Schneier on Security
DECEMBER 1, 2023
A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails to find promising low- and medium-risk trades.
Tech Republic Security
DECEMBER 1, 2023
Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 1, 2023
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat.
Tech Republic Security
DECEMBER 1, 2023
Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
DECEMBER 1, 2023
Increased budgets and team sizes within security departments are giving IT pros a boost despite the prevailing economic challenges in 2023. The post Security Pros See Budget Bump, Headcount Rise in 2023 appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 1, 2023
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 1, 2023
Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. [.
CompTIA on Cybersecurity
DECEMBER 1, 2023
We are often asked, “How does CompTIA PenTest+ compare to CEH?” To help you choose which exam to take, here’s a brief overview of the two cybersecurity certifications plus five advantages of CompTIA PenTest+ over CEH.
Bleeping Computer
DECEMBER 1, 2023
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [.
The Hacker News
DECEMBER 1, 2023
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 1, 2023
Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named 'Olvid.' [.
Security Affairs
DECEMBER 1, 2023
US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two issues are: CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow
Bleeping Computer
DECEMBER 1, 2023
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. [.
Security Affairs
DECEMBER 1, 2023
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
SecureList
DECEMBER 1, 2023
Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons. The incident occurred in the third and fourth week of March, as part of a small wave of attacks involving both DroxiDat and Cobalt Strike beacons around the world; and we believe t
Malwarebytes
DECEMBER 1, 2023
Domain fronting is a technique of using different domain names on the same HTTPS connection. Put simply, domain fronting hides your traffic when connecting to a specific website. It routes traffic through a larger platform, masking the true destination in the process. The technique became popular in the early 2010s in the mobile app development ecosystem, where developers would configure their apps to connect to a “front” domain that would then forward the connections to the develope
Bleeping Computer
DECEMBER 1, 2023
An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. [.
GlobalSign
DECEMBER 1, 2023
In this blog we examine how businesses can use digital signing to protect themselves against the growing threat of AI attacks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
DECEMBER 1, 2023
In the realm of cyber warfare, a new player has emerged, codenamed SugarGh0st. This Remote Access Trojan (RAT) has recently been identified by Cisco Talos as targeting government institutions in Uzbekistan and entities in... The post Advanced Cyber Espionage: SugarGh0st RAT Attacks Uzbek and South Korean Entities appeared first on Penetration Testing.
SecureList
DECEMBER 1, 2023
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: A total of 8,346,169 mobile malware, adware, and riskware attacks were blocked. The most common threat to mobile devices was adware, accounting for 52% of all detected threats. 438,962 malicious installation packages were detected, of which: 21,674 packages were related to mobile banking Troj
Penetration Testing
DECEMBER 1, 2023
In a groundbreaking discovery, researchers from Unit 42 at Palo Alto Networks have uncovered a new toolset being used in cyber attacks against organizations in the Middle East, Africa, and the United States. This... The post A New Set of Tools for Cyber Espionage: Targeting the Middle East, Africa, and the US appeared first on Penetration Testing.
The Hacker News
DECEMBER 1, 2023
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
DECEMBER 1, 2023
In the ever-evolving realm of cloud computing, a critical risk has surfaced within Google Workspace’s Domain-Wide Delegation feature, as revealed by Unit 42 researchers at Palo Alto Networks. This discovery sheds light on the... The post Exposed: Hidden Risks in Google Workspace’s Domain Delegation appeared first on Penetration Testing.
The Hacker News
DECEMBER 1, 2023
Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023.
Penetration Testing
DECEMBER 1, 2023
The hacking collective APT29, also known as Cozy Bear and Midnight Blizzard, recently orchestrated a malicious campaign employing counterfeit BMW advertisements, the Ngrok tool, and exploiting a vulnerability in the WinRAR archiver, known as... The post APT29 Lures Victims with Fake BMW Ads in Latest Attack appeared first on Penetration Testing.
Security Boulevard
DECEMBER 1, 2023
The majority of data breaches involved the human element, a catchall term for company insiders who compromise company and customer data. The post Stressed Employees and Insider Threats Put Data in Danger appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
DECEMBER 1, 2023
Numerous security vulnerabilities collectively known as LogoFAIL enable malefactors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for... The post LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk appeared first on Penetration Testing.
We Live Security
DECEMBER 1, 2023
Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology
Penetration Testing
DECEMBER 1, 2023
The Accelerated Mobile Pages (AMP) plugin for WordPress, utilized by over 100,000 websites, has recently rectified a vulnerability that allowed a malefactor to implant malicious scripts. These scripts would activate upon a site being... The post CVE-2023-48321: AMP Plugin Vulnerability Affects Over 100,000 Sites appeared first on Penetration Testing.
Security Boulevard
DECEMBER 1, 2023
As a security leader, you recognize the extraordinary potential within your workforce as the first line of defense against threats — and the importance of providing practical security awareness training. In this blog, you’ll discover crucial topics to include in your company’s training content and broader security training program. These topics will help you guide […] The post 8 Essential Security Awareness Training Topics appeared first on Code42.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
283 
Let's personalize your content