The Last Watchdog

OCTOBER 5, 2023

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.

Cyber threats 204

Cyber threats Cyber Insurance Cybersecurity Threat Detection 204

Bleeping Computer

OCTOBER 5, 2023

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. [.

Cybersecurity 137

Cybersecurity 137

The Last Watchdog

OCTOBER 5, 2023

Worcester, Mass., Oct. 5, 2023 – Today, the Healey-Driscoll Administration kicked off Cybersecurity Month in Massachusetts with the announcement of $1,136,911 in funding to develop a new cybersecurity training center at MassBay Community College and support the existing center at Bridgewater State University. The grants are part of the state’s SOC/Range Initiative, a program managed by MassTech’s MassCyberCenter that aims to help build a diverse generation of cybersecurity professionals thro

Cybersecurity 114

Cybersecurity Education Small Business Government 114

Security Affairs

OCTOBER 5, 2023

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politically motivated threat actor called SiegedSec has breached its systems and leaked unclassified documents online. “NATO cyber experts are actively addressing incidents affecting some unclassified NATO websites,” reads a statement issued by s NATO official to media outlets.

Cyber Attacks 132

Cyber Attacks Hacking Media Data breaches 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 5, 2023

Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.

Artificial Intelligence 152

Artificial Intelligence Software 152

We Live Security

OCTOBER 5, 2023

ESET researchers uncover a cyberespionage campaign that they called Operation Jacana and that targeted a governmental entity in Guyana.

145

145

Dark Reading

OCTOBER 5, 2023

A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.

Ransomware 123

Ransomware 123

Security Affairs

OCTOBER 5, 2023

Belgian intelligence agency State Security Service (VSSE) fears that Chinese giant Alibaba is spying on logistics to gather financial intelligence. The Belgian intelligence service VSSE revealed that is investigating potential cyber espionage activities carried out by Chinese firms, including the Alibaba Group Holding, at a cargo airport in Liege. According to the Financial Times , Alibaba has located its main European logistics centre at Liege Airport and the VSSE was working to “detect a

Government 118

Government Hacking Information Security 118

Bleeping Computer

OCTOBER 5, 2023

Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. [.

121

121

The Hacker News

OCTOBER 5, 2023

A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said.

Banking 122

Banking Malware 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 5, 2023

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793 (CVSS score: 9.8) and Windows bug CVE-2023-28229 (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog. Below are the descriptions of the two vulnerabilities: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability.

Authentication 109

Authentication Hacking Cybersecurity Software 109

The Hacker News

OCTOBER 5, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793 (CVSS score: 9.

Authentication 120

Authentication Cybersecurity 120

Dark Reading

OCTOBER 5, 2023

Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.

107

107

The Hacker News

OCTOBER 5, 2023

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.

Accountability 119

Accountability 119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

OCTOBER 5, 2023

Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.

Internet 114

Internet Internet Risk 114

Approachable Cyber Threats

OCTOBER 5, 2023

Category Awareness, Cybersecurity Fundamentals, Guides, Privacy Risk Level In the musical words of Rockwell, ? “I always feel like somebody’s watching me - and I have no privacy.” ?Who might be watching you through your webcam, and what can you do to stop it? The global pandemic and the increase of remote workers has led to a surge in online video conferencing using tools such as Zoom and Google Meet - Zoom alone has tripled its user base since 2019.

Passwords 106

Passwords Identity Theft VPN Authentication 106

SecureWorld News

OCTOBER 5, 2023

In a recent revelation, both Arm and Qualcomm, two leading semiconductor manufacturers, have fallen victim to a series of highly sophisticated and targeted Zero-Day attacks. These attacks have not only exposed a significant breach of security but also pose a grave threat to the data and privacy of millions of users worldwide. Zero-Day vulnerabilities refer to previously unknown security flaws that are exploited by attackers before the affected company has a chance to develop and release a softwa

Manufacturing 104

Manufacturing Risk Software Cybersecurity 104

Bleeping Computer

OCTOBER 5, 2023

Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. [.

107

107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

OCTOBER 5, 2023

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 105

Firmware 105

Bleeping Computer

OCTOBER 5, 2023

Microsoft finally removed the Cortana standalone app from Windows 11 in the latest preview build for Insiders in the Canary Channel. [.

119

119

SecureWorld News

OCTOBER 5, 2023

In today's digital age, where smartphones have become an indispensable part of our lives, it is no surprise that they have also become prime targets for malicious attackers. Among all the mobile platforms, Apple's iOS stands out as a significant focus for these hackers. Apple recently issued an emergency security update in response to actively exploited iOS Zero-Day vulnerabilities (CVE-2023-42824 and CVE-2023-5217).

Spyware 101

Spyware Manufacturing Cyber threats Education 101

Dark Reading

OCTOBER 5, 2023

The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.

Government 104

Government Malware 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureWorld News

OCTOBER 5, 2023

Having helped build out many SecureWorld conferences, I have come to realize—likely to no one's surprise—that the best cybersecurity leaders indeed have some technical prowess, but it is their soft skills that make them exceptional leaders. The CISOs, BISOs, VPs of security architecture, CSOs, directors of information security, directors of governance, risk and compliance, deputy CISOs, and chief risk officers who provide thought leadership on SecureWorld agendas all have a few things in common:

CISO 98

CISO Risk Government Cybersecurity 98

The Hacker News

OCTOBER 5, 2023

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT.

Phishing 99

Phishing Ransomware Malware 99

Bleeping Computer

OCTOBER 5, 2023

A new Microsoft Teams application, faster and completely redesigned, is generally available for all Windows and macOS users starting today. [.

107

107

Graham Cluley

OCTOBER 5, 2023

Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family’s website, and why? And how can you protect your vehicle from the spate of keyless car thefts? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

CISO 95

CISO Cybersecurity DDOS 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

OCTOBER 5, 2023

A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called DinodasRAT.

Phishing 97

Phishing Cybersecurity 97

Dark Reading

OCTOBER 5, 2023

With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.

Cybersecurity 113

Cybersecurity 113

Bleeping Computer

OCTOBER 5, 2023

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. [.

Mobile 92

Mobile 92

Dark Reading

OCTOBER 5, 2023

A campaign that's been active since April has already racked up nearly 75,000 downloads, stealing data and cryptocurrency in the process.

Cryptocurrency 95

Cryptocurrency 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.