Schneier on Security

SEPTEMBER 13, 2023

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Spyware 287

Spyware Accountability 287

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

Cybercrime 277

Cybercrime Passwords Authentication Malware 277

The Last Watchdog

SEPTEMBER 13, 2023

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

Security Intelligence 229

Security Intelligence Marketing Risk Internet 229

Anton on Security

SEPTEMBER 13, 2023

As you may have noticed, we have released a new paper on securing AI. I want to share a few additional things here on top our official launch blog. src: [link] For a few years (so, yes, I did start before the ChatGPT launch, if you have to ask…), I’ve been a little obsessed about the differences between securing AI systems and securing any other complex enterprise data-intensive systems (please see this blog and podcasts that are mentioned there).

Artificial Intelligence 130

Artificial Intelligence CISO Software Government 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 13, 2023

The purpose of this policy from TechRepublic Premium is to provide guidelines for the proper use of peer-to-peer file sharing. It includes an authorization form for approval of P2P file transmission, which sets the conditions and parameters in which this data exchange must occur. From the policy: P2P applications should only be used to send.

Network Security 127

Network Security 127

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best pr

Phishing 140

Phishing Accountability Passwords Password Management 140

Malwarebytes

SEPTEMBER 13, 2023

Apple's Wonderlust event on Tuesday saw the launch of the company's top-of-the-line iPhone 15 Pro Max with a titanium chassis and an improved telephoto camera, as well as other iPhone 15 models and new Apple Watches. Also this week , Apple was reportedly banned from selling the iPhone 12 in France because the device's Specific Absorption Rate (SAR) is above the legal limit.

Backups 129

Backups Accountability VPN Scams 129

Bleeping Computer

SEPTEMBER 13, 2023

The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. [.

Marketing 128

Marketing 128

IT Security Guru

SEPTEMBER 13, 2023

Modern digital transformations have been fuelled by APIs, altering how many businesses and organizations run. However, the recent innovation and digital transformation wave have also opened up new attack surfaces for cybercriminals. Companies are forced to respond to an increase in API threats, but they quickly learn that traditional, static methods of API security are ineffective.

Digital transformation 126

Digital transformation Data breaches Artificial Intelligence Firewall 126

Security Affairs

SEPTEMBER 13, 2023

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via

Spyware 121

Spyware Architecture Engineering Hacking 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

SEPTEMBER 13, 2023

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

Scams 130

Scams Internet Internet 130

Security Affairs

SEPTEMBER 13, 2023

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.

Cybercrime 118

Cybercrime Hacking Accountability Ransomware 118

The Hacker News

SEPTEMBER 13, 2023

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.

117

117

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802 , an elevation of privilege flaw in Microsoft Streaming Service with a CVSS score of 7.8 that could provide an attacker with system privileges.

Engineering 109

Engineering Security Defenses Risk Cybersecurity 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

SEPTEMBER 13, 2023

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA543 and Sagrid.

Phishing 114

Phishing 114

Dark Reading

SEPTEMBER 13, 2023

Gamers and former sound engineers and roadies can help boost the cybersecurity talent pool. Their flexible mindset and attention to detail make them valuable resources.

Cybersecurity 110

Cybersecurity Engineering 110

Heimadal Security

SEPTEMBER 13, 2023

Microsoft revealed a shift in tactics by an initial access broker known for its ties to ransomware groups. The threat actor is known as Storm-0324 and had formerly spread Sage and GandCrab ransomware. Storm-0324 recently moved from deploying ransomware to breaching corporate networks through Microsoft Teams phishing attacks. More about the Teams Phishing Attacks Microsoft stated […] The post Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics appeared first on Heimdal Securit

Phishing 107

Phishing Ransomware Cybersecurity 107

Malwarebytes

SEPTEMBER 13, 2023

Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a supposed giveaway of “50,000 ETH and 5,000 BTC”, which is $79,885,500 and $130,325,000 respectively.

Cryptocurrency 104

Cryptocurrency Scams Risk Cybersecurity 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureWorld News

SEPTEMBER 13, 2023

Alarming details have emerged about the exploitation of two Zero-Day vulnerabilities to deploy NSO Group's Pegasus commercial spyware on iPhones. These vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061 , were actively abused as part of a zero-click exploit chain, according to security researchers at The Citizen Lab. In response to this threat, the U.S.

Spyware 103

Spyware Government Cybersecurity Backups 103

Heimadal Security

SEPTEMBER 13, 2023

New ransomware trends are on the rise as ransomware has emerged as one of the most formidable cyber threats in recent years, causing significant disruptions to businesses, governments, and individuals worldwide. As we step into 2023 and beyond, it’s crucial to examine the evolving landscape of ransomware trends and predict the future of ransomware attacks. […] The post Ransomware Trends and Predictions for 2023 and Beyond appeared first on Heimdal Security Blog.

Ransomware 98

Ransomware Cyber threats Government 98

WIRED Threat Level

SEPTEMBER 13, 2023

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

120

120

SecureBlitz

SEPTEMBER 13, 2023

In this post, we will show you how to detect fake social media profiles. With the increasing prevalence of social media platforms in our daily lives, fake social media profiles have become a significant concern. These profiles are often created for various malicious purposes, such as identity theft, online scams, cyberbullying, and misinformation spreading.

Media 96

Media Identity Theft Scams Cybersecurity 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

SEPTEMBER 13, 2023

Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens. [.

Data breaches 97

Data breaches Software Hacking 97

Heimadal Security

SEPTEMBER 13, 2023

On September 12th, 2023, Mozilla released crucial security updates to address a critical Firefox zero day vulnerability. Security researchers also detected the flaw in the Thunderbird application. The zero-day was dubbed CVE-2023-4863 and has been actively exploited in the wild. Interestingly enough, the Common Vulnerabilities and Exposures (CVE) system website mentions Chrome as the assigner […] The post Patch Now!

Cybersecurity 96

Cybersecurity 96

SecureList

SEPTEMBER 13, 2023

Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%.

Spyware 94

Spyware Internet Internet Manufacturing 94

The Hacker News

SEPTEMBER 13, 2023

More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities.

96

96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

SEPTEMBER 13, 2023

New vulnerability in GitHub puts more than 4,000 repositories at risk. The flaw turns the code packages vulnerable to repojacking attacks. After researchers reported the vulnerability to GitHub, the code hosting platform released a fix. Repository hijacking (repojacking) is a technique that enables the threat actor to evade a security mechanism called popular repository namespace […] The post GitHub Vulnerability Exposes Over 4,000 Repositories to Repojacking Attacks appeared first on Heim

Risk 93

Risk Cybersecurity 93

The Hacker News

SEPTEMBER 13, 2023

There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.

Government 95

Government 95

Dark Reading

SEPTEMBER 13, 2023

The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.

Healthcare 103

Healthcare Ransomware 103

WIRED Threat Level

SEPTEMBER 13, 2023

Senators are meeting with Silicon Valley's elite to learn how to deal with AI. But can Congress tackle the rapidly emerging tech before working on itself?

Artificial Intelligence 99

Artificial Intelligence 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.