Fri.Apr 14, 2023

article thumbnail

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry

Mobile 322
article thumbnail

Gaining an Advantage in Roulette

Schneier on Security

You can beat the game without a computer : On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin.

Software 282
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

For cybercriminal mischief, it’s dark web vs deep web

Tech Republic Security

A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials. The post For cybercriminal mischief, it’s dark web vs deep web appeared first on TechRepublic.

Malware 217
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT. I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Google Chrome emergency update fixes first zero-day of 2023

Bleeping Computer

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. [.

143
143
article thumbnail

Hacking Suicide

Schneier on Security

Here’s a religious hack : You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved. This was actually a problem in the 17th and 18th centuries in Northern Europe, particularly Denmark.

Hacking 199

LifeWorks

More Trending

article thumbnail

Western Digital Redux: My Cloud Alive Again, Ransom is $10M+

Security Boulevard

Your Cloud — But For How Long? WD’s My Cloud service is finally back online, but ransomware scrotes demand “eight figures.” The post Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ appeared first on Security Boulevard.

article thumbnail

EU privacy regulators to create taskforce to investigate ChatGPT

CSO Magazine

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR). Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

article thumbnail

Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

eSecurity Planet

A massive cyber attack targeting drive maker Western Digital Corp. (WDC) could potentially have serious and long-term implications. One of the hackers apparently disclosed the extent of the cyber attack to TechCrunch this week. Hackers accessed a range of company assets and stole about 10 terabytes of data, but the disclosure with the greatest potential for damage is that the hackers claim to have the ability to impersonate WDC code-signing certificates.

article thumbnail

As Tax Day approaches, Microsoft warns accounting firms of targeted attacks

Graham Cluley

Accountants are being warned to be on their guard from hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Permiso Discovers Smishing Attack to Steal AWS Credentials

Security Boulevard

Permiso, a provider of a platform for correlating IT events to identities, today disclosed the discovery of an attack through which cybercriminals are employing text messages to steal credentials that enable them to access Amazon Web Services (AWS) infrastructure. Nathan Eades, a threat researcher for Permiso, said cybercriminals are leveraging Simple Notification Service (SNS) to.

article thumbnail

Safety first: 5 cybersecurity tips for freelance bloggers

We Live Security

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

article thumbnail

Stolen ChatGPT premium accounts up for sale on the dark web

CSO Magazine

There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

article thumbnail

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

5 Best Bot Protection Solutions and Software for 2023

eSecurity Planet

Malicious bots can be used to carry out a range of cyber threats like account takeovers and DDoS attacks, so bot protection is an increasingly important defense for web-facing assets. The main purpose of bot protection is to ensure the security and integrity of online systems as well as to prevent unfair or harmful activities such as spamming, click fraud, scraping, and credential stuffing.

Software 110
article thumbnail

Attackers Use QuickBooks to Launch ‘BEC 3.0’ Campaign

Security Boulevard

QuickBooks is in the crosshairs of bad actors. Attackers are creating free accounts in QuickBooks, which they then use to pilfer money and data from users in what are being called business email compromise (BEC) 3.0 campaigns. The miscreants send invoices from legitimate accounts, according to researchers at Avanan, then rake up cash and credentials.

article thumbnail

Security Is a Revenue Booster, Not a Cost Center

Dark Reading

Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.

CISO 106
article thumbnail

Black Duck SCA vs. Black Duck Audit Services

Security Boulevard

With a surplus of software security testing solutions on the market, identifying the right SCA solution has never been more important. The post Black Duck SCA vs. Black Duck Audit Services appeared first on Security Boulevard.

Marketing 105
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice

The Hacker News

In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience.

article thumbnail

Elevate Your Cybersecurity: Unleashing the Power of Top Frameworks to Safeguard Your Digital Assets

Security Boulevard

Protecting your digital assets has become a top priority due to society’s growing reliance on technology. Protecting sensitive data, preventing data breaches, and preserving the privacy and integrity of digital assets all depend on cybersecurity. Organizations and people must both develop solid frameworks that offer a complete approach to cybersecurity if they are to effectively […] The post Elevate Your Cybersecurity: Unleashing the Power of Top Frameworks to Safeguard Your Digital Assets appea

article thumbnail

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

The Hacker News

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.

article thumbnail

PCI DSS reporting details to ensure when contracting quarterly CDE tests

CyberSecurity Insiders

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Mandiant’s new solution allows exposure hunting for a proactive defense

CSO Magazine

Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” said Michael Armistead, director of outbound product management at Google Cloud Security.

article thumbnail

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

The Hacker News

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine.

article thumbnail

Hunting down BlackLotus – Week in security with Tony Anscombe

We Live Security

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers The post Hunting down BlackLotus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

100
100
article thumbnail

Vice Society ransomware uses new PowerShell data theft tool in attacks

Bleeping Computer

The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks. [.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Is AI being used for virtual kidnapping scams?

Malwarebytes

You may have seen a worrying report of Artificial Intelligence (AI) being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident's daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunately, with the daughter out of sight this just made the scam seem more believable.

Scams 98
article thumbnail

Kodi discloses data breach after its forum was compromised

Security Affairs

Open-source media player software provider Kodi discloses a data breach after threat actors stole its MyBB forum database. Kodi has disclosed a data breach, threat actors have stolen the company’s MyBB forum database that contained data for over 400K users and private messages. The threat actors also attempted to sell the stolen data on the BreachForums cybercrime forum that was recently shut down by law enforcement. “In the last 24 hours we became aware of a dump of the Kodi user f

article thumbnail

Cryptocurrency Phishing Threats Luring New Victims 

Security Boulevard

Cryptocurrency-related phishing attacks are on the rise, with a report from Kaspersky recording an increase of 40% in 2022 compared to the previous year. This was among the many findings in the company’s financial threats report, which detailed a growing array of new coins, NFT and other DeFi projects that scammers are using to continuously dupe.

article thumbnail

Google fixed the first Chrome zero-day of 2023

Security Affairs

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!