Sun.May 21, 2023

article thumbnail

North Dakota CISO Shares Cyber Plans and Priorities

Lohrman on Security

What is happening regarding cybersecurity operations, new developments and the future vision in the state of North Dakota? State CISO Michael Gregg shares his perspectives.

CISO 139
article thumbnail

Android phones are vulnerable to fingerprint brute-force attacks

Bleeping Computer

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. [.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber Attack on European Space Agency to compromise satellite imaging data

CyberSecurity Insiders

Several ethical hackers recently accepted a challenge posed by the European Space Agency (ESA) to assess the resilience of satellite infrastructure by attempting to infiltrate servers and compromise satellite imaging sensors and data. Fortunately, this hacking exercise was conducted solely for the purpose of evaluating the satellites’ operational security, and we can assume that no sensitive data fell into the wrong hands, thus averting potential risks to millions of lives.

article thumbnail

Microsoft Edge is getting 'Edge for Gamers' mode

Bleeping Computer

Microsoft is doubling its efforts to court the gaming community with a new feature, "Edge for Gamers" mode, which promises to elevate the user experience inside and outside gaming sessions. [.

Software 122
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

The Hacker News

A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.

Passwords 113
article thumbnail

Google will delete accounts inactive for more than 2 years

Bleeping Computer

Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years. [.

More Trending

article thumbnail

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

The Hacker News

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice.

Software 100
article thumbnail

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney. In early May, researchers at eSentire Threat Response Unit (TRU) spotted an ongoing BatLoader campaign using Google Search Ads to redirect victims to imposter web pages for AI-based services like ChatGPT and Midjourney.

article thumbnail

Dark Web 101: How To Access The Dark Web

SecureBlitz

Today, we will show you what the dark web is all about. Also, we will reveal how you can access the dark web and the precautions to apply. The term “dark web” often evokes a sense of mystery and intrigue. It represents a hidden realm within the vast expanse of the internet, shrouded in anonymity […] The post Dark Web 101: How To Access The Dark Web appeared first on SecureBlitz Cybersecurity.

article thumbnail

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks

Security Affairs

The Python Package Index (PyPI) maintainers have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers of Python Package Index (PyPI), the Python software repository, have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers opted to disable the above functionalities because they have observed a spike in the creation of malicious users and projects on the index in the past week. “New user a

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Update now: 9 vulnerabilities impact Cisco Small Business Series

Malwarebytes

Vulnerabilities have been found and fixed in the web-based user interface of various Cisco products in the Small Business Series. These nine issues are tied to the web-based user interface of the products, and in a worst case scenario could lead to denial of service (DoS) conditions or arbitrary code execution. Affected products The vulnerabilities affect all of the below if running vulnerable firmware: 250 Series Smart Switches 350 Series Managed Switches 350X Series Stackable Managed Switches

article thumbnail

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. We are in the final ! Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nom

article thumbnail

Exploring Cybersecurity Research Topics for Master’s Degree Studies

CyberSecurity Insiders

As the field of cybersecurity continues to evolve and expand, pursuing a Master’s degree in this discipline offers an opportunity to delve into cutting-edge research and contribute to the advancement of knowledge in this critical area. Whether you’re passionate about securing networks, protecting data, or investigating cyber threats, choosing the right research topic is crucial for a successful and impactful Master’s journey.

article thumbnail

The Real Risks in Google’s New.Zip and.Mov Domains

WIRED Threat Level

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

Risk 93
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

A week in security (May 15-21)

Malwarebytes

Last week on Malwarebytes Labs: Why we should be more open about ransomware attacks Windows 11 is showing its first signs of Rust Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs 3 reasons to use a VPN PharMerica breach impacts almost 6 million people Leaked Babuk ransomware builder code lives on as RA Group KeePass vulnerability allows attackers to access the master password Child safety app riddled with vulnerabilities: Update now!

VPN 80
article thumbnail

BSidesSF 2023 – Abhinav SP – Making of the BSides SF Astronaut Badge

Security Boulevard

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Abhinav SP – Making of the BSides SF Astronaut Badge appeared first on Security Boulevard.

article thumbnail

Webinar recap: EDR vs MDR for business success

Malwarebytes

Did you miss our recent webinar on EDR vs. MDR? Don't worry, we've got you covered! In this blog post, we'll be recapping the highlights and key takeaways from the webinar hosted by Marcin Kleczynski, CEO and co-founder of Malwarebytes, and featuring guest speaker Joseph Blankenship, Vice President and research director at Forrester. Introducing EDR and MDR : The webinar began with an overview of EDR and MDR.

article thumbnail

The Threat Landscape: Emerging Viruses and Malware to Watch Out For in 2023

Quick Heal Antivirus

We’re Midway into 2023, and the threat landscape is evolving with new variants of viruses and malware that. The post The Threat Landscape: Emerging Viruses and Malware to Watch Out For in 2023 appeared first on Quick Heal Blog.

Malware 64
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

Security Boulevard

In this episode, we explore the arrival of passwordless Google accounts that use “passkeys,” which offer enhanced usability and security. We discuss the benefits of passkeys over traditional passwords, but also why passkeys are not quite ready for prime time use. Next, we discuss Google Domains’ introduction of new top-level domains (TLDs) like.zip and […] The post Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma appeared first on Shared Security Podcast.

article thumbnail

Crawlector v2.2 releases: threat hunting framework

Penetration Testing

Crawlector Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat hunting framework designed for scanning websites for malicious objects. Note-1: The framework was first presented at the No Hat conference in Bergamo, Italy on... The post Crawlector v2.2 releases: threat hunting framework appeared first on Penetration Testing.

article thumbnail

Azure DevOps integration

Security Boulevard

GuardRails customers on Azure DevOps can now benefit from the platform's secure code review and automated remediation actions. The post Azure DevOps integration appeared first on GuardRails. The post Azure DevOps integration appeared first on Security Boulevard.

57
article thumbnail

ChatGPT: Cybersecurity friend or foe?

Malwarebytes

If you haven’t heard about ChatGPT yet, perhaps you’ve just been thawed from cryogenic slumber or returned from six months off the grid. ChatGPT—the much-hyped, artificial intelligence (AI) chatbot that provides human-like responses from an enormous knowledge base—has been embraced practically everywhere, from private sector businesses to K–12 classrooms.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

LogRhythm Announces New Distributor Partnership with ABPSecurite to Serve More Customers in Singapore

Security Boulevard

SINGAPORE – May 22, 2023 – LogRhythm, the company empowering security teams to navigate the ever-changing threat landscape with confidence, today announced their partnership with ABPSecurite, a leading cyber security and network performance Value-Added Distributor (VAD). With this partnership, ABPSecurite… The post LogRhythm Announces New Distributor Partnership with ABPSecurite to Serve More Customers in Singapore appeared first on LogRhythm.

52
article thumbnail

Weekly Update 348

Troy Hunt

I feel like the.zip TLD debate is one of those cases where it's very easy for the purest security view to overwhelm the practical human reality. I'm yet to see a single good argument that is likely to have real world consequences as far as phishing goes and whilst I understand the sentiment surrounding the confusion new TLDs with common file types, all "the sky is falling" commentary I've seen is speculative at best.

article thumbnail

Google TLDs: some security controversy

Security Boulevard

I’ve been seeing a certain amount of panic about Google’s inclusion of.zip and.mov in its recent launch of eight new Top Level domains (TLDs). While I don’t think adding to the list of TLDs that can be confused with filename extensions, I think the risks may have been overstated by some companies with […] The post Google TLDs: some security controversy appeared first on Security Boulevard.

Risk 52