Schneier on Security

SEPTEMBER 12, 2023

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

Data privacy 289

Data privacy 289

Krebs on Security

SEPTEMBER 12, 2023

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. 

Spyware 231

Spyware Software Surveillance Authentication 231

Joseph Steinberg

SEPTEMBER 12, 2023

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will speak as part of a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Tuesday, September 12, 2023 at 2 PM US Eastern time. Steinberg’s session, entitled Building Trust in AI: Addressing Security Fears in AI Adoption , will feature a discussion with three other notable figures from the world of AI: Yihua Liao, Ph.D.

Artificial Intelligence 174

Artificial Intelligence Cybersecurity Data breaches Engineering 174

Tech Republic Security

SEPTEMBER 12, 2023

Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives.

CISO 201

CISO Malware Penetration Testing Artificial Intelligence 201

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Trend Micro

SEPTEMBER 12, 2023

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

Ransomware 136

Ransomware Malware 136

Tech Republic Security

SEPTEMBER 12, 2023

Written by: Kirstie McDermott Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.

Engineering 156

Engineering Software 156

Tech Republic Security

SEPTEMBER 12, 2023

The Einstein 1 platform links Salesforce CRM data and generative AI. Plus, Trust Layer allows organizations to have control over their own data.

Artificial Intelligence 150

Artificial Intelligence Big data Software 150

Bleeping Computer

SEPTEMBER 12, 2023

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [.

Malware 139

Malware Software 139

Graham Cluley

SEPTEMBER 12, 2023

Hotel and casino giant MGM Resorts has revealed that it is investigating a "cybersecurity incident" that has resulted in its website being taken offline, an outage of online booking systems, and even problems with slot machines. Read more in my article on the Hot for Security blog.

Cybersecurity 131

Cybersecurity Data breaches Ransomware Malware 131

WIRED Threat Level

SEPTEMBER 12, 2023

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

Hacking 144

Hacking 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 12, 2023

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

Hacking 125

Hacking Information Security 125

Bleeping Computer

SEPTEMBER 12, 2023

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.

136

136

The Hacker News

SEPTEMBER 12, 2023

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.

126

126

IT Security Guru

SEPTEMBER 12, 2023

In today’s digital age, where organisations heavily rely on technology and data, ensuring strong Cyber Security practices is paramount, and one often overlooked aspect, is the departure of staff members. The departure of an employee can introduce vulnerabilities and risks if not handled properly. Establishing a well-defined process for staff departures is crucial not only for maintaining operational continuity but also for safeguarding sensitive information from potential cyber threats.

Cybersecurity 124

Cybersecurity Cyber threats Risk Data breaches 124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

SEPTEMBER 12, 2023

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack. Checkmarx researchers discovered a new vulnerability in GitHub could have exposed over 4,000 packages to repojacking attacks. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository with the same name to trick users into downloading its content Checkmarx discovered than an attacker can exp

Hacking 120

Hacking Risk Accountability Information Security 120

Security Boulevard

SEPTEMBER 12, 2023

A survey identified cybersecurity as the biggest challenge small organizations face today, with 49% more concerned than they were six months ago. The post Cybersecurity the Biggest Challenge for Smaller Organizations appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity Small Business Data privacy Mobile 123

Bleeping Computer

SEPTEMBER 12, 2023

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months. [.

Hacking 121

Hacking 121

The Hacker News

SEPTEMBER 12, 2023

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser.

124

124

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

SEPTEMBER 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. “In a recent update, a well-known and notorious threat actor declared their targeting of Telegram.

DDOS 119

DDOS Accountability InfoSec Hacking 119

The Hacker News

SEPTEMBER 12, 2023

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity.

Software 121

Software 121

Bleeping Computer

SEPTEMBER 12, 2023

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. [.

Phishing 119

Phishing Ransomware Accountability 119

Security Affairs

SEPTEMBER 12, 2023

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369 , is an out-of-bounds write memory safety issue that can be exploited to execute arbitrary code on vulnerable installs. “Adobe has releas

Hacking 115

Hacking Software Information Security 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

SEPTEMBER 12, 2023

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. [.

141

141

SecureList

SEPTEMBER 12, 2023

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

Software 129

Software 129

Malwarebytes

SEPTEMBER 12, 2023

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has added these two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Cybersecurity 116

Cybersecurity Accountability Risk 116

Security Affairs

SEPTEMBER 12, 2023

The international non-governmental organization (NGO) Save the Children International was recently hit with a cyberattack. The charity organization Save the Children International revealed that it was hit by a cyber attack. The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims to have stolen 6,8 TB of documents, including International HR data, international personal data.

Cyber Attacks 114

Cyber Attacks Healthcare Education Data breaches 114

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

SEPTEMBER 12, 2023

A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this threat as the malicious ad has been online for almost one week.

Antivirus 114

Antivirus Advertising Malware Engineering 114

Dark Reading

SEPTEMBER 12, 2023

The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.

Accountability 129

Accountability Malware 129

TrustArc

SEPTEMBER 12, 2023

Review the top ten privacy insights from global organizations and the privacy considerations your enterprise must know. The post The Top 10 Privacy Considerations for Enterprises appeared first on TrustArc Privacy Blog.

113

113

The Hacker News

SEPTEMBER 12, 2023

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

Risk 115

Risk 115

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.