Schneier on Security
JULY 3, 2023
Police are already using self-driving car footage as video evidence: While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage.
Tech Republic Security
JULY 3, 2023
In this TechRepublic How to Make Tech Work tutorial, Jack Wallen shows you how to add the Docker Scout feature to the Docker CLI. The post How to add the Docker Scout feature to the Docker CLI appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 3, 2023
Microsoft has denied the claims of the so-called hacktivists "Anonymous Sudan" that they breached the company's servers and stole credentials for 30 million customer accounts. [.
Security Boulevard
JULY 3, 2023
This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository. The previous case where we found vulnerabilities in Firebase repositories can be found here with a detailed explanation of the underline mechanism that allows this type of vulnerabilities. By exploiting this vulnerability an attack could put Google’s Orbit users and maintainers at risk by injecting malicious code, conducting phishing attacks and more, depending on the project specific confi
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 3, 2023
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem. [.
Security Boulevard
JULY 3, 2023
A data protection strategy regards the measures taken to help you secure mission-critical and regulated data while keeping it usable for business purposes. The post What is a Data Protection Strategy? Components, Best Practices and Benefits appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 3, 2023
India’s Central Electricity Authority (CEA) issued the Cyber Security in Power Sector Guidelines 2021 in October 2021. The comprehensive guidelines are intended to help all power sector entities in India take measured steps to improve their overall cybersecurity posture and protect critical infrastructure from cyber attacks through specific interventions.
Dark Reading
JULY 3, 2023
Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real — downed communications and compromised data.
Bleeping Computer
JULY 3, 2023
A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022. [.
Quick Heal Antivirus
JULY 3, 2023
Introduction The rise of malicious software designed to steal sensitive information has become a significant problem in the. The post White Snake Menace: The Growing Threat of Information Stealers in the Cybercrime Landscape appeared first on Quick Heal Blog.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 3, 2023
What are the causes of Data Loss and which are their impact on your organization? In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage.
Approachable Cyber Threats
JULY 3, 2023
Category Awareness, Cybersecurity Fundamentals Risk Level “What are HTTP and HTTPS? Are they the same? ” At the beginning of the internet’s popularity, HTTP (Hypertext Transfer Protocol), was used to transmit data between clients (web browsers) and web servers. However, any data transmitted between the client and server was not protected. As internet culture became increasingly popular around the world and brought with it an urgent need to protect sensitive data from malicious actors, HTTPS was
Security Affairs
JULY 3, 2023
US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws added to the catalog: CVE-2019-17621 (CVSS score: 9.8) -D-Link DIR-859 Router Command Execution Vulnerability CVE-2019-20500 (CVSS score: 7.8) – D-Link DWL-2600AP Access Point Command Injection
We Live Security
JULY 3, 2023
Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents The post Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs appeared first on WeLiveSecurity
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JULY 3, 2023
Microsoft's Edge browser has recently enhanced its 'Edge Secure Network' feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB. [.
Security Affairs
JULY 3, 2023
China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. The researchers tracked the campaign as SmugX and reported that it has been ongoing since at least December 2022.
The Hacker News
JULY 3, 2023
A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022.
Security Affairs
JULY 3, 2023
Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure. A collective known as Anonymous Sudan (aka Storm-1359) claimed responsibility for the DDoS attacks that hit the company’s services.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
JULY 3, 2023
In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and online. But sometimes, individualized warrants are never issued, never asked for, never really needed, depending on which government agency is conducting the surveillance, and for what reason.
Security Affairs
JULY 3, 2023
Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. In Mid-June Fortinet addressed a critical flaw, tracked as CVE-2023-27997 (CVSS score: 9.2), in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or command
The Hacker News
JULY 3, 2023
In yet another sign of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a singular objective: comprehensive data theft," Uptycs said in a new report.
Security Affairs
JULY 3, 2023
Researchers spotted a new Windows information stealer called Meduza Stealer, the authors employ sophisticated marketing strategies to promote it. The Meduza Stealer can steal browsing activities and extract a wide array of browser-related data, including login credentials, browsing history and bookmarks. The malware also targets crypto wallet extensions, password managers, and 2FA extensions.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
JULY 3, 2023
When you just keep filing it away to handle "someday," security debt typically rears its head when you are most vulnerable and can least afford to pay it.
Malwarebytes
JULY 3, 2023
The FTC is cracking down on fake reviews. Under the new proposed rules, organisations involved in the buying, selling, and manipulation of reviews could be very much out of pocket. Every time a consumer sees a fake review, it will carry a fine of “up to $50,000” per viewing. From the FTC release : Our proposed rule on fake reviews shows that we’re using all available means to attack deceptive advertising in the digital age,” said Samuel Levine, Director of the FTC’s
Security Affairs
JULY 3, 2023
Researchers spotted a new version of the RustBucket Apple macOS malware that supports enhanced capabilities. Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group.
Malwarebytes
JULY 3, 2023
The head of a criminal network responsible for defrauding hundreds of elderly people has been arrested, Europol has announced. After a joint operation in Germany, Poland, and the UK, Europol says the suspect was arrested in London from where he ran a network of fraudsters targeting mainly German and Polish citizens. Europol estimates that the overall damage done by the network amounts to around €5 million, and that €1.4 million of losses were prevented thanks to the successful takedo
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JULY 3, 2023
No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched.
SecureWorld News
JULY 3, 2023
As we rely increasingly on digital technologies for our work, communication, entertainment, and education, we also expose ourselves to more and more cyber risks. Cyberattacks can devastate individuals, businesses, and even nations, affecting our privacy, security, and economy. But how much do we know about the cyber threats we face daily? How prepared are we to deal with them?
Dark Reading
JULY 3, 2023
Cybercriminals employ obfuscated script to stealthily hijack victim server bandwidth for use in legitimate proxy networks.
The Hacker News
JULY 3, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices. All the flaws have been patched as of 2021. CVE-2021-25394 (CVSS score: 6.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
314 
Let's personalize your content