internet Hacking Software 85

The Hacker News

AUGUST 14, 2023

A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms.

Advertising 97

Advertising 97

Bleeping Computer

AUGUST 14, 2023

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto. [.

Mobile 82

Mobile Cryptocurrency Software 82

The Hacker News

AUGUST 14, 2023

Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems.

Malware 81

Malware Cryptocurrency Banking 81

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

AUGUST 14, 2023

The FBI is warning of an increase in scammers pretending to be recovery companies that can help victims of cryptocurrency investment scams recover lost assets. [.

Cryptocurrency 83

Cryptocurrency Scams 83

The Hacker News

AUGUST 14, 2023

Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen.

Threat Detection 80

Threat Detection Software Risk 80

Dark Reading

AUGUST 14, 2023

Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.

95

95

The Hacker News

AUGUST 14, 2023

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory.

Cyber Attacks 77

Cyber Attacks 77

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

AUGUST 14, 2023

As the new face of Heimdal, I wanted to chat about the ‘product’ with our experts and find out why customers love us. So, I sat down with Nabil Nistar, our Head of Product Marketing, and talked about Heimdal Extended Detection & Response (XDR) solution. It’s a groundbreaking platform that’s transforming our customer’s security. A […] The post Talking Heimdal XDR with Nabil Nistar, Head of Product Marketing appeared first on Heimdal Security Blog.

Marketing 75

Marketing 75

SecureList

AUGUST 14, 2023

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains.

Phishing 74

Phishing Hacking Banking Scams 74

Heimadal Security

AUGUST 14, 2023

An ongoing spam campaign spreads Knight ransomware among users. The fake emails imitate Tripadvisor complaint messages. Knight ransomware is the revamp of the Cyclop Ransomware-as-a-Service, starting with July 2023. The Knight Ransomware Spam Campaign A researcher at Sophos detected this new spam campaign that spreads Knight ransomware using fake Tripadvisor complaints.

Ransomware 74

Ransomware Cybersecurity 74

Dark Reading

AUGUST 14, 2023

State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.

76

76

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.