Krebs on Security
AUGUST 4, 2023
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.
The Last Watchdog
AUGUST 4, 2023
The rise of the remote workforce, post Covid-19, did nothing to make the already difficult task of doing Identity and Access Management ( IAM ) any easier for CISOs. With Black Hat USA 2023 ramping up in Las Vegas next week, cybersecurity startup Trustle is championing a new product category—Identity Threat Detection & Response ( ITDR )—which aims to enhance the capabilities of legacy IAM solutions.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 4, 2023
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization.
Bleeping Computer
AUGUST 4, 2023
Microsoft fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data after being called "grossly irresponsible" by Tenable's CEO. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
AUGUST 4, 2023
On August 3, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a call to action addressing the challenges we face securing UEFI and responding to incidents where attackers have leveraged weaknesses in UEFI implementations. The article “A Call to Action: Bolster UEFI Cybersecurity Now” underscores the importance of securing the UEFI ecosystem.
eSecurity Planet
AUGUST 4, 2023
As cloud computing evolves, so has cloud security, and buyers in the market for cloud security solutions may find themselves facing a dizzying array of acronyms, like CNAPP, CWPP, CSPM, and CIEM. We’ll examine each of those cloud security technologies — along with CASB too — and their uses, and direct you to some of the top cloud security solutions.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
AUGUST 4, 2023
Even a robust IT or security department will find certain tasks or projects beyond their capabilities. In smaller companies, the issues become even more profound. But ignoring issues that you lack the time or expertise for can risk operational failure or security incidents. Most organizations seek to eliminate these risks by outsourcing specific projects or even their full IT or cybersecurity needs.
Security Boulevard
AUGUST 4, 2023
Now in its 27th year, the Black Hat USA conference has grown into one of the biggest and most prestigious cybersecurity shows in the world — a showcase for top security experts and companies. The post 8 Black Hat sessions you don’t want to miss appeared first on Security Boulevard.
Bleeping Computer
AUGUST 4, 2023
The Google Cloud security team acknowledged a common tactic known as versioning used by malicious actors to slip malware on Android devices after evading the Google Play Store's review process and security controls. [.
Security Boulevard
AUGUST 4, 2023
Organizations need to go beyond traditional security measures to effectively protect their valuable assets and maintain a strong security posture. They must harness the power of actionable threat intelligence, which provides timely and relevant insights that can drive proactive risk reduction strategies. Actionable threat intelligence empowers organizations to not only understand the threat landscape but […] The post Actionable Threat Intelligence: Generating Risk Reduction from CTI appeared fi
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 4, 2023
A cyberattack has disrupted the computer systems of multiple hospitals in several states, with a severe impact on their operations. Some emergency rooms in multiple hospitals in several states were forced to close and ambulances were diverted due to a cyberattack against their networks. The cyberattack hit hospitals operated by Prospect Medical Holdings, which are located in multiple states, including California, Texas, Connecticut, Rhode Island, and Pennsylvania.
Security Boulevard
AUGUST 4, 2023
Balbix enables organizations to automate CIS Benchmarks to streamline compliance reporting and reduce their attack surface, achieving stronger security posture. Security teams and CISOs leverage CIS benchmarks for best practices and configuration recommendations to ensure they proactively harden their environments. Compliance with CIS benchmarks is also necessary for meeting internal policy and audit requirements and … Read More The post Product Announcement: Automate CIS Benchmarks appeared fi
Security Affairs
AUGUST 4, 2023
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors are using a technique called versioning to evade malware detection implemented to detect malicious code uploaded to the Google Play Store. The technique is not new but continues to be effective, multiple malware such as the banking Trojan SharkBot used it to bypass checks implemented by Go
Security Boulevard
AUGUST 4, 2023
Visibility into the data stored within your cloud ecosystem is vital for cloud data security … The post Smart-Advertising Company Gains Visibility into Cloud Data appeared first on Laminar. The post Smart-Advertising Company Gains Visibility into Cloud Data appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 4, 2023
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers. [.
Security Affairs
AUGUST 4, 2023
A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. The hackers stole 120,000 Bitcoin and the theft had serious repercussions on the Bitcoin value that significantly dropped after the discovery of the breach, a 20 percent decrease following the hack.
Bleeping Computer
AUGUST 4, 2023
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose. [.
Malwarebytes
AUGUST 4, 2023
Attackers believed to have ties to Russia's Foreign Intelligence Service (SVR) are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted organizations are mostly found among government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
AUGUST 4, 2023
Cybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as CVE-2023-39143 (CVSS score: 8.4), the flaw impacts PaperCut NG/MF prior to version 22.1.3. It has been described as a combination of a path traversal and file upload vulnerability.
Malwarebytes
AUGUST 4, 2023
The EU is going toe to toe with Meta once more, with the social network giant conceding defeat yet again. After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. The threat of fines totalling $100,000 a day probably helped things along a little bit.
Security Affairs
AUGUST 4, 2023
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information.
Graham Cluley
AUGUST 4, 2023
Newly-released research reveals the eye-watering costs that the manufacturing sector has suffered in recent years at the hands of ransomware. Read more in my article on the Tripwire State of Security blog.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
AUGUST 4, 2023
The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing five billion robocalls to more than 500 million phone numbers over three months in 2021. [.
The Hacker News
AUGUST 4, 2023
A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about 120,000 bitcoin.
Bleeping Computer
AUGUST 4, 2023
A malicious package that mimics the VMware vSphere connector module 'vConnector' was uploaded on the Python Package Index (PyPI) under the name 'VMConnect,' targeting IT professionals. [.
Dark Reading
AUGUST 4, 2023
Tailor your business project proposal to suit the language your company's CISO speaks, be it business, technical, or compliance. Do your research first and gather support from around the company.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
AUGUST 4, 2023
Microsoft has officially begun killing off Cortana as the company moves its focus towards integrating ChatGPT and AI into Windows 11. [.
Heimadal Security
AUGUST 4, 2023
Exploit kits (Eks) are collections of exploits – pieces of code or sequences of commands – created to leverage vulnerabilities in software and attack a system. Their goal is to deploy malware onto the victim`s system. These toolkits are usually spread through malicious or compromised sites and malvertising. Exploit kits rather focus on vulnerabilities of […] The post Patch Against Exploit Kits.
Bleeping Computer
AUGUST 4, 2023
The FBI warned today of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. [.
Dark Reading
AUGUST 4, 2023
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
201 
Let's personalize your content