The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. Over the decades, it’s grown in a way that has left it with many inherent vulnerabilities. These vulnerabilities, not borne out of malice, were the result of choices made with limited information available at the time.

Internet 280

Internet Internet Technology Risk 280

Schneier on Security

SEPTEMBER 14, 2023

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org.

Malware 270

Malware Hacking Accountability Spyware 270

Tech Republic Security

SEPTEMBER 14, 2023

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware.

Malware 191

Malware Phishing Cybersecurity Software 191

Schneier on Security

SEPTEMBER 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page.

207

207

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

SEPTEMBER 14, 2023

Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code.

Cybersecurity 212

Cybersecurity 212

Dark Reading

SEPTEMBER 14, 2023

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

Ransomware 143

Ransomware 143

Dark Reading

SEPTEMBER 14, 2023

The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.

Ransomware 140

Ransomware 140

Bleeping Computer

SEPTEMBER 14, 2023

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. [.

Ransomware 130

Ransomware Encryption 130

Dark Reading

SEPTEMBER 14, 2023

Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.

Cybersecurity 126

Cybersecurity 126

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has a deb.fdmpkg[.]org subdomain.

Malware 115

Malware Hacking Cryptocurrency Passwords 115

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Dark Reading

SEPTEMBER 14, 2023

In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.

Ransomware 131

Ransomware 131

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8).

Hacking 115

Hacking Information Security 115

Dark Reading

SEPTEMBER 14, 2023

The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.

Spyware 137

Spyware Surveillance Government 137

Bleeping Computer

SEPTEMBER 14, 2023

Caesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. [.

130

130

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Dark Reading

SEPTEMBER 14, 2023

Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.

127

127

Security Affairs

SEPTEMBER 14, 2023

UK Greater Manchester Police (GMP) disclosed a data breach, threat actors had access to some of its employees’ personal information. UK Greater Manchester Police (GMP) announced that threat actors had access to the personal information of some of its employees after an unnamed third-party supplier was hit with a ransomware attack. The GMP reported that the impacted company provides its services to various UK organizations, including Greater Manchester Police.

Data breaches 110

Data breaches Ransomware Hacking Information Security 110

Dark Reading

SEPTEMBER 14, 2023

Collaboration apps are a boost to business productivity, but also a uniquely attractive target for cyberattackers.

Hacking 140

Hacking 140

The Hacker News

SEPTEMBER 14, 2023

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023.

Spyware 114

Spyware Government 114

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Dark Reading

SEPTEMBER 14, 2023

The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.

Advertising 132

Advertising 132

Security Affairs

SEPTEMBER 14, 2023

LockBit ransomware group breached two hospitals, the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York. The Lockbit ransomware group claims to have hacked two major hospitals, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of people in upstate New York. The cyberattack took place at the end of August and had a severe impact on the two hospitals in the last couple of weeks.

Ransomware 108

Ransomware Cyber Attacks Hacking Encryption 108

Dark Reading

SEPTEMBER 14, 2023

Around 900 pages were identified as using Arabic language and familiar brand names to snare users and steal their money and personal details — presenting big brand protection issues for retailers.

Retail 110

Retail Scams 110

The Hacker News

SEPTEMBER 14, 2023

A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems.

108

108

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Dark Reading

SEPTEMBER 14, 2023

It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes.

Cybersecurity 141

Cybersecurity 141

Bleeping Computer

SEPTEMBER 14, 2023

Microsoft has added text recognition support to the latest Snipping Tool build, allowing users to select and copy text from screenshots. [.

119

119

The Hacker News

SEPTEMBER 14, 2023

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.

Malware 108

Malware Passwords 108

Bleeping Computer

SEPTEMBER 14, 2023

Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file. [.

119

119

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Graham Cluley

SEPTEMBER 14, 2023

CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. Read more in my article on the Tripwire State of Security blog.

Spyware 101

Spyware Government Cybersecurity Malware 101

The Hacker News

SEPTEMBER 14, 2023

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.

106

106

Dark Reading

SEPTEMBER 14, 2023

Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC.

Cybersecurity 134

Cybersecurity 134

The Hacker News

SEPTEMBER 14, 2023

Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal.

Passwords 101

Passwords 101

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency