Krebs on Security

JUNE 15, 2023

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. Under a new order from the Cybersecurity and Infrastructure Security Agency (CISA), federal agencies will have 14 days to respond to any reports from CISA

Risk 206

Risk VPN Internet Internet 206

Tech Republic Security

JUNE 15, 2023

FBI, CISA and international organizations released an advisory detailing breadth and depth of LockBit, and how to defend against the most prevalent ransomware of 2022 and (so far) 2023. The post CISA advisory on LockBit: $91 million extorted from 1,700 attacks since 2020 appeared first on TechRepublic.

Ransomware 162

Ransomware Cybersecurity Network Security 162

WIRED Threat Level

JUNE 15, 2023

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Encryption 145

Encryption Government Hacking 145

Thales Cloud Protection & Licensing

JUNE 15, 2023

A Guide to Key Management as a Service madhav Thu, 06/15/2023 - 11:29 As companies adopt a cloud-first strategy and high-profile breaches hit the headlines, securing sensitive data has become a paramount business concern. The most effective way to ensure data security is through encryption and proper key management. Key Management as a Service (KMaaS) allows companies to manage encryption keys more effectively through a cloud-based solution instead of running the service on physical, on-premises

Encryption 133

Encryption Data breaches Authentication Risk 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

JUNE 15, 2023

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files The post Android GravityRAT goes after WhatsApp backups appeared first on WeLiveSecurity

Backups 135

Backups Spyware 135

Bleeping Computer

JUNE 15, 2023

A new Android malware campaign spreading the latest version of GravityRAT has been underway since August 2022, infecting mobile devices with a trojanized chat app named 'BingeChat,' which attempts to steal data from victims' devices. [.

Backups 134

Backups Malware Mobile 134

Security Boulevard

JUNE 15, 2023

A newly discovered ChatGPT-based attack technique, dubbed AI package hallucination, lets attackers publish their own malicious packages in place of an unpublished package. In this way, attackers can execute supply chain attacks through the deployment of malicious libraries to known repositories. The technique plays off of the fact that generative AI platforms like ChatGPT use.

Software 124

Software Malware Cybersecurity 124

Bleeping Computer

JUNE 15, 2023

The Clop ransomware gang has started extorting companies impacted by the MOVEit data theft attacks by listing them on a data leak site, a common extortion tactic used as a precursor for the public leaking of stolen data. [.

Ransomware 124

Ransomware 124

The Last Watchdog

JUNE 15, 2023

London, UK, June 15, 2023 – Dropblock for mobile launches today, a free, Web3 storage application offering individuals, developers, and business users a unique and completely secure mobile storage and data sharing solution. Simply download Dropblock today from the App Store or from the Google Play Store to get 5GB of secure blockchain storage for free.

Mobile 100

Mobile Artificial Intelligence Encryption Technology 100

CSO Magazine

JUNE 15, 2023

When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don't realize that using third-party APIs can expose their applications to security issues, such as malware, data breaches, and unauthorized access.

Data breaches 123

Data breaches Technology Malware Software 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Last Watchdog

JUNE 15, 2023

Cambridge, Mass., June 15, 2023. The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Secure Payment Confirmation (SPC) enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory re

Authentication 100

Authentication Technology Banking Media 100

Bleeping Computer

JUNE 15, 2023

Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile). [.

Ransomware 122

Ransomware 122

CSO Magazine

JUNE 15, 2023

The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10 th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global community of information security leaders working in public and private sector companies.

CISO 120

CISO Information Security 120

Bleeping Computer

JUNE 15, 2023

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics. [.

Security Intelligence 121

Security Intelligence Malware Hacking 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JUNE 15, 2023

Trend Micro Inc. today launched a revamped extended detection and response (XDR) platform that leverages Microsoft’s generative artificial intelligence (AI) capabilities to make it simpler for cybersecurity analysts to use a Companion conversational interface to launch queries. Lori Smith, director of product marketing for Trend Micro, said the Trend Vision One platform will be infused.

Artificial Intelligence 113

Artificial Intelligence Marketing Cybersecurity Mobile 113

Bleeping Computer

JUNE 15, 2023

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability was shared online today. [.

121

121

Security Boulevard

JUNE 15, 2023

Valence Security added a generative artificial intelligence (AI) capability to its security posture management platform for software-as-a-service (SaaS) applications via an alliance with Microsoft. The Valence platform enables cybersecurity teams to assess the cybersecurity risks attached to a wide range of SaaS platforms that many business units routinely use without any awareness of their potential.

Artificial Intelligence 109

Artificial Intelligence Cybersecurity Software Risk 109

Dark Reading

JUNE 15, 2023

A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.

134

134

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 15, 2023

We all seem to have a love/hate relationship with passwords. Over time, we have learned to live with them–even when, time and again, they show how bad they are at securing our most sensitive data. The number of data breaches increases almost daily–and in recent weeks, a leading password manager vendor, an internet hosting provider. The post Passkeys Can Make Passwords a Thing of the Past appeared first on Security Boulevard.

Passwords 109

Passwords Password Management Data breaches Internet 109

Bleeping Computer

JUNE 15, 2023

A suspected pro-China hacker group tracked by Mandiant as UNC4841 has been linked to data-theft attacks on Barracuda ESG (Email Security Gateway) appliances using a now-patched zero-day vulnerability. [.

105

105

Security Boulevard

JUNE 15, 2023

Cybersecurity budgets are on the rise despite continued economic uncertainty as CISOs and IT decision-makers (ITDMs) report increased confidence in their cybersecurity systems, especially as it relates to end-user compliance. These were among the findings of a Nupsire survey of 200 CISOs and ITDMs, which also revealed respondents are increasingly concerned with software applications and.

CISO 109

CISO Cybersecurity Software 109

CyberSecurity Insiders

JUNE 15, 2023

In today’s digital landscape, cybersecurity has become a critical concern for organizations worldwide. With the ever-evolving threat landscape, it is imperative to develop robust defense mechanisms to safeguard sensitive data and infrastructure from cyberattacks. One vital aspect of this defense strategy is Cyberthreat Analysis Training Programs. This article aims to shed light on the significance of such programs and their role in fortifying an organization’s security posture.

Cybersecurity 104

Cybersecurity Technology 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 15, 2023

Discover the key steps to evaluate the security of your Android applications with our detailed Android penetration testing checklist. The post Android App Penetration Testing Checklist with 129+ Test cases [Free Excel File] appeared first on Indusface. The post Android App Penetration Testing Checklist with 129+ Test cases [Free Excel File] appeared first on Security Boulevard.

Penetration Testing 104

Penetration Testing Mobile 104

eSecurity Planet

JUNE 15, 2023

Vulnerability management is the process of identifying, classifying, remediating, and mitigating vulnerabilities. It is a critical part of an organization’s cybersecurity program. There are many different vulnerability management frameworks, but the vulnerability management lifecycle of most organizations today typically includes five phases. We’ll examine those and then look at vulnerability management lifecycle best practices.

Cyber threats 104

Cyber threats Risk Penetration Testing Technology 104

Security Boulevard

JUNE 15, 2023

Introduction Technological advancements reshape daily life and redefine digital interactions. Among these technological swifts, Web3 Security has stood out as a game-changer. It is promising a decentralized future and revolutionizing how we create and use online platforms and apps. Web3, enabled by blockchain and decentralization, presents exciting opportunities for a user-centric, secure, and open internet. […] The post Web3 Security: Safeguarding Assets and Data Privacy appeared first on Krat

Data privacy 103

Data privacy Technology Internet Internet 103

The Hacker News

JUNE 15, 2023

An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko said in a new report published today.

Backups 97

Backups 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 15, 2023

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: Microsoft finds that the APT group that is attacking Ukraine is in cahoots with the Russian government. Also: A critical look at AI-generated software.

Software 96

Software Government Cybersecurity Risk 96

Dark Reading

JUNE 15, 2023

A new version of the infamous browser extension is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms.

103

103

The Hacker News

JUNE 15, 2023

The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi.

Malware 95

Malware Cybersecurity 95

Security Affairs

JUNE 15, 2023

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. organizations since 2020. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. The advisory was published by Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Ana

Ransomware 89

Ransomware Cybersecurity Education Government 89

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.