Schneier on Security
SEPTEMBER 11, 2023
The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot continued to work silently, smashing into Williams’s head and instantly killing him.
The Last Watchdog
SEPTEMBER 11, 2023
In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
SEPTEMBER 11, 2023
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.
Security Affairs
SEPTEMBER 11, 2023
Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
SEPTEMBER 11, 2023
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts.
Security Affairs
SEPTEMBER 11, 2023
CyberNews researchers discovered that many universities worldwide are leaking sensitive information and are even open to full takeover. Many universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals. Among the 20 cases found, at least six websites belong to the top 100 universities list worldwide.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
SEPTEMBER 11, 2023
San Francisco, Calif. — Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk. Despite APIs being critical to the modern enterprise, until now, there has not been an extensive, global study offering a panoramic view of the API security landscape.
Security Affairs
SEPTEMBER 11, 2023
Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited zero-day fixed by Google in 2023.
Malwarebytes
SEPTEMBER 11, 2023
Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But Malwarebytes also found DarkGate reloaded via malvertising and SEO poisoning campaigns.
WIRED Threat Level
SEPTEMBER 11, 2023
State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 11, 2023
U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog.
Bleeping Computer
SEPTEMBER 11, 2023
A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen. [.
The Hacker News
SEPTEMBER 11, 2023
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches.
eSecurity Planet
SEPTEMBER 11, 2023
Container security is the combination of cybersecurity tools, strategies, and best practices that are used to protect container ecosystems and the applications and other components they house. Containers are unique computing environments that lend many different advantages to users, but their design can also introduce new kinds of security vulnerabilities and challenges.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
SEPTEMBER 11, 2023
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz.
Security Affairs
SEPTEMBER 11, 2023
The U.K. and U.S. governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanctioned eleven more individuals who are members of the Russia-based Trickbot cybercrime group. The sanctions were provided by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
The Hacker News
SEPTEMBER 11, 2023
A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after MacStealer, Pureland, Atomic Stealer, and Realst.
Malwarebytes
SEPTEMBER 11, 2023
A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi. At this point I’d link to the post on the company website explaining what’s occurred but at time of writing, the site tends to not load properly which is probably due to heavy traffic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
SEPTEMBER 11, 2023
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said.
Malwarebytes
SEPTEMBER 11, 2023
Google has released an update for Chrome Desktop which includes one critical security fix. There is an active exploit for the patched vulnerability, according to Google, which means cybercriminals are aware of the vulnerability and are using it. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your atte
Dark Reading
SEPTEMBER 11, 2023
Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users.
Malwarebytes
SEPTEMBER 11, 2023
The Cybersecurity & Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by October 2, 2023 in order to protect their devices against active threats.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
SEPTEMBER 11, 2023
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.
Malwarebytes
SEPTEMBER 11, 2023
This week on the Lock and Code podcast. In 2022, Malwarebytes investigated the blurry, shifting idea of “identity” on the internet , and how online identities are not only shaped by the people behind them, but also inherited by the internet’s youngest users, children. Children have always inherited some of their identities from their parents—consider that two of the largest indicators for political and religious affiliation in the US are, no surprise, the political and re
Dark Reading
SEPTEMBER 11, 2023
Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.
SecureWorld News
SEPTEMBER 11, 2023
In a significant collaborative effort, the United States and the United Kingdom have jointly imposed sanctions on 11 individuals associated with the notorious Russia-based Trickbot cybercrime group. The sanctions target key figures within the Trickbot gang who have materially contributed to its malicious activities, according to the US Department of Treasury.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 11, 2023
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.
Heimadal Security
SEPTEMBER 11, 2023
Chief Information Security Officers (CISOs) bear the responsibility of safeguarding their organizations against an ever-evolving array of cyber threats. Among a myriad of other challenges, Privileged Access Management (PAM) emerges as a pivotal domain. However, implementing PAM solutions involves navigating multifaceted risks and intricacies that demand the unwavering attention of these senior security executives.
Dark Reading
SEPTEMBER 11, 2023
Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.
Heimadal Security
SEPTEMBER 11, 2023
Secured authentication to databases and systems is essential to enterprise cybersecurity management. According to the 2023 Data Breach Investigations Report, 82% of all breaches stem from human error, often due to mishandled or compromised login details that allow malicious entities unauthorized access to network resources. Fortunately, there’s an approach that guarantees security without the vulnerabilities […] The post What Is Token-Based Authentication?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
303 
Let's personalize your content