Schneier on Security

JULY 17, 2023

Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner phone” they had tied to the killings. (In court, prosecutors later said the burner phone was identified via an email account used to “solicit and arrange for sexual activity.” The victims had all been Craigslist escorts, according to officials.

Accountability 218

Accountability 218

Tech Republic Security

JULY 17, 2023

Snapshots are an effective way to improve the security of your data. Learn about different ways to use them to enhance your data security.

137

137

Security Boulevard

JULY 17, 2023

MX Mixup: Russian-allied government can intercept “highly sensitive information”—because there’s no “I” in.ML The post OPSEC FAIL: US Military Email Going to Mali — via Typo appeared first on Security Boulevard.

Government 98

Government Social Engineering CISO Security Awareness 98

Security Affairs

JULY 17, 2023

Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the comp

Authentication 95

Authentication Hacking Cybersecurity Information Security 95

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JULY 17, 2023

The star of the moment is Large Language Models (aka LLMs), the foundational model that powers ChatGPT. There are plenty of documented examples of truly impressive feats built on this technology: writing reports or outputting code in seconds. At its core, LLMs basically ingest A LOT of text (e.g., think Internet) as a corpus of training data and rely on human feedback in a type of supervised training called reinforcement learning.

Technology 98

Technology Cybersecurity Internet Internet 98

Bleeping Computer

JULY 17, 2023

Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. [.

95

95

The Hacker News

JULY 17, 2023

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said.

Malware 92

Malware Phishing 92

Security Boulevard

JULY 17, 2023

AppOmni is proud to be part of the inaugural Redpoint Ventures InfraRed 100 representing the fastest-growing private cloud infrastructure software businesses. The post Redpoint Ventures Announces InfraRed 100 appeared first on AppOmni. The post Redpoint Ventures Announces InfraRed 100 appeared first on Security Boulevard.

Software 98

Software 98

Bleeping Computer

JULY 17, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments. [.

Cybersecurity 90

Cybersecurity 90

Security Boulevard

JULY 17, 2023

The post 7 remote work cyber security rules every business should follow appeared first on Click Armor. The post 7 remote work cyber security rules every business should follow appeared first on Security Boulevard.

Security Awareness 98

Security Awareness CISO Risk 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JULY 17, 2023

The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data—be it email addresses, credit card numbers, or even medical records. There are the users—unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into a company, platform, or service to keep their information safe.

Hacking 90

Hacking Mobile Surveillance Data breaches 90

Security Boulevard

JULY 17, 2023

AI-enabled zero-trust solutions can help address the rising threat of mobile malware. The post Addressing the Mobile Malware Threat With Zero-Trust appeared first on Security Boulevard.

Mobile 98

Mobile Malware Phishing Cybersecurity 98

Security Affairs

JULY 17, 2023

The admins of the darkweb Genesis Market announced the sale of their platform to a threat actor that will restart operations next month. In April, the FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. Genesis Market was an invite-only marketplace, but it was not complex to find invite codes online.

Marketing 86

Marketing Accountability Cybercrime Passwords 86

Security Boulevard

JULY 17, 2023

Microsoft is getting ready to muscle its way into the burgeoning security service edge (SSE) space, but it may have some catching up to do. The post Microsoft Pushes for a Seat at the SSE Table appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Network Security 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

JULY 17, 2023

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week.

Banking 89

Banking Mobile Technology 89

Security Boulevard

JULY 17, 2023

Red Menshen is an APT group that is rapidly evolving its BPFDoor backdoor malware that targets systems running Linux or Solaris. The post APT Group Red Menshen is Rapidly Evolving its BPFDoor Malware appeared first on Security Boulevard.

Malware 98

Malware Cybersecurity 98

Dark Reading

JULY 17, 2023

July's updates contained 100+ patches and security policy notes, leaving vulnerability management teams stressed and scrambling to prioritize. We're here to help find some zen.

87

87

Security Boulevard

JULY 17, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Evgeni Saber – Advanced Enterprise Vulnerability appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

JULY 17, 2023

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.

Authentication 88

Authentication 88

Security Boulevard

JULY 17, 2023

A fledgling security category referred to as Cloud-Native Application Protection Platforms ( CNAPP ) is starting to reshape the cybersecurity landscape. Related: Computing workloads return on-prem CNAPP solutions assemble a varied mix of security tools and best practices and focuses … (more…) The post Steps Forward: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?

Cybersecurity 97

Cybersecurity Security Awareness 97

Bleeping Computer

JULY 17, 2023

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. [.

Ransomware 87

Ransomware 87

Security Boulevard

JULY 17, 2023

For an early stage company, the focus often lies in attracting users and expanding the customer base. Land and expand. During this phase, account sharing may not be perceived as a significant problem. However, as the business matures and revenue optimization becomes the primary focus, the detection and management of The post How to Prevent Account Sharing Like Netflix appeared first on Security Boulevard.

Accountability 97

Accountability 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

JULY 17, 2023

Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023, That's according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world.

Cyber Attacks 86

Cyber Attacks Malware 86

Security Boulevard

JULY 17, 2023

There is no workaround or patch for a high-severity vulnerability—and none will be forthcoming—in Cisco’s Nexus 9000 series switches. The post Cisco Nexus 9000 Users Must Disable Encryption to Dodge Vuln appeared first on Security Boulevard.

Encryption 96

Encryption Cybersecurity Network Security 96

SecureWorld News

JULY 17, 2023

Enforcement of the California Privacy Rights Act (CPRA)—a stiffening of the existing privacy laws under the California Consumer Privacy Act (CCPA)—has been delayed until March 29, 2024. A California judge made the decision just as the original July 1, 2023, deadline was to hit. " While this delay may be welcome news for businesses subject to the California Consumer Privacy Act ( #CCPA ), it is no reason to delay privacy compliance initiatives as a slew of other states have laws set to take effec

CSO 85

CSO 85

Security Boulevard

JULY 17, 2023

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink The post Randall Munroe’s XKCD ‘Fireflies’ appeared first on Security Boulevard.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

JULY 17, 2023

The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business?

84

84

Security Boulevard

JULY 17, 2023

By streamlining application security for the enterprise, Polaris is redefining secure development. The post The Polaris platform is redefining secure development appeared first on Security Boulevard.

Risk 94

Risk 94

Malwarebytes

JULY 17, 2023

Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an open source webmail application used for messaging and collaboration.

Government 82

Government Ransomware Backups Media 82

Security Boulevard

JULY 17, 2023

Obtaining a mandated Federal Risk and Authorization Management Program (FedRAMP) Authorization to Operation (ATO) is increasingly important for Cloud Service Providers (CSPs) who wish to make Cloud Service Offerings (CSOs) available to federal government agencies. The FedRAMP Authorization Act codifies the security and compliance requirements for commercial CSPs as they increasingly shift away from on-prem […] The post Securing an Agency Sponsor for FedRAMP Agency-Sponsored ATO appeared first o

Government 83

Government Risk CSO 83

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.