Schneier on Security

FEBRUARY 6, 2024

Via a FOIA request, we have documents from the NSA about their banning of Furby toys.

330

330

Tech Republic Security

FEBRUARY 6, 2024

There are a few differences between spear phishing and phishing that can help you identify and protect your organization from threats. Learn about these differences.

Phishing 209

Phishing Antivirus VPN Software 209

Security Affairs

FEBRUARY 6, 2024

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op

Hacking 143

Hacking Software Mobile Information Security 143

Tech Republic Security

FEBRUARY 6, 2024

Here are the top cyber threat hunting tools that can enhance your organization's cybersecurity defenses. Learn how their features compare.

Cyber threats 199

Cyber threats Cybersecurity 199

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The effects of the attack were limited because of the network segmentation implemented in the government infrastructure. “The Ministry of Defence (MOD

Malware 137

Malware Firmware VPN Backups 137

Tech Republic Security

FEBRUARY 6, 2024

Securden Password Vault’s reporting and auditing features make it a good option for IT supervisors tasked to secure and manage multiple accounts and passwords.

Passwords 170

Passwords Accountability Password Management 170

Trend Micro

FEBRUARY 6, 2024

In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.

Risk 133

Risk Cyber threats 133

Security Affairs

FEBRUARY 6, 2024

A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison. Aliaksandr Klimenka, a Belarusian and Cypriot national linked with the now-defunct cryptocurrency exchange BTC-e, is facing charges with money laundering conspiracy and operation of an unlicensed money services business. “An indictment was unsealed on Tuesday charging a Belarusian and Cypriot national with money laundering conspiracy and ope

Cryptocurrency 131

Cryptocurrency Spyware Cybercrime Hacking 131

We Live Security

FEBRUARY 6, 2024

A cavalier approach to bring-your-own-device security won’t cut it as personal devices within corporate networks make for a potentially combustible mix.

131

131

Security Boulevard

FEBRUARY 6, 2024

By aligning priorities into a shared game plan, HR and IT can finally set their organizations up to defend against modern cyberthreats. The post Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk appeared first on Security Boulevard.

Risk 130

Risk Cybersecurity Social Engineering Cyber Risk 130

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware 130

Ransomware Cybercrime Malware Social Engineering 130

Bleeping Computer

FEBRUARY 6, 2024

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. [.

Spyware 129

Spyware Mobile 129

Security Boulevard

FEBRUARY 6, 2024

A Wing Security survey found nearly all respondents experienced a security incident involving at least one SaaS application. The post Report Surfaces Extent of SaaS Application Insecurity appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity 128

Pen Test Partners

FEBRUARY 6, 2024

TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a trusted journalist to escalate at Livall Backstory Some of us at PTP are keen skiers, and all of us are into IoT and connected devices.

IoT 128

IoT Internet Internet Risk 128

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Trend Micro

FEBRUARY 6, 2024

A finance worker in Hong Kong was tricked by a deepfake video conference. The future of defending against deepfakes is as much as human challenge as a technological one.

Banking 127

Banking Scams Technology Media 127

PCI perspectives

FEBRUARY 6, 2024

With the rapid rise in popularity of AI services like ChatGPT, Dall-E, and GitHub Copilot, many people are looking at ways they can leverage the new abilities of these systems to improve their existing businesses.

Risk 125

Risk Artificial Intelligence Mobile 125

Penetration Testing

FEBRUARY 6, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited security vulnerability in the widely used Google Chrome web browser. Tracked as CVE-2023-4762, this high-severity flaw poses a significant... The post CISA warns of a patched Chrome flaw now exploited in attacks appeared first on Penetration Testing.

Penetration Testing 124

Penetration Testing Cybersecurity 124

WIRED Threat Level

FEBRUARY 6, 2024

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work.

Encryption 122

Encryption 122

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Duo's Security Blog

FEBRUARY 6, 2024

The idea that “identity is the new perimeter” is not new. It has been a foundational component in many approaches to zero trust. However, over the past 18 months, there has been an unprecedented wave of identity-based cyberattacks with devastating consequences. According to Cisco Talos, three of the top five MITRE ATT@CK techniques used in 2023 were identity-based.

Accountability 119

Accountability Authentication Risk Marketing 119

SecureWorld News

FEBRUARY 6, 2024

New regulatory filings have exposed the skyrocketing costs of major cyber incidents, as big brands Clorox and Johnson Controls admitted collectively suffering more than $75 million in attack-related expenditures last year. Cleaning giant Clorox was struck by an unspecified cyber event discovered in August 2023. The incident disrupted operations so severely that the company reverted to manual ordering and processing as a containment measure—a response indicating ransomware, experts say.

Insurance 119

Insurance Cyber Insurance Cyber Risk Cyber threats 119

Penetration Testing

FEBRUARY 6, 2024

Primarily found on Unix-like operating systems, the `cpio` command-line utility weaves a fundamental thread, enabling users to package and unpackage files within archive files. Esteemed for its versatility and support for multiple archive formats,... The post One Click, System Exposed: cpio Vulnerability (CVE-2023-7216) Threatens Unix Security appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

The Hacker News

FEBRUARY 6, 2024

Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement.

111

111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

FEBRUARY 6, 2024

February 6, 2024 is Safer Internet Day. When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think. The internet has been around for quite some time now, and most of us wouldn’t know what to do without it.

Internet 111

Internet Internet Media Artificial Intelligence 111

Security Boulevard

FEBRUARY 6, 2024

The high-profile web hosting company Cloudflare said last week that a sophisticated attacker gained access to code repositories used by the company, and made off with sensitive internal code. This was just the latest such attack targeting the firm. The post The Cloudflare source code breach: Lessons learned appeared first on Security Boulevard.

111

111

Bleeping Computer

FEBRUARY 6, 2024

Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. [.

Data breaches 109

Data breaches 109

eSecurity Planet

FEBRUARY 6, 2024

A host-based firewall is installed directly on individual networked devices to filter network traffic on a single device by inspecting both incoming and outgoing data. Larger enterprises use this to manage the spread of malware throughout a network in the event that one device is infected. Its goal is to establish a uniform security posture throughout the network and improve endpoint security by creating a protective barrier at the individual computer level.

Firewall 109

Firewall Mobile Network Security Software 109

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

FEBRUARY 6, 2024

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands. [.

Malware 106

Malware 106

The Hacker News

FEBRUARY 6, 2024

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News.

Advertising 106

Advertising Malware 106

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. As home users, many of the threats we cover will only affect you second hand, such as disruptions after a company suffers a ransomware attack, or when your private information is sold online after a data breach. Sadly, there’s not a lot you can do to prevent incidents like these yourself, other than stay on top of the news and protect yourself against ide

Malware 106

Malware Passwords Identity Theft Banking 106

The Hacker News

FEBRUARY 6, 2024

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data.

Retail 106

Retail Hacking 106

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!