Schneier on Security

SEPTEMBER 12, 2023

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

Data privacy 346

Data privacy 346

Krebs on Security

SEPTEMBER 12, 2023

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. 

Spyware 314

Spyware Software Surveillance Authentication 314

Joseph Steinberg

SEPTEMBER 12, 2023

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will speak as part of a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Tuesday, September 12, 2023 at 2 PM US Eastern time. Steinberg’s session, entitled Building Trust in AI: Addressing Security Fears in AI Adoption , will feature a discussion with three other notable figures from the world of AI: Yihua Liao, Ph.D.

Artificial Intelligence 237

Artificial Intelligence Cybersecurity Data breaches Engineering 237

Tech Republic Security

SEPTEMBER 12, 2023

Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives.

CISO 212

CISO Malware Penetration Testing Artificial Intelligence 212

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

SecureList

SEPTEMBER 12, 2023

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

Software 145

Software 145

Tech Republic Security

SEPTEMBER 12, 2023

Written by: Kirstie McDermott Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.

Engineering 187

Engineering Software 187

Tech Republic Security

SEPTEMBER 12, 2023

The Einstein 1 platform links Salesforce CRM data and generative AI. Plus, Trust Layer allows organizations to have control over their own data.

Artificial Intelligence 187

Artificial Intelligence Big data Software 187

Trend Micro

SEPTEMBER 12, 2023

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Ransomware 144

Ransomware Malware 144

The Hacker News

SEPTEMBER 12, 2023

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.

143

143

Security Affairs

SEPTEMBER 12, 2023

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4,000 packages to repojacking attacks. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository with the same name to trick users into downloading its content Checkmarx discovered than an attacker can exp

Hacking 142

Hacking Risk Accountability Information Security 142

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

SEPTEMBER 12, 2023

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser.

143

143

Malwarebytes

SEPTEMBER 12, 2023

A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this threat as the malicious ad has been online for almost one week.

Antivirus 139

Antivirus Advertising Malware Engineering 139

The Hacker News

SEPTEMBER 12, 2023

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

Risk 142

Risk 142

Bleeping Computer

SEPTEMBER 12, 2023

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. [.

138

138

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

SEPTEMBER 12, 2023

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines.

Phishing 141

Phishing 141

IT Security Guru

SEPTEMBER 12, 2023

In today’s digital age, where organisations heavily rely on technology and data, ensuring strong Cyber Security practices is paramount, and one often overlooked aspect, is the departure of staff members. The departure of an employee can introduce vulnerabilities and risks if not handled properly. Establishing a well-defined process for staff departures is crucial not only for maintaining operational continuity but also for safeguarding sensitive information from potential cyber threats.

Cybersecurity 138

Cybersecurity Cyber threats Risk Data breaches 138

The Hacker News

SEPTEMBER 12, 2023

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity.

Software 140

Software 140

Security Affairs

SEPTEMBER 12, 2023

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

Hacking 138

Hacking Information Security 138

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Graham Cluley

SEPTEMBER 12, 2023

Hotel and casino giant MGM Resorts has revealed that it is investigating a "cybersecurity incident" that has resulted in its website being taken offline, an outage of online booking systems, and even problems with slot machines. Read more in my article on the Hot for Security blog.

Cybersecurity 136

Cybersecurity Data breaches Ransomware Malware 136

Bleeping Computer

SEPTEMBER 12, 2023

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [.

Malware 136

Malware Software 136

Security Affairs

SEPTEMBER 12, 2023

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims to have stolen 6,8 TB of documents, including International HR data, international personal data.

Cyber Attacks 135

Cyber Attacks Healthcare Education Data breaches 135

Bleeping Computer

SEPTEMBER 12, 2023

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.

132

132

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

SEPTEMBER 12, 2023

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369 , is an out-of-bounds write memory safety issue that can be exploited to execute arbitrary code on vulnerable installs. “Adobe has releas

Hacking 135

Hacking Software Information Security 135

The Hacker News

SEPTEMBER 12, 2023

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad.

Malware 132

Malware 132

Security Affairs

SEPTEMBER 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. “In a recent update, a well-known and notorious threat actor declared their targeting of Telegram.

DDOS 134

DDOS Accountability InfoSec Hacking 134

Dark Reading

SEPTEMBER 12, 2023

The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.

Accountability 129

Accountability Malware 129

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

SEPTEMBER 12, 2023

Hospitality and entertainment company MGM Resorts was hit by a cyber attack that shut down its systems at MGM Hotels and Casinos. Hospitality and entertainment company MGM Resorts was the victim of a cyber attack, the IT infrastructure across the United States was shut down. The incident was discovered on Sunday and affected hotel reservation systems in the United States and other IT systems that run the casino floors.

Cyber Attacks 132

Cyber Attacks Hacking Cybersecurity Ransomware 132

Malwarebytes

SEPTEMBER 12, 2023

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has added these two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Accountability 129

Accountability Cybersecurity Risk 129

The Hacker News

SEPTEMBER 12, 2023

SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats.

Cyber threats 125

Cyber threats Software 125

Malwarebytes

SEPTEMBER 12, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 128

Ransomware Backups Data breaches Malware 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!