Schneier on Security
DECEMBER 5, 2022
This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.
Joseph Steinberg
DECEMBER 5, 2022
Don’t open attachments. Change your password often. Don’t click on any links sent in emails or text messages. We have all received plenty of advice on how to avoid being harmed by cyber-attacks, but staying safe can often be confusing, complicated, or impractical. Joseph Steinberg, author of the best-selling book, “Cybersecurity for Dummies,” is here to cut through the noise and give you practical tips on how to practice smart digital security — without you having to spend a ton of time or any m
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 5, 2022
In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba , one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google.
Javvad Malik
DECEMBER 5, 2022
I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you’ll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer number of products and hoops we deploy end up looking a bit like this picture.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
DECEMBER 5, 2022
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity.
CSO Magazine
DECEMBER 5, 2022
Palo Alto Networks today rolled out a new Medical IoT Security offering, designed to provide improved visibility, automated monitoring and more for hitherto vulnerable healthcare IoT frameworks, thanks to machine learning and adherence to zero trust principles. Medical device security is a serious problem for most organizations in healthcare, with a long string of reported vulnerabilities in the area stretching back for years.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 5, 2022
The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening. [.].
CyberSecurity Insiders
DECEMBER 5, 2022
First is the news related to the FIFA World Cup Football Tournament of 2022 being held in Qatar. Cybersecurity authorities’ managing the event have issued a caution to all those watching the sporting event on television to beware of illegal streaming websites. Because of high ticket prices, infrastructure issues and the ongoing Christmas season, most of the Football fans will watch their favorite teams on a big screen.
CSO Magazine
DECEMBER 5, 2022
In his career in IT security leadership, Aaron de Montmorency has seen a lot — an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company’s direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text.
Security Boulevard
DECEMBER 5, 2022
A new wiper malware is destroying data on Russian government PCs. Dubbed CryWiper, it pretends to be ransomware. The post Russia Hit by New ‘CryWiper’ — Fake Ransomware appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
DECEMBER 5, 2022
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM.
Bleeping Computer
DECEMBER 5, 2022
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. [.].
The Hacker News
DECEMBER 5, 2022
A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository.
Bleeping Computer
DECEMBER 5, 2022
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 5, 2022
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries. Resecurity, the California-based cybersecurity company protecting major Fortune 500 companies, has identified a new underground marketplace in the Dark Web oriented towards
Bleeping Computer
DECEMBER 5, 2022
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. [.].
Graham Cluley
DECEMBER 5, 2022
Your car's mobile app might have allowed hackers to remotely unlock your vehicle, turn on or off its engine, and even honk its horn. Read more in my article on the Hot for Security blog.
Security Boulevard
DECEMBER 5, 2022
Microsoft may have retired the Boa web server in 2005, but that hasn’t stopped widespread use—and now the company is saying a vulnerability in the server’s open source component has been exploited by bad actors, targeting the energy industry and underscoring the continued vulnerability of the supply chain. While investigating “electrical grid intrusion activity [that].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
DECEMBER 5, 2022
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called “triple threat” phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics fails, there are two more waiting in the wings primed to take another swing at your digital wallet.
Security Boulevard
DECEMBER 5, 2022
A growing number of companies are integrating APIs with their applications and systems. In a recent survey, the average number of APIs per company increased by 221% in 12 months, with 26% of companies using at least twice as many APIs as they did a year ago. With the rapid increase in the use of. The post What is API Governance? appeared first on Security Boulevard.
Malwarebytes
DECEMBER 5, 2022
You may well have changed your social media site of choice recently, but that doesn’t mean the security implications of less familiar sites and services can be ignored. For the sites themselves, coping with an influx of new users can be nothing short of a large headache. And even the more established entities like Mastodon—which is experiencing increased scrutiny alongside its recent boom in popularity—are not left unscathed from complaints and potential security issues.
Security Boulevard
DECEMBER 5, 2022
Many organizations remain unprepared to handle a ransomware attack on a holiday or weekend, as they continue to operate with a skeleton crew as the year winds down. This was one of the findings of a Cybereason survey of 1,203 cybersecurity professionals, which also found holiday and weekend ransomware attacks resulted in greater revenue losses than.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 5, 2022
From precisely spotting security vulnerabilities in your code, to writing an entire block of functional code on a whim, to opening portals to another dimension, OpenAI's newly launched ChatGPT is a game changer with its possibilities seeming limited only by your limitedness. [.].
Security Boulevard
DECEMBER 5, 2022
With supply chain attacks surging, now is the time to reflect — and look forward. ReversingLabs’ new report explores trends, best practices and more. The post The state of software supply chain security report: Top takeaways for development and SOC teams appeared first on Security Boulevard.
Malwarebytes
DECEMBER 5, 2022
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data which should not have been going to the cloud was doing so anyway in certain conditions. Securing your home: a complicated proposition. Insecure cameras, unprotected cloud footage, streams going where they shouldn’t be: these are all areas for concern when looking into buying a home security system.
Security Boulevard
DECEMBER 5, 2022
What are Insider Threats in Cybersecurity? An Insider Threat in cybersecurity occurs when someone who has access chooses to or gets tricked into using that access to harm your company. Insider Threats in cybersecurity can be employees, contractors, vendors, or visitors, and their intent can be either intentional or accidental. An example scenario where this […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
DECEMBER 5, 2022
On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this vulnerability as soon as you can. Do this by navigating to the "About Chrome" page on your browser’s menu.
Security Boulevard
DECEMBER 5, 2022
A survey of 500 DevOps and security professionals suggested that shifting away from legacy authentication technologies to embrace passwordless approaches to cybersecurity is going to require significant amounts of time and patience. The survey, conducted by the market research firm Schlesinger Group on behalf of Teleport, found 87% of respondents actively moving toward some type.
Dark Reading
DECEMBER 5, 2022
Privacy standards are only going to increase. It's time for organizations to get ahead of the coming reckoning.
Security Boulevard
DECEMBER 5, 2022
Palo Alto Networks today extended the reach of its secure access service edge (SASE) platform to medical devices that are running either in a hospital setting or at home. Xu Zou, vice president of IoT security products for Palo Alto Networks, said in the wake of the COVID-19 pandemic, more health care organizations are remotely. The post Palo Alto Networks Moves to Secure Medical Devices appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
304 
Let's personalize your content