Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 300

Risk Artificial Intelligence Technology Internet 300

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

Malware 246

Malware Cybercrime Software Antivirus 246

Tech Republic Security

JUNE 1, 2023

Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. The post How to determine exactly what personal information Microsoft Edge knows about you appeared first on TechRepublic.

Software 180

Software 180

Bleeping Computer

JUNE 1, 2023

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [.

Hacking 141

Hacking Malware Cybersecurity Mobile 141

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Tech Republic Security

JUNE 1, 2023

A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both for individuals and enterprises. The post Most people are aware of their data trails, but few know how to deal with it: Okta study appeared first on TechRepublic.

Risk 175

Risk Accountability 175

Bleeping Computer

JUNE 1, 2023

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [.

Accountability 140

Accountability Banking Malware 140

Graham Cluley

JUNE 1, 2023

Jetpack. an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012. Read more in my article on the Tripwire State of Security blog.

119

119

Bleeping Computer

JUNE 1, 2023

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [.

Ransomware 113

Ransomware Healthcare 113

CSO Magazine

JUNE 1, 2023

Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity agenda, it said.

Cybersecurity 110

Cybersecurity 110

CyberSecurity Insiders

JUNE 1, 2023

A recent ransomware attack on a New York-based biotech company, Enzo Biochem, has resulted in the exposure of sensitive information belonging to more than 2.5 million patients. The cyber incident, which occurred on April 6th, compromised clinical test data and approximately 600,000 social security numbers. Enzo Biochem, renowned for its bacterial disease detection capabilities, has confirmed the breach in its SEC filing, expressing concerns that employee data may have also been accessed by the m

Ransomware 107

Ransomware Healthcare Insurance Backups 107

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JUNE 1, 2023

Two reports focused on the cyberinsurance market found prices continued to moderate in the first quarter of 2023, according to the Global Insurance Market Index from Marsh. Average price increases rose by just 11% compared with 28% increases during the fourth quarter of 2022. A Fitch Ratings report found a decline in ransomware incidents helped slow.

Insurance 104

Insurance Marketing Ransomware Risk 104

CyberSecurity Insiders

JUNE 1, 2023

Amazon has recently reached a settlement with the Federal Trade Commission (FTC) and agreed to pay a $31 million penalty in response to two civil complaints. The charges against the retailing giant involved allegations of invading the privacy of its female employees through Ring cameras and failing to delete recordings of children on its Alexa devices.

Consumer Protection 105

Consumer Protection Retail Engineering Accountability 105

Security Boulevard

JUNE 1, 2023

The internet was on tenterhooks over the question of whether the U.S. Supreme Court would find that online providers like Google, Facebook and others could continue to enjoy protection under the Communications Decency Act Section 230 for the statements and actions of users of their site. In particular, the Supreme Court was presented with an. The post Are Internet Providers ‘Aiding and Abetting’ Crimes?

Internet 104

Internet Internet Security Awareness Risk 104

We Live Security

JUNE 1, 2023

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The post All eyes on APIs: Top 3 API security risks and how to mitigate them appeared first on WeLiveSecurity

Risk 105

Risk Software 105

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JUNE 1, 2023

In today’s interconnected world, where technology permeates every aspect of our lives, ensuring robust cybersecurity has become an utmost priority. With the ever-evolving threat landscape, it is crucial to stay informed about the latest trends and challenges in the field of cybersecurity. In this article, we will explore some of the trending topics in cybersecurity, shedding light on the advancements, threats, and the measures we need to take to protect ourselves.

Cybersecurity 105

Cybersecurity IoT Architecture Artificial Intelligence 105

Dark Reading

JUNE 1, 2023

In an already fraught environment surrounding the popular Python programming language software package manager, hackers are coming up with new ways to sneak malicious goodies past cybersecurity buffers.

Malware 103

Malware Software Cybersecurity 103

Bleeping Computer

JUNE 1, 2023

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. [.

Software 112

Software 112

CyberSecurity Insiders

JUNE 1, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity is practice of protecting information technology (IT) infrastructure assets such as computers, networks, mobile devices, servers, hardware, software, and data (personal & financial) against attacks, breaches and unauthorised access.

Cybersecurity 99

Cybersecurity Computers and Electronics Phishing Banking 99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JUNE 1, 2023

Organizations often encounter issues when trying to implement best practices in mobile device security while also ensuring a seamless user experience. This is because end users can be hesitant to install additional apps on their mobile device, while others engage in risky practices such as jailbreaking or rooting their phones, sometimes even using custom operating.

Mobile 98

Mobile Risk 98

The Hacker News

JUNE 1, 2023

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis.

Ransomware 98

Ransomware 98

Security Boulevard

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.

Risk 98

Risk Artificial Intelligence CISO 98

The Hacker News

JUNE 1, 2023

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said.

Malware 97

Malware Hacking Mobile 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 1, 2023

Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. iTunes is a software program that acts as a media player, media library, mobile device management utility, and the client app for the iTunes Store.

Media 97

Media Mobile Cybersecurity Software 97

Bleeping Computer

JUNE 1, 2023

Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. [.

96

96

eSecurity Planet

JUNE 1, 2023

At a high level, implementation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard can be done simply and easily for outgoing mail by adding a text file to an organization’s DNS record. However, in practice, the messiness of modern organizations can complicate the process significantly and require an iterative approach to ensure no legitimate email senders suddenly become flagged as SPAM.

DNS 97

DNS Authentication Marketing eCommerce 97

The Hacker News

JUNE 1, 2023

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment.

Software 94

Software 94

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

JUNE 1, 2023

No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.

101

101

The Hacker News

JUNE 1, 2023

IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment.

Technology 92

Technology 92

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems.

Firewall 94

Firewall Firmware VPN DDOS 94

The Hacker News

JUNE 1, 2023

Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed," ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.

90

90

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity