Schneier on Security

FEBRUARY 6, 2024

Via a FOIA request, we have documents from the NSA about their banning of Furby toys.

251

251

Tech Republic Security

FEBRUARY 6, 2024

There are a few differences between spear phishing and phishing that can help you identify and protect your organization from threats. Learn about these differences.

Phishing 196

Phishing Antivirus VPN Software 196

Bleeping Computer

FEBRUARY 6, 2024

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. [.

Spyware 133

Spyware Mobile 133

Tech Republic Security

FEBRUARY 6, 2024

Here are the top cyber threat hunting tools that can enhance your organization's cybersecurity defenses. Learn how their features compare.

Cyber threats 151

Cyber threats Cybersecurity 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 6, 2024

By aligning priorities into a shared game plan, HR and IT can finally set their organizations up to defend against modern cyberthreats. The post Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk appeared first on Security Boulevard.

Risk 129

Risk Cybersecurity Social Engineering Cyber Risk 129

Security Affairs

FEBRUARY 6, 2024

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op

Hacking 125

Hacking Software Mobile Information Security 125

Tech Republic Security

FEBRUARY 6, 2024

Securden Password Vault’s reporting and auditing features make it a good option for IT supervisors tasked to secure and manage multiple accounts and passwords.

Passwords 118

Passwords Accountability Password Management 118

PCI perspectives

FEBRUARY 6, 2024

With the rapid rise in popularity of AI services like ChatGPT, Dall-E, and GitHub Copilot, many people are looking at ways they can leverage the new abilities of these systems to improve their existing businesses.

Risk 123

Risk Artificial Intelligence Mobile 123

Penetration Testing

FEBRUARY 6, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited security vulnerability in the widely used Google Chrome web browser. Tracked as CVE-2023-4762, this high-severity flaw poses a significant... The post CISA warns of a patched Chrome flaw now exploited in attacks appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing Cybersecurity 122

Pen Test Partners

FEBRUARY 6, 2024

TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a trusted journalist to escalate at Livall Backstory Some of us at PTP are keen skiers, and all of us are into IoT and connected devices.

IoT 121

IoT Risk Internet Internet 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 6, 2024

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands. [.

Malware 119

Malware 119

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The effects of the attack were limited because of the network segmentation implemented in the government infrastructure. “The Ministry of Defence (MOD

Malware 110

Malware Firmware VPN Backups 110

We Live Security

FEBRUARY 6, 2024

A cavalier approach to bring-your-own-device security won’t cut it as personal devices within corporate networks make for a potentially combustible mix.

121

121

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet.

Spyware 108

Spyware Surveillance Government Software 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

FEBRUARY 6, 2024

Primarily found on Unix-like operating systems, the `cpio` command-line utility weaves a fundamental thread, enabling users to package and unpackage files within archive files. Esteemed for its versatility and support for multiple archive formats,... The post One Click, System Exposed: cpio Vulnerability (CVE-2023-7216) Threatens Unix Security appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Security Boulevard

FEBRUARY 6, 2024

The high-profile web hosting company Cloudflare said last week that a sophisticated attacker gained access to code repositories used by the company, and made off with sensitive internal code. This was just the latest such attack targeting the firm. The post The Cloudflare source code breach: Lessons learned appeared first on Security Boulevard.

109

109

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware 108

Ransomware Cybercrime Malware Social Engineering 108

Security Boulevard

FEBRUARY 6, 2024

Looking for email authentication and security software? This. The post EasyDMARC VS Proofpoint DMARC appeared first on EasyDMARC. The post EasyDMARC VS Proofpoint DMARC appeared first on Security Boulevard.

Authentication 108

Authentication Software Security Awareness 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

FEBRUARY 6, 2024

A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison. Aliaksandr Klimenka, a Belarusian and Cypriot national linked with the now-defunct cryptocurrency exchange BTC-e, is facing charges with money laundering conspiracy and operation of an unlicensed money services business. “An indictment was unsealed on Tuesday charging a Belarusian and Cypriot national with money laundering conspiracy and ope

Cryptocurrency 103

Cryptocurrency Spyware Cybercrime Hacking 103

Bleeping Computer

FEBRUARY 6, 2024

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. [.

Authentication 107

Authentication 107

Trend Micro

FEBRUARY 6, 2024

In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.

Risk 104

Risk Cyber threats 104

Bleeping Computer

FEBRUARY 6, 2024

Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. [.

Data breaches 120

Data breaches 120

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

FEBRUARY 6, 2024

Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement.

110

110

Bleeping Computer

FEBRUARY 6, 2024

French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. [.

Healthcare 107

Healthcare Data breaches Risk 107

Penetration Testing

FEBRUARY 6, 2024

JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation implant. The payload does... The post JS-Tap: generic JavaScript payload and supporting software to help red teamers attack webapps appeared first on Penetration Testing.

Penetration Testing 103

Penetration Testing Software 103

Trend Micro

FEBRUARY 6, 2024

A finance worker in Hong Kong was tricked by a deepfake video conference. The future of defending against deepfakes is as much as human challenge as a technological one.

Banking 94

Banking Scams Technology Media 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

SecureWorld News

FEBRUARY 6, 2024

New regulatory filings have exposed the skyrocketing costs of major cyber incidents, as big brands Clorox and Johnson Controls admitted collectively suffering more than $75 million in attack-related expenditures last year. Cleaning giant Clorox was struck by an unspecified cyber event discovered in August 2023. The incident disrupted operations so severely that the company reverted to manual ordering and processing as a containment measure—a response indicating ransomware, experts say.

Insurance 90

Insurance Cyber Insurance Cyber Risk Cyber threats 90

Malwarebytes

FEBRUARY 6, 2024

February 6, 2024 is Safer Internet Day. When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think. The internet has been around for quite some time now, and most of us wouldn’t know what to do without it.

Internet 88

Internet Internet Media Artificial Intelligence 88

Penetration Testing

FEBRUARY 6, 2024

In November 2023, a new and sinister threat emerged: ResumeLooters, a malicious gang that set its sights on job seekers’ sensitive personal data. Discovered by Group-IB’s Threat Intelligence unit, ResumeLooters launched a massive campaign... The post ResumeLooters: Cyber Predators Targeting Job Seekers’ Data appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing 95

Heimadal Security

FEBRUARY 6, 2024

Over the last decade, the cloud has gone from being a radical, disruptive new technology to becoming the default setting for organizations of all shapes and sizes. The days of enterprises and heavily regulated companies citing security as the main barrier to cloud adoption are over. So have all the cloud security challenges been solved? […] The post A Guide to Effective Cloud Privileged Access Management appeared first on Heimdal Security Blog.

Technology 87

Technology 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.