Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 275

Risk Artificial Intelligence Technology Internet 275

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

Malware 228

Malware Cybercrime Software Antivirus 228

Tech Republic Security

JUNE 1, 2023

Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. The post How to determine exactly what personal information Microsoft Edge knows about you appeared first on TechRepublic.

Software 172

Software 172

Bleeping Computer

JUNE 1, 2023

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [.

Hacking 135

Hacking Malware Cybersecurity Mobile 135

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 1, 2023

A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both for individuals and enterprises. The post Most people are aware of their data trails, but few know how to deal with it: Okta study appeared first on TechRepublic.

Risk 167

Risk Accountability 167

Bleeping Computer

JUNE 1, 2023

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [.

Accountability 135

Accountability Banking Malware 135

Graham Cluley

JUNE 1, 2023

Jetpack. an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012. Read more in my article on the Tripwire State of Security blog.

116

116

CSO Magazine

JUNE 1, 2023

Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity agenda, it said.

Cybersecurity 110

Cybersecurity 110

We Live Security

JUNE 1, 2023

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The post All eyes on APIs: Top 3 API security risks and how to mitigate them appeared first on WeLiveSecurity

Risk 109

Risk Software 109

CyberSecurity Insiders

JUNE 1, 2023

A recent ransomware attack on a New York-based biotech company, Enzo Biochem, has resulted in the exposure of sensitive information belonging to more than 2.5 million patients. The cyber incident, which occurred on April 6th, compromised clinical test data and approximately 600,000 social security numbers. Enzo Biochem, renowned for its bacterial disease detection capabilities, has confirmed the breach in its SEC filing, expressing concerns that employee data may have also been accessed by the m

Ransomware 107

Ransomware Healthcare Insurance Backups 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JUNE 1, 2023

Two reports focused on the cyberinsurance market found prices continued to moderate in the first quarter of 2023, according to the Global Insurance Market Index from Marsh. Average price increases rose by just 11% compared with 28% increases during the fourth quarter of 2022. A Fitch Ratings report found a decline in ransomware incidents helped slow.

Insurance 105

Insurance Marketing Ransomware Risk 105

CyberSecurity Insiders

JUNE 1, 2023

Amazon has recently reached a settlement with the Federal Trade Commission (FTC) and agreed to pay a $31 million penalty in response to two civil complaints. The charges against the retailing giant involved allegations of invading the privacy of its female employees through Ring cameras and failing to delete recordings of children on its Alexa devices.

Consumer Protection 105

Consumer Protection Retail Engineering Accountability 105

Bleeping Computer

JUNE 1, 2023

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [.

Ransomware 105

Ransomware Healthcare 105

Security Boulevard

JUNE 1, 2023

The internet was on tenterhooks over the question of whether the U.S. Supreme Court would find that online providers like Google, Facebook and others could continue to enjoy protection under the Communications Decency Act Section 230 for the statements and actions of users of their site. In particular, the Supreme Court was presented with an. The post Are Internet Providers ‘Aiding and Abetting’ Crimes?

Internet 105

Internet Internet Security Awareness Risk 105

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JUNE 1, 2023

In today’s interconnected world, where technology permeates every aspect of our lives, ensuring robust cybersecurity has become an utmost priority. With the ever-evolving threat landscape, it is crucial to stay informed about the latest trends and challenges in the field of cybersecurity. In this article, we will explore some of the trending topics in cybersecurity, shedding light on the advancements, threats, and the measures we need to take to protect ourselves.

Cybersecurity 105

Cybersecurity IoT Architecture Artificial Intelligence 105

Dark Reading

JUNE 1, 2023

In an already fraught environment surrounding the popular Python programming language software package manager, hackers are coming up with new ways to sneak malicious goodies past cybersecurity buffers.

Malware 103

Malware Software Cybersecurity 103

CyberSecurity Insiders

JUNE 1, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity is practice of protecting information technology (IT) infrastructure assets such as computers, networks, mobile devices, servers, hardware, software, and data (personal & financial) against attacks, breaches and unauthorised access.

Cybersecurity 99

Cybersecurity Computers and Electronics Phishing Banking 99

Security Boulevard

JUNE 1, 2023

Organizations often encounter issues when trying to implement best practices in mobile device security while also ensuring a seamless user experience. This is because end users can be hesitant to install additional apps on their mobile device, while others engage in risky practices such as jailbreaking or rooting their phones, sometimes even using custom operating.

Mobile 98

Mobile Risk 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems.

Firewall 98

Firewall Firmware VPN DDOS 98

Security Boulevard

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.

Risk 98

Risk Artificial Intelligence CISO 98

The Hacker News

JUNE 1, 2023

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis.

Ransomware 97

Ransomware 97

Security Boulevard

JUNE 1, 2023

Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. iTunes is a software program that acts as a media player, media library, mobile device management utility, and the client app for the iTunes Store.

Media 97

Media Mobile Cybersecurity Software 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device.

Spyware 97

Spyware Advertising Malware Marketing 97

The Hacker News

JUNE 1, 2023

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said.

Malware 95

Malware Hacking Mobile 95

Security Affairs

JUNE 1, 2023

Prosperix leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers. Prosperix, formally Crowdstaffing, calls itself a “workforce innovation” company that develops software solutions for businesses to build an “extraordinary” workforce. It lists KPMG, Walmart, NBCUniversal and Avon among brands that trust the company.

Identity Theft 94

Identity Theft Scams Risk Media 94

Dark Reading

JUNE 1, 2023

No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.

101

101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

JUNE 1, 2023

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint to the list of victims on its Tor Dark Web site. Casepoint provides a leading legal discovery platform used by several US agencies, including the SEC, FBI, and US Courts.

Technology 93

Technology Hacking Ransomware Manufacturing 93

The Hacker News

JUNE 1, 2023

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment.

Software 92

Software 92

Bleeping Computer

JUNE 1, 2023

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. [.

Software 104

Software 104

CSO Magazine

JUNE 1, 2023

Announced in June 2022, the Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem. Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, Fortinet, Microsoft, and PayPal.

Cybercrime 90

Cybercrime Banking Media Accountability 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.