Schneier on Security

SEPTEMBER 26, 2023

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

Encryption 313

Encryption 313

Tech Republic Security

SEPTEMBER 26, 2023

The Australian government’s new national cyber security strategy might have the inadvertent effect of making security efforts even more difficult for businesses by intensifying the current skills shortage.

Cybersecurity 144

Cybersecurity 144

Bleeping Computer

SEPTEMBER 26, 2023

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. [.

Phishing 133

Phishing 133

Tech Republic Security

SEPTEMBER 26, 2023

Help protect your employees and customers from identity theft. This policy from TechRepublic Premium outlines precautions for reducing risk, signs to watch out for and steps to take if you suspect identity theft has occurred. While such misfortune may not be 100% preventable for everyone who follows these guidelines (since identity theft can still occur.

Identity Theft 140

Identity Theft Risk 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

SEPTEMBER 26, 2023

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. [.

138

138

Tech Republic Security

SEPTEMBER 26, 2023

Which VPN is better, ProtonVPN or AtlasVPN? Read our in-depth comparison to decide which one fits you in terms of pricing, key features and more.

VPN 157

VPN Software Network Security 157

Tech Republic Security

SEPTEMBER 26, 2023

Malware is an insidious infection that will steal productivity from your enterprise and potentially wreak havoc on your network. To prevent and counteract malware, it’s important to know the terminology surrounding it. This list of terms from TechRepublic Premium will help you grasp the vocabulary that describes malware and the technology that spawns it.

Malware 129

Malware Technology 129

The Last Watchdog

SEPTEMBER 26, 2023

Washington, DC, Sept.26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. The goal is to help avoid oversights, misunderstandings, or vague legislation that could invite abuses of power and short-sighted legislation of helpful technology.

VPN 100

VPN Internet Internet Technology 100

The Hacker News

SEPTEMBER 26, 2023

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step.

Passwords 118

Passwords 118

Dark Reading

SEPTEMBER 26, 2023

A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.

Malware 129

Malware 129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

SEPTEMBER 26, 2023

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system.

116

116

We Live Security

SEPTEMBER 26, 2023

Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

Software 126

Software 126

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations.

Malware 116

Malware Banking Phishing Engineering 116

Security Boulevard

SEPTEMBER 26, 2023

A sophisticated Android banking trojan that was first seen last year targeting banking apps in several European countries has made its way across the Atlantic Ocean, looking to steal credentials and money from customers of such U.S. financial institutions as Chase, Bank of America, American Express, and USAA. In all, the Xenomorph malware is zeroing.

Banking 109

Banking Malware Mobile Cybersecurity 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

SEPTEMBER 26, 2023

Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company and added the company to its Tor leak site. “We are currently investigating the situation, and we have no further comment at this time.

Hacking 116

Hacking Data breaches Ransomware Scams 116

PCI perspectives

SEPTEMBER 26, 2023

Do not pass up the chance to collaborate and gain knowledge on the latest developments in payment security at the upcoming PCI SSC Community Meetings. These events feature presentations from some of the sharpest minds in payment security. Below Peggy Nolan , PCIP, CISA, CEO, Payment Card Assessments provides a preview of her presentation on Speaking the Same Language as Your Assessor.

111

111

Security Affairs

SEPTEMBER 26, 2023

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat. Below is the message published on Twitter by the official X account of Kuwait’s Ministry of Finance.

Ransomware 116

Ransomware Government Hacking Cyber Attacks 116

Bleeping Computer

SEPTEMBER 26, 2023

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. [.

Encryption 116

Encryption Ransomware 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

SEPTEMBER 26, 2023

Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a joint technical report.

Cybercrime 103

Cybercrime Ransomware Cybersecurity 103

Bleeping Computer

SEPTEMBER 26, 2023

Security researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families in attacks over the past year. [.

Ransomware 107

Ransomware 107

Security Affairs

SEPTEMBER 26, 2023

Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle. In an age where data drives decisions and fuels innovation, understanding the journey of data from its inception to its final destination is paramount. Data lineage provides this understanding. Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle, and it offers a host of benefits in solving critical data management challenges.

Encryption 107

Encryption Data privacy Data breaches Hacking 107

Bleeping Computer

SEPTEMBER 26, 2023

Microsoft has released the Windows 11 22H2 'Moment 4' update, bringing 150 new features, including new AI-powered versions of Paint, ClipChamp, Snipping tool, and the new Microsoft Copilot. [.

107

107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

SEPTEMBER 26, 2023

Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.

Ransomware 102

Ransomware 102

Bleeping Computer

SEPTEMBER 26, 2023

Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums. [.

Hacking 105

Hacking 105

The Hacker News

SEPTEMBER 26, 2023

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

SEPTEMBER 26, 2023

After almost three years, Microsoft has finally added the 'Never combine taskbar button' back to Windows, and it still doesn't work correctly.

110

110

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

SEPTEMBER 26, 2023

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors.

Banking 98

Banking Phishing 98

Bleeping Computer

SEPTEMBER 26, 2023

Microsoft has started rolling out the next major version of its operating system, Windows 11 23H2, to Insiders enrolled in the Release Preview Channel for enterprise testing before the general release later this year. [.

101

101

SecureWorld News

SEPTEMBER 26, 2023

In the midst of the global surge in cybersecurity incidents, the MOVEit vulnerability has impacted thousands of organizations worldwide, exposing persistent vulnerabilities. From global energy giant Shell to the New York City Department of Education to the Oregon DMV , it appears that not many organizations are safe from this breach. Now, another victim has emerged.

Education 99

Education Cybersecurity Cyber threats Software 99

Bleeping Computer

SEPTEMBER 26, 2023

Today's Windows 11 update includes several security improvements, including a new passkeys management dashboard designed to help users go passwordless more easily and tools to reduce the attack surface. [.

99

99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.