Krebs on Security
SEPTEMBER 13, 2023
In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.
Schneier on Security
SEPTEMBER 13, 2023
Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 13, 2023
From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.
Anton on Security
SEPTEMBER 13, 2023
As you may have noticed, we have released a new paper on securing AI. I want to share a few additional things here on top our official launch blog. src: [link] For a few years (so, yes, I did start before the ChatGPT launch, if you have to ask…), I’ve been a little obsessed about the differences between securing AI systems and securing any other complex enterprise data-intensive systems (please see this blog and podcasts that are mentioned there).
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
SEPTEMBER 13, 2023
The purpose of this policy from TechRepublic Premium is to provide guidelines for the proper use of peer-to-peer file sharing. It includes an authorization form for approval of P2P file transmission, which sets the conditions and parameters in which this data exchange must occur. From the policy: P2P applications should only be used to send.
Malwarebytes
SEPTEMBER 13, 2023
The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best pr
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
SEPTEMBER 13, 2023
Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. [.
The Hacker News
SEPTEMBER 13, 2023
A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deliver LockBit (attributed to Bitwise Spider or Syrphid) in the target network.
Malwarebytes
SEPTEMBER 13, 2023
Apple's Wonderlust event on Tuesday saw the launch of the company's top-of-the-line iPhone 15 Pro Max with a titanium chassis and an improved telephoto camera, as well as other iPhone 15 models and new Apple Watches. Also this week , Apple was reportedly banned from selling the iPhone 12 in France because the device's Specific Absorption Rate (SAR) is above the legal limit.
Bleeping Computer
SEPTEMBER 13, 2023
The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. [.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Dark Reading
SEPTEMBER 13, 2023
The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.
SecureList
SEPTEMBER 13, 2023
Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%.
Security Affairs
SEPTEMBER 13, 2023
Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via
Dark Reading
SEPTEMBER 13, 2023
CISOs in the rail industry must protect an older, more complex infrastructure than most industries. Here are some of the unique, high-stakes challenges.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
The Hacker News
SEPTEMBER 13, 2023
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.
IT Security Guru
SEPTEMBER 13, 2023
Modern digital transformations have been fuelled by APIs, altering how many businesses and organizations run. However, the recent innovation and digital transformation wave have also opened up new attack surfaces for cybercriminals. Companies are forced to respond to an increase in API threats, but they quickly learn that traditional, static methods of API security are ineffective.
The Hacker News
SEPTEMBER 13, 2023
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by the monikers TA543 and Sagrid.
Security Affairs
SEPTEMBER 13, 2023
3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantec’s Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
We Live Security
SEPTEMBER 13, 2023
Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?
Heimadal Security
SEPTEMBER 13, 2023
Microsoft revealed a shift in tactics by an initial access broker known for its ties to ransomware groups. The threat actor is known as Storm-0324 and had formerly spread Sage and GandCrab ransomware. Storm-0324 recently moved from deploying ransomware to breaching corporate networks through Microsoft Teams phishing attacks. More about the Teams Phishing Attacks Microsoft stated […] The post Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics appeared first on Heimdal Securit
Security Affairs
SEPTEMBER 13, 2023
A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier this year. While ShadowPad is known to be part of the arsenal of multiple China-linked APT groups, the TTPs observed in the attack on the national power grid overla
Dark Reading
SEPTEMBER 13, 2023
Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
Security Affairs
SEPTEMBER 13, 2023
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.
Dark Reading
SEPTEMBER 13, 2023
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
SecureWorld News
SEPTEMBER 13, 2023
Alarming details have emerged about the exploitation of two Zero-Day vulnerabilities to deploy NSO Group's Pegasus commercial spyware on iPhones. These vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061 , were actively abused as part of a zero-click exploit chain, according to security researchers at The Citizen Lab. In response to this threat, the U.S.
Dark Reading
SEPTEMBER 13, 2023
All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
WIRED Threat Level
SEPTEMBER 13, 2023
A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.
Heimadal Security
SEPTEMBER 13, 2023
New ransomware trends are on the rise as ransomware has emerged as one of the most formidable cyber threats in recent years, causing significant disruptions to businesses, governments, and individuals worldwide. As we step into 2023 and beyond, it’s crucial to examine the evolving landscape of ransomware trends and predict the future of ransomware attacks. […] The post Ransomware Trends and Predictions for 2023 and Beyond appeared first on Heimdal Security Blog.
Dark Reading
SEPTEMBER 13, 2023
Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.
Malwarebytes
SEPTEMBER 13, 2023
Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too. One site uses the Apple brand to host a cryptocurrency scam. The hook is a supposed giveaway of “50,000 ETH and 5,000 BTC”, which is $79,885,500 and $130,325,000 respectively.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev
Expert insights. Personalized for you.
311 
Let's personalize your content