Schneier on Security

JUNE 21, 2023

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “ Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation “: Abstract: The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be “morally good” or at least “morally allowed / acceptable.” Among phil

Education 243

Education 243

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties.

Malware 212

Malware Antivirus Cybercrime Hacking 212

The Last Watchdog

JUNE 21, 2023

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises. Related: Why SMBs need to do PAM well Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

Cyber Attacks 172

Cyber Attacks Cybersecurity Network Security Software 172

Tech Republic Security

JUNE 21, 2023

Cybersecurity has always been challenging, but with the cloud becoming more complex, the Internet of Things more advanced and remote work more embraced, security and endpoint management face a host of new challenges. Experts weighed in on the subject at the recent Syxsense Synergy event. The post Remote work and the cloud create new endpoint security challenges appeared first on TechRepublic.

Internet 150

Internet Internet Cybersecurity 150

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 21, 2023

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM. [.

Mobile 145

Mobile Software 145

Tech Republic Security

JUNE 21, 2023

In an effort to target online child sexual abuse and pro-terror content, Australia may cause global changes in how tech companies handle data. The post Australia plans to mandate file scanning for all tech companies appeared first on TechRepublic.

Big data 134

Big data Government Cybersecurity 134

CyberSecurity Insiders

JUNE 21, 2023

At the end of May 2023, a Zero Day vulnerability was discovered by risk analysing firm Kroll and on June 7th of this year, Clop ransomware gang published on its blog that they have gained access to the servers of MOVEit software via Zellis Payroll software and urged the victims to contact via the blog post, as their email response could go at snail pace as the number of victims related to the incident was large.

Cyber Attacks 137

Cyber Attacks Retail Insurance Healthcare 137

SecureList

JUNE 21, 2023

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel.

Spyware 134

Spyware Encryption Passwords Backups 134

Bleeping Computer

JUNE 21, 2023

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits. [.

Spyware 139

Spyware 139

The Last Watchdog

JUNE 21, 2023

Chicago, Ill., June 21, 2023 – NowSecure, the recognized experts in mobile security and privacy, announced today that it has completed its latest annual SOC 2 Type 2 security audit – the industry benchmark for independent auditing of security controls for software vendors. This certification covers the NowSecure Platform for automated mobile app security testing.

Mobile 100

Mobile Government Risk Media 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 21, 2023

The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor to snoop and record from victims' microphones. [.

Malware 123

Malware Hacking 123

CyberSecurity Insiders

JUNE 21, 2023

Cybersecurity in today’s world is a matter of national security and so the Department of Justice (DoJ) has created a separate litigation section in its National Security Division dedicated to Cybersecurity. Matthew G. Olsen, the head of Justice Department has endorsed the news on Tuesday by announcing the same at the Stanford’s Hoover Institution. As per the update released by Matthew the new section will be called as NatSec Cyber and will be highly scalable as per the need/demand.

Cybersecurity 120

Cybersecurity Cyber threats 120

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. The company's Threat Intelligence platform detected more than 100,000 compromised devices with saved ChatGPT credentials traded on illicit Dark Web marketplaces over the past year. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 117

Accountability Data collection Cyber threats Cybersecurity 117

Security Boulevard

JUNE 21, 2023

A recently discovered cloud-focused malware tool has seemingly been updated with additional functionality. The post Malware Devs Update Legion Hacktool, Boost Capabilities appeared first on Security Boulevard.

Malware 109

Malware Cybersecurity Hacking 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JUNE 21, 2023

Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.

Ransomware 106

Ransomware Software 106

Security Boulevard

JUNE 21, 2023

Smart TV Dilemmas It's hard nowadays to find a TV that is not "smart". They all come preloaded with apps to watch Netflix, Disney+ and the like. Not everyone has a new TV though. For older "dumb" TVs, streaming devices are very popular. And even for TVs with built-in apps, there are still reasons to use a separate streaming device. Maybe you don't want to be force-fed the TV manufacturer's recommendations ads.

Firmware 104

Firmware DNS Malware Manufacturing 104

Dark Reading

JUNE 21, 2023

The notorious APT15 used common malware tools and a third-generation custom 'Graphican' backdoor to continue its information gathering exploits, this time against foreign ministries.

Malware 103

Malware 103

Security Boulevard

JUNE 21, 2023

Developing a cyber risk management program from the ground up can be daunting for many organizations, especially those establishing their program with a small team or limited resources. The security and risk team may need help deciding where to start or what to prioritize. What do they need immediately, and what can they build towards as their maturity progresses?

Risk 103

Risk Cybersecurity Cyber Risk 103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

JUNE 21, 2023

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels The post Going on vacation soon?

Cybercrime 102

Cybercrime 102

Dark Reading

JUNE 21, 2023

The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.

Cyber threats 109

Cyber threats 109

Security Boulevard

JUNE 21, 2023

A data classification policy is critical to your business’s data protection strategy. Understand data classification categories and access tips to create and update your policy. The post How to Build a Data Classification Policy appeared first on Security Boulevard.

98

98

Malwarebytes

JUNE 21, 2023

Apple has released security updates for several products to address a set of flaws that it says are being actively exploited. Updates are available for these products: Safari 16.5.1 macOS Big Sur and macOS Monterey iOS 16.5.1 and iPadOS 16.5.1 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later iOS 15.7.7 and iPadOS 15.7.7 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad

Engineering 98

Engineering Risk Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 21, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Stacey Champagne – The Big “P” Problem In Cybersecurity appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Education InfoSec 98

eSecurity Planet

JUNE 21, 2023

Compared to other operating systems, Linux patch management is unique because of its open-source nature, which enables a sizable community of developers and security professionals to find vulnerabilities, examine the code, and submit patches. Linux distributions use package managers to make it easier for users to install software packages and updates.

Software 98

Software Backups Risk System Administration 98

Security Boulevard

JUNE 21, 2023

In its heyday, the virtual private network (VPN) commanded immense respect as a groundbreaking leap forward in IT security, establishing an invincible perimeter for protecting confidential data. But that was almost 30 years ago in the mid-19902 (precisely 1996, in fact), when VPNs emerged onto the scene. As time has progressed and the security landscape.

Network Security 98

Network Security VPN Cybersecurity 98

The Hacker News

JUNE 21, 2023

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

Surveillance 96

Surveillance Mobile 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 21, 2023

Very few events can impact a business on so many levels as a cybersecurity incident. Disruption and downtime can cost millions in missed revenue, while fines, remediation, and reputational damage can rack up millions more in associated costs. The post For Execs and Boards, Cybersecurity Can No Longer Be Ignored appeared first on Keyfactor. The post For Execs and Boards, Cybersecurity Can No Longer Be Ignored appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Security Through Education

JUNE 21, 2023

Once upon a time, there was a young lady that worked as a receptionist for a prestigious hotel. She was used to dealing with rude guests on occasion. However, on this particular day, a very angry guest marched his way to the front desk demanding a late check out. The young receptionist politely explained that unfortunately they were sold out and could not honor his request.

Social Engineering 95

Social Engineering Engineering Education Technology 95

Security Boulevard

JUNE 21, 2023

Unleashing the Power of Digital Transformation: Digital transformation encompasses a range of strategies and technologies aimed at leveraging digital advancements to optimize processes, enhance customer experiences, and drive business growth. Solvo understands the complexities involved in this journey such as mitigating threats across a rapidly expanding attack surface and avoiding disruption to business operations and … Continue reading "Accelerating Digital Transformation with Solvo: Empowerin

Digital transformation 98

Digital transformation Technology 98

Heimadal Security

JUNE 21, 2023

Researchers observed state-sponsored threat group APT15 using a new backdoor dubbed `Graphican`. The Chinese hackers used the new malware in a campaign targeting foreign affairs ministries in the Americas, between 2022 – 2023. According to security researchers, among the other targets were a government finance department, a corporation that markets products in the Americas, and […] The post Chinese Hackers APT15 Use New Backdoor Malware to Target American Ministries appeared first on

Malware 94

Malware Marketing Government Cybersecurity 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.