Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta.

Phishing 251

Phishing Malware 251

Schneier on Security

MAY 26, 2023

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson—officially provides a definition

213

213

Tech Republic Security

MAY 26, 2023

GitLab 16 includes more than 55 improvements and new features. Learn about the most notable new technologies in this GitLab platform. The post GitLab announces AI-DevSecOps platform GitLab 16 appeared first on TechRepublic.

Technology 144

Technology Artificial Intelligence Big data Software 144

Bleeping Computer

MAY 26, 2023

Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "an IT security incident." [.

Ransomware 134

Ransomware Government 134

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Google Security

MAY 26, 2023

Vincent Winstead, Technical Program Manager It’s Google CTF time! Get your hacking toolbox ready and prepare your caffeine for rapid intake. The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC. Registration is now open at g.co/ctf. Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

Hacking 131

Hacking Technology Engineering 131

Security Boulevard

MAY 26, 2023

Shouty name—dangerous game. Red-team tool ripe for misuse. The post COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT appeared first on Security Boulevard.

Cyber Attacks 137

Cyber Attacks IoT Risk Government 137

Bleeping Computer

MAY 26, 2023

Microsoft has introduced a new Microsoft Defender capability named "performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives. [.

Antivirus 123

Antivirus 123

Dark Reading

MAY 26, 2023

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

123

123

Graham Cluley

MAY 26, 2023

Bad enough for your company to be held to ransom after a cyber attack. Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves. Read more in my article on the Tripwire State of Security blog.

Cyber Attacks 120

Cyber Attacks Ransomware Malware 120

The Hacker News

MAY 26, 2023

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.

Spyware 120

Spyware Marketing 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MAY 26, 2023

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. [.

VPN 112

VPN Advertising 112

CyberSecurity Insiders

MAY 26, 2023

A Tesla employee has reportedly stole about 100GB of data related to the automaker and handed it over to a media company, which has now released a portion of the details. According to a German media resource Handelsblatt, the leaked information from the Tesla Files include sensitive details related to 100,000 names of current and former employees including the social security number of Tesla CEO Elon Musk his itinerary for the next few months.

Data breaches 111

Data breaches Media Cybersecurity Hacking 111

CSO Magazine

MAY 26, 2023

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the malware can interact with remote terminal units (RTUs) and other operational technology (OT) devices that communicate over the

Malware 111

Malware Engineering Technology Cybersecurity 111

Security Boulevard

MAY 26, 2023

The world of cybersecurity is ever-evolving, and organizations are facing new and complex security challenges every day. The traditional approach to managing identities and access has been fragmented and siloed, with separate systems for identity and access management (IAM), privileged access management (PAM) and identity governance and administration (IGA).

Government 109

Government Cybersecurity Security Awareness Network Security 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MAY 26, 2023

Today, the convergence of operational technology (OT) and IT networks is accelerating because organizations can use the data collected by physical equipment and Industrial Internet of Things (IIoT) devices to identify issues and increase efficiency. With less siloed IT and OT departments, convergence reduces space requirements and physical hardware.

Technology 103

Technology Cybersecurity Data collection Internet 103

Security Boulevard

MAY 26, 2023

Early releases of identity verification and facial recognition technology have failed to deliver on the promise of trustworthy digital identification and have damaged the reputation of biometric security tech, according to an Incode report. The global survey of 1,000 respondents found close to half (48%) indicated they consider digital authentication technology as detrimental to their.

Authentication 108

Authentication Technology Mobile Cybersecurity 108

Bleeping Computer

MAY 26, 2023

Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting cities' online services. [.

Ransomware 121

Ransomware Government 121

Security Boulevard

MAY 26, 2023

For almost nine years, Chinese national and U.S. resident Haitao Xiang had been employed by the Monsanto company in St. Louis, Missouri, as a research application engineer specializing in hyperspectral imaging technology. As with most jobs of this type, Xiang had signed a non-disclosure and confidentiality agreement with his employer, agreeing not to take and/or.

Engineering 104

Engineering Technology Risk Government 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

MAY 26, 2023

A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.

Passwords 107

Passwords 107

Security Boulevard

MAY 26, 2023

Organizations should emphasize processes that connect the dots between software development practices, business risk and due diligence activities. The post Connecting the dots: Development + business risk + due diligence appeared first on Security Boulevard.

Risk 103

Risk Software 103

Bleeping Computer

MAY 26, 2023

The city of Augusta in Georgia, U.S., has confirmed that the most recent IT system outage was caused by unauthorized access to its network. [.

Ransomware 115

Ransomware 115

Security Affairs

MAY 26, 2023

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) with the new PowerExchange backdoor. Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The experts speculate that the backdoor is likely linked to an Iran-linked APT group.

Internet 91

Internet Internet Government Phishing 91

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

eSecurity Planet

MAY 26, 2023

Confidential computing is a technology and technique that encrypts and stores an organization’s most sensitive data in a secure portion of a computer’s processor — known as the Trusted Execution Environment (TEE) — while it’s processed and in use. It’s a fast-growing cloud computing technique that has gotten buy-in and support from a variety of hardware, software, and cloud vendors.

Encryption 97

Encryption Architecture IoT Technology 97

Bleeping Computer

MAY 26, 2023

Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. [.

Media 90

Media Hacking Accountability 90

The Hacker News

MAY 26, 2023

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure.

Network Security 92

Network Security IoT Mobile Government 92

Malwarebytes

MAY 26, 2023

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls. Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface.

Firmware 84

Firmware VPN Firewall Accountability 84

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MAY 26, 2023

In today’s fast-changing digital landscape, ensuring strong network security has become a top priority for companies of all sizes. Given the rise of remote work, cloud computing, and increasingly complex cyber threats, conventional network architectures and perimeter-based security measures are no longer enough. Enter Zero Trust Network Access (ZTNA), a game-changing security concept that questions […] The post What Is ZTNA?

Architecture 83

Architecture Cyber threats Network Security 83

Google Security

MAY 26, 2023

Vincent Winstead, Technical Program Manager It’s Google CTF time! Get your hacking toolbox ready and prepare your caffeine for rapid intake. The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC. Registration is now open at g.co/ctf. Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

Hacking 82

Hacking Technology Engineering 82

Dark Reading

MAY 26, 2023

Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.

Phishing 98

Phishing 98

We Live Security

MAY 26, 2023

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool The post How an innocuous app morphed into a trojan – Week in security with Tony Anscombe appeared first on WeLiveSecurity

80

80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.