Thu.Jul 27, 2023

article thumbnail

News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

The Last Watchdog

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246
article thumbnail

Fooling an AI Article Writer

Schneier on Security

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News Alert: QBE North America launches new cyber insurance program with Converge

The Last Watchdog

New York, NY, July 27, 2023 – QBE North America today announced the launch of a cyber insurance program with new MGA, Converge, acting as program administrator. The program will be broken down into two separate distribution structures, each with a distinct revenue focus and cyber security data access formation. •ConvergeElements™ offers primary and excess cyber coverage through select agents and brokers for companies with up to $100 million in revenue.

article thumbnail

7 Best Cloud Security Posture Management (CSPM) Software for 2023

Tech Republic Security

What is the best CSPM tool for your business? Use our guide to review our picks for the best cloud security posture management (CSPM) tools for 2023.

Software 148
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities. In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of

Phishing 186
article thumbnail

APT trends report Q2 2023

SecureList

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 98

LifeWorks

More Trending

article thumbnail

DepositFiles exposed config file, jeopardizing user security

Security Affairs

DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles, a service boasting that it’s the “perfect place to keep your precious files in safety and share them,” does not alleviate these concern

article thumbnail

The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal

Security Boulevard

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: a North Korean APT group targets developers via GitHub. Also: This Barbie is a cybercriminal. The post The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal appeared first on Security Boulevard.

article thumbnail

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability , now tracked as CVE-2023-38750 , that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other co

Hacking 98
article thumbnail

Funding for Cybersecurity Startups Plunges – But Some Still Get Deals

eSecurity Planet

Cybersecurity startups had been pretty resilient despite the downturn in venture capital funding, but that run has ended in recent months. Venture investments in cybersecurity startups in the second quarter plunged 63% to $1.6 billion , according to data from Crunchbase. Funding was down 40% sequentially from the first quarter, and was the lowest since the fourth quarter of 2019.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Protecting Your Business Against BEC: Benefits and Implementation

GlobalSign

Let’s explore the mechanisms of BEC and how to protect your business and the innovative use of artificial intelligence (AI) to enhance security.

article thumbnail

A Fraud Risk Management Guide for Savvy Businesses

Security Boulevard

Fraud is a pervasive threat to any organization’s viability and sustainability, with fraudsters continually seeking innovative ways to deceive and steal from businesses. To protect themselves and their customers, it’s critical for businesses today to have a comprehensive fraud risk management plan that identifies, assesses, and mitigates risks associated with nefarious cyber activities.

Risk 98
article thumbnail

Cyberattack Investigation Shuts Down Ambulance Patient Records System

Heimadal Security

A cyber attack on health software company Ortivus has led to the shutdown of the ambulance patient records system, affecting several UK NHS ambulance organizations. The attack occurred on July 18 and impacted UK customer systems within Ortivus’s hosted data center environment. The South Western Ambulance Service Trust and South Central Ambulance Service Trust, with […] The post Cyberattack Investigation Shuts Down Ambulance Patient Records System appeared first on Heimdal Security Bl

article thumbnail

SEC Moves up Start Date of Reporting Material Cybersecurity Incidents

SecureWorld News

According to a press release yesterday from the United States Securities and Exchange Commission (SEC), the agency has "adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Supply Chain and Firmware Security Take Center Stage in 2024 NDAA

Security Boulevard

Every year, Congress passes the National Defense Authorization Act (NDAA), which sets the budget and defines key policy priorities for the U.S. Department of Defense (DoD). This legislation plays a crucial role in shaping the defense priorities and resources of the country, ensuring the readiness and capabilities of the military, and providing oversight for defense-related […] The post Supply Chain and Firmware Security Take Center Stage in 2024 NDAA appeared first on Eclypsium | Supply Cha

article thumbnail

The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole'

WIRED Threat Level

The National Security Agency has urged top lawmakers to resist demands that it obtain warrants for sensitive data sold by data brokers.

article thumbnail

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

The Hacker News

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.

article thumbnail

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro

Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.

Scams 98
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

BSides Leeds 2023 – Peter Jones – Practical Blue Teaming

Security Boulevard

Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Peter Jones – Practical Blue Teaming appeared first on Security Boulevard.

article thumbnail

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Duo's Security Blog

In our never-ending quest to help customers safeguard their environments and streamline security operations, Cisco Duo maintains constant lookout for rich vulnerability and threat intelligence so that we can provide the strongest protection. One piece of that effort is dedicated to understanding the types of tactics and attacks targeted at today’s organizations.

article thumbnail

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by August 15, 2023 to protect their networks against active threats.

Mobile 98
article thumbnail

More malicious npm packages found in wake of JumpCloud supply chain hack

Security Boulevard

Two weeks after the IT management firm JumpCloud announced that it was the victim of a supply chain attack aimed at a small population of customers in the cryptocurrency industry, an investigation by ReversingLabs researchers has uncovered evidence of more malicious npm packages, with links to the same infrastructure that also appear to target cryptocurrency providers.

Hacking 98
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

5 Questions To Ask When Evaluating a Penetration Testing Company

Mitnick Security

Whether your organization has been the victim of a recent data breach or has never had expert penetration testing done before, it’s probably time to call in cybersecurity experts. The right cybersecurity company can help you identify the strengths and weaknesses of your networks and systems so you can improve your security posture and stay ahead of threat actors.

article thumbnail

Redefining Security: Going Beyond Compliance in Financial Organizations (Plus Memes!) 

Security Boulevard

Organizations often confuse the concept of being compliant with being secure. They assume that they must be appropriately protected once they have invested the necessary resources to achieve compliance. Considering that meeting compliance mandates are not cheap, averaging $3.5 million annually. Still, the cost of not meeting compliance mandates is even higher, averaging $9.5 million, The post Redefining Security: Going Beyond Compliance in Financial Organizations (Plus Memes!

97
article thumbnail

A Career in Cybersecurity: A Path to Future-Proof Job Security

SecureBlitz

Here, I will talk about having a career in cybersecurity as a path to future-proof job security. In today's digital age, where technology permeates every aspect of our lives, the need for cybersecurity has become paramount. Cyber threats and attacks are increasing, targeting individuals, businesses, and governments alike. As an outcome, the demand for skilled […] The post A Career in Cybersecurity: A Path to Future-Proof Job Security appeared first on SecureBlitz Cybersecurity.

article thumbnail

How scammers used SEO to disguise themselves as an electric utility

Security Boulevard

Summer is at its height, and it’s a good time to go sit by the pool with a glass of iced tea, go out and see that hugely promoted film in a nice cool theater, or maybe relax at home in your favorite chair…in front of the air conditioner. The post How scammers used SEO to disguise themselves as an electric utility appeared first on Security Boulevard.

Scams 96
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

Google Security

Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [ 2021 , 2020 , 2019 ] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit , but instead to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes.

Spyware 96
article thumbnail

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

The Hacker News

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.

VPN 95
article thumbnail

Information Stealing Malware on the Rise, Uptycs Study Shows

SecureWorld News

A new study from Uptycs has uncovered an increase in the distribution of information stealing malware. Incidents have more than doubled in Q1 2023, indicating a disturbing trend that threatens global organizations. According to the new Uptycs whitepaper, Detecting the Silent Threat: 'Stealers are Organization Killers' (gated link), a variety of new info stealers have emerged this year, preying on Windows, Linux, and macOS systems.

Malware 93
article thumbnail

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

The Hacker News

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year time period, with 96% of the attacks linked to the Mirai botnet.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!