Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry

Mobile 322

Mobile Software Backups Technology 322

Schneier on Security

APRIL 14, 2023

You can beat the game without a computer : On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin.

Software 282

Software 282

Tech Republic Security

APRIL 14, 2023

A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials. The post For cybercriminal mischief, it’s dark web vs deep web appeared first on TechRepublic.

Malware 217

Malware Cybercrime Ransomware Cybersecurity 217

Schneier on Security

APRIL 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT. I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page.

Cybersecurity 231

Cybersecurity 231

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Bleeping Computer

APRIL 14, 2023

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. [.

143

143

Schneier on Security

APRIL 14, 2023

Here’s a religious hack : You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved. This was actually a problem in the 17th and 18th centuries in Northern Europe, particularly Denmark.

Hacking 199

Hacking 199

Security Boulevard

APRIL 14, 2023

Your Cloud — But For How Long? WD’s My Cloud service is finally back online, but ransomware scrotes demand “eight figures.” The post Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ appeared first on Security Boulevard.

Ransomware 133

Ransomware Social Engineering IoT Engineering 133

CSO Magazine

APRIL 14, 2023

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR). Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

Technology 132

Technology 132

eSecurity Planet

APRIL 14, 2023

A massive cyber attack targeting drive maker Western Digital Corp. (WDC) could potentially have serious and long-term implications. One of the hackers apparently disclosed the extent of the cyber attack to TechCrunch this week. Hackers accessed a range of company assets and stole about 10 terabytes of data, but the disclosure with the greatest potential for damage is that the hackers claim to have the ability to impersonate WDC code-signing certificates.

Cyber Attacks 128

Cyber Attacks Firmware Marketing Authentication 128

Graham Cluley

APRIL 14, 2023

Accountants are being warned to be on their guard from hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. Read more in my article on the Tripwire State of Security blog.

Accountability 122

Accountability Phishing Malware 122

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

APRIL 14, 2023

Permiso, a provider of a platform for correlating IT events to identities, today disclosed the discovery of an attack through which cybercriminals are employing text messages to steal credentials that enable them to access Amazon Web Services (AWS) infrastructure. Nathan Eades, a threat researcher for Permiso, said cybercriminals are leveraging Simple Notification Service (SNS) to.

Social Engineering 119

Social Engineering Engineering Mobile Cybersecurity 119

We Live Security

APRIL 14, 2023

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

Cybersecurity 119

Cybersecurity 119

CSO Magazine

APRIL 14, 2023

There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

Accountability 117

Accountability 117

The Hacker News

APRIL 14, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.

Cybersecurity 114

Cybersecurity 114

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

eSecurity Planet

APRIL 14, 2023

Malicious bots can be used to carry out a range of cyber threats like account takeovers and DDoS attacks, so bot protection is an increasingly important defense for web-facing assets. The main purpose of bot protection is to ensure the security and integrity of online systems as well as to prevent unfair or harmful activities such as spamming, click fraud, scraping, and credential stuffing.

Software 110

Software DDOS Accountability Firewall 110

Security Boulevard

APRIL 14, 2023

QuickBooks is in the crosshairs of bad actors. Attackers are creating free accounts in QuickBooks, which they then use to pilfer money and data from users in what are being called business email compromise (BEC) 3.0 campaigns. The miscreants send invoices from legitimate accounts, according to researchers at Avanan, then rake up cash and credentials.

Accountability 110

Accountability Social Engineering Engineering Phishing 110

Dark Reading

APRIL 14, 2023

Focusing on what customers and partners need from a company can help CISOs show the real financial benefits of improving cybersecurity.

CISO 106

CISO Cybersecurity 106

Security Boulevard

APRIL 14, 2023

With a surplus of software security testing solutions on the market, identifying the right SCA solution has never been more important. The post Black Duck SCA vs. Black Duck Audit Services appeared first on Security Boulevard.

Marketing 105

Marketing Software Risk 105

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

APRIL 14, 2023

In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience.

Technology 103

Technology Cybersecurity 103

Security Boulevard

APRIL 14, 2023

Protecting your digital assets has become a top priority due to society’s growing reliance on technology. Protecting sensitive data, preventing data breaches, and preserving the privacy and integrity of digital assets all depend on cybersecurity. Organizations and people must both develop solid frameworks that offer a complete approach to cybersecurity if they are to effectively […] The post Elevate Your Cybersecurity: Unleashing the Power of Top Frameworks to Safeguard Your Digital Assets appea

Cybersecurity 104

Cybersecurity Data breaches Technology 104

The Hacker News

APRIL 14, 2023

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.

Data breaches 103

Data breaches Cybercrime Media Accountability 103

CyberSecurity Insiders

APRIL 14, 2023

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

Penetration Testing 102

Penetration Testing DNS Passwords Accountability 102

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

CSO Magazine

APRIL 14, 2023

Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities. “Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” said Michael Armistead, director of outbound product management at Google Cloud Security.

Cybersecurity 101

Cybersecurity 101

The Hacker News

APRIL 14, 2023

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine.

Engineering 101

Engineering 101

We Live Security

APRIL 14, 2023

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers The post Hunting down BlackLotus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

100

100

Bleeping Computer

APRIL 14, 2023

The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks. [.

Ransomware 100

Ransomware 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

APRIL 14, 2023

You may have seen a worrying report of Artificial Intelligence (AI) being used in a virtual kidnapping scam. The AI was supposedly used to imitate the voice of an Arizona resident's daughter, who claimed to have been kidnapped. The daughter was safe and well elsewhere on a school trip. Unfortunately, with the daughter out of sight this just made the scam seem more believable.

Scams 98

Scams Artificial Intelligence Social Engineering Banking 98

Security Affairs

APRIL 14, 2023

Open-source media player software provider Kodi discloses a data breach after threat actors stole its MyBB forum database. Kodi has disclosed a data breach, threat actors have stolen the company’s MyBB forum database that contained data for over 400K users and private messages. The threat actors also attempted to sell the stolen data on the BreachForums cybercrime forum that was recently shut down by law enforcement. “In the last 24 hours we became aware of a dump of the Kodi user f

Data breaches 98

Data breaches Backups Passwords Accountability 98

Security Boulevard

APRIL 14, 2023

Cryptocurrency-related phishing attacks are on the rise, with a report from Kaspersky recording an increase of 40% in 2022 compared to the previous year. This was among the many findings in the company’s financial threats report, which detailed a growing array of new coins, NFT and other DeFi projects that scammers are using to continuously dupe.

Cryptocurrency 98

Cryptocurrency Phishing Threat Reports Social Engineering 98

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

Education 98

Education Media Engineering Hacking 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!