Mon.May 22, 2023

article thumbnail

Interview With a Crypto Scam Investment Spammer

Krebs on Security

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

Scams 248
article thumbnail

Google Is Not Deleting Old YouTube Videos

Schneier on Security

Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is worth saving.

Media 224
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Report: More organizations still plan to increase their tech staff

Tech Republic Security

A new Linux Foundation report finds that the global focus is on cloud/containers, cybersecurity and AI/ML skills, and that upskilling is key. The post Report: More organizations still plan to increase their tech staff appeared first on TechRepublic.

article thumbnail

Future Exploitation Vector: File Extensions as Top-Level Domains

Trend Micro

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards.

Risk 142
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

How to manage and share files online using NordLocker

Tech Republic Security

With NordLocker, you can store, manage and share individual files. Learn how with this step-by-step guide. The post How to manage and share files online using NordLocker appeared first on TechRepublic.

article thumbnail

Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

WIRED Threat Level

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

More Trending

article thumbnail

Malicious Windows kernel drivers used in BlackCat ransomware attacks

Bleeping Computer

The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. [.

article thumbnail

How and why to use multiple Apple IDs on the same Mac

Tech Republic Security

There are a few reasons Apple users should sometimes employ a pair of Apple IDs on the same Mac. Here’s how to make it work. The post How and why to use multiple Apple IDs on the same Mac appeared first on TechRepublic.

article thumbnail

Microsoft reports jump in business email compromise activity

CSO Magazine

Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU). The findings were highlighted in the latest edition of Microsoft’s Cyber Signals , a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts.

article thumbnail

EU slaps Meta with $1.3 billion fine for moving data to US servers

Bleeping Computer

The Irish Data Protection Commission (DPC) has announced a $1.3 billion fine on Facebook after claiming that the company violated Article 46(1) of the GDPR (General Data Protection Regulation). [.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cyber Warfare Lessons From the Russia-Ukraine Conflict

Dark Reading

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

124
124
article thumbnail

Sharing your business’s data with ChatGPT: How risky is it?

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As a natural language processing model, ChatGPT – and other similar machine learning-based language models – is trained on huge amounts of textual data.

Software 117
article thumbnail

Microsoft 365 hit by new outage causing connectivity issues

Bleeping Computer

Microsoft is investigating service issues preventing users from accessing their Microsoft 365 ccounts and blocking access to installed apps. [.

131
131
article thumbnail

Facebook Meta faces €1.3 billion penalty by GDPR

CyberSecurity Insiders

Facebook parent company Meta has been slapped with a penalty of €1.2 billion for transferring data of European users to the servers operating in the United States. A move that is dead-against the GDPR rules that came into existence since May 2018. The Irish Data Protection Commission pronounced a penalty and imposed a $1.3 billion fine for transferring the generated data to computers operating on other country soil, a move that is been exploited under the Standard Contractual Clause (SCC) that c

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Who Owns Security in Multi-Cloud Operations?

Security Boulevard

The best-kept secret is the one that is never shared. In today’s technology environment, that is even more true. Where organizations used to build and maintain their own technology stacks, now they are often interacting with multiple cloud providers or even combining the cloud with on-premises systems for a distributed environment. According to a recent.

article thumbnail

CISA orders govt agencies to patch iPhone bugs exploited in attacks

Bleeping Computer

Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks. [.

article thumbnail

A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

eSecurity Planet

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint , which they say can be used to hijack fingerprint images. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint au

article thumbnail

Google launches bug bounty program for its Android applications

Bleeping Computer

Google has launched the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty program that will pay security researchers for flaws found in the company's Android applications. [.

Mobile 111
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight

Security Boulevard

GDPR Move for Mark’s Money: No legal way to move Europeans’ data to the US since 2015. U.S. cloud industry better take note. The post Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight appeared first on Security Boulevard.

article thumbnail

Meta fined $1.3B for violating EU GDPR data transfer rules on privacy

CSO Magazine

Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms" of Facebook's European users, the DPC said in a statement.

Risk 107
article thumbnail

New Type of Attack: BrutePrint Can Breach Your Smartphone’s Fingerprint Security

Heimadal Security

Chinese researchers discovered a new type of attack targeting smartphones. BrutePrint is a brute-force attack that can bypass fingerprint authentication. They managed to breach security measures enabled for brute-force attacks like attempt limits and liveness detection. Brute-force attacks use numerous trial-and-error attempts to decipher a key, or password in order to obtain access to accounts […] The post New Type of Attack: BrutePrint Can Breach Your Smartphone’s Fingerprint Security ap

article thumbnail

Platform Engineering and Security: A Very Short Introduction

Security Boulevard

Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes. The post Platform Engineering and Security: A Very Short Introduction appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Phone scamming kingpin gets 13 years for running “iSpoof” service

Naked Security

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

Scams 123
article thumbnail

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Dark Reading

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

121
121
article thumbnail

Cloud Computing The Prescription for Modern Healthcare Challenges

Security Boulevard

Cloud computing has become a game-changer for many industries, and healthcare is no exception. Healthcare providers are starting to recognize the potential of cloud technology to improve patient outcomes, streamline operations, and reduce costs. In this blog post, we’ll explore in detail how cloud computing is transforming healthcare, its benefits and challenges, and how healthcare […] The post Cloud Computing The Prescription for Modern Healthcare Challenges appeared first on PeoplActive.

article thumbnail

Improving Cybersecurity Requires Building Better Public-Private Cooperation

Dark Reading

Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Pentagon explosion hoax goes viral after verified Twitter accounts push

Bleeping Computer

Highly realistic AI-generated images depicting an explosion near the Pentagon that went viral on Twitter caused the stock market to dip briefly earlier today. [.

article thumbnail

Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations

Dark Reading

The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.

article thumbnail

Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade

The Hacker News

New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh sophisticated campaign, but also to an activity cluster that first came to light in May 2016.

article thumbnail

A New Era of AppSec: 10 Times as a Leader in Gartner® Magic Quadrant™ for Application Security Testing

Veracode Security

Ten represents the completion of a cycle and the beginning of a new one, as there are ten digits in our base-10 number system. We've scanned nearly 140 trillion lines of code, so we can’t help but pick up on the one and the zero in our exciting announcement. It's the tenth publication of the Gartner® Magic Quadrant™ for Application Security Testing (AST), and we are pleased to announce we are a Leader for the tenth consecutive time.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?