Schneier on Security

OCTOBER 31, 2023

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million. […] A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating

Wireless 268

Wireless Engineering Government 268

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains as among the most prevalent in phishing attacks over the past year.

Phishing 261

Phishing Telecommunications Malware Scams 261

Jane Frankland

OCTOBER 31, 2023

C-suites across all industries, from traditional finance to the latest “unicorns” emerging in the fintech industry, are facing a formidable challenge: how to protect their business and customer data against growing cyber threats. However, new research from e2e-assure has revealed that few organisations are taking full advantage of security technologies available today.

CISO 147

CISO Threat Detection Cyber threats Cybercrime 147

Tech Republic Security

OCTOBER 31, 2023

Google's Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.

Artificial Intelligence 180

Artificial Intelligence 180

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

OCTOBER 31, 2023

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. [.

Malware 138

Malware Antivirus Cybersecurity 138

Security Boulevard

OCTOBER 31, 2023

New and updated coverage for ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and others. The post NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023 appeared first on SafeBreach. The post NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023 appeared first on Se

Ransomware 137

Ransomware Malware 137

Dark Reading

OCTOBER 31, 2023

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.

CISO 127

CISO 127

Identity IQ

OCTOBER 31, 2023

IDIQ Executive Leadership Joins San Diego Cyber Center of Excellence Board of Directors IdentityIQ – C hief Marketing and Innovation Officer Michael Scheumack will represent the company on the CCOE Board, furthering the company’s mission to combat and educate businesses and consumers on identity theft , financial and cybersecurity threats – Temecula, CA, Oct. 31 , 2023 – IDIQ ®, a leader in financial and identity protection, today announced it has joined the board of the Cyber Center of Excelle

Identity Theft 124

Identity Theft Education Scams Marketing 124

The Last Watchdog

OCTOBER 31, 2023

Salt Lake City, Utah, Oct. 31, 2023 — Ivanti , the tech company that elevates and secures Everywhere Work, today announced the results of its Executive Security Spotlight report as part of Ivanti’s Cybersecurity Status Report Series. Ivanti surveyed over 6,500 executive leaders, cybersecurity professionals and office workers to understand today’s threats and discover how organizations are preparing for yet-unknown future threats.

Passwords 100

Passwords Risk Technology Cybersecurity 100

We Live Security

OCTOBER 31, 2023

Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women's participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce.

Cybersecurity 120

Cybersecurity 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Last Watchdog

OCTOBER 31, 2023

San Francisco, Calif., Oct. 31, 2023 – Traceable AI , the industry’s leading API security company, proudly announces its continued recognition in the cybersecurity industry, with the latest accolade being the prestigious SINET16 Innovator Award for 2023. The SINET16 Innovator Award recognizes the most innovative companies and technologies addressing today’s top cybersecurity threats and vulnerabilities.

InfoSec 100

InfoSec Firewall Cybersecurity Technology 100

Security Affairs

OCTOBER 31, 2023

Atlassian warned of a critical security vulnerability, tracked as CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker. “As part of our continuous security assessment processes, we have discover

Hacking 110

Hacking Risk Information Security 110

Pen Test Partners

OCTOBER 31, 2023

TL;DR Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials on them to allow users to upload scans and other files to FTP and SMB file servers.

Encryption 115

Encryption Passwords Firmware Engineering 115

Bleeping Computer

OCTOBER 31, 2023

Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update). [.

116

116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

OCTOBER 31, 2023

World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators. WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered. WiHD is a private tracker dedicated to distributing high-definition video content.

Passwords 105

Passwords Accountability Phishing Internet 105

Bleeping Computer

OCTOBER 31, 2023

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [.

Mobile 114

Mobile 114

Security Boulevard

OCTOBER 31, 2023

We’re at the end of Cybersecurity Awareness Month, which is a good time to reflect on where your organization needs to improve and extend it’s cybersecurity efforts. If you’re like most organizations the answer is IoT devices and applications; it’s the fastest growing attack surface for most organizations and on track to set a new […] The post Extending Cybersecurity Awareness to IoT Devices appeared first on Viakoo, Inc.

IoT 107

IoT Cybersecurity 107

Bleeping Computer

OCTOBER 31, 2023

A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected. [.

DNS 111

DNS Cybercrime 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

OCTOBER 31, 2023

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said. "We regularly monitor potential threats and take immediate action to address risks.

Government 107

Government Mobile Risk Network Security 107

Bleeping Computer

OCTOBER 31, 2023

Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation. [.

Internet 110

Internet Internet Software 110

Dark Reading

OCTOBER 31, 2023

The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.

Ransomware 106

Ransomware 106

Bleeping Computer

OCTOBER 31, 2023

Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns. [.

Mobile 106

Mobile Government Software 106

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

OCTOBER 31, 2023

Are you ready for a fantastic journey into the world of technology, innovation, and networking? IT Nation Connect 2023 North America. The post Amy’s Cheat Sheet on the Best Sessions at IT Nation Connect 2023 North America appeared first on Seceon. The post Amy’s Cheat Sheet on the Best Sessions at IT Nation Connect 2023 North America appeared first on Security Boulevard.

Technology 104

Technology 104

Bleeping Computer

OCTOBER 31, 2023

Microsoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [.

106

106

The Hacker News

OCTOBER 31, 2023

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability.

104

104

Bleeping Computer

OCTOBER 31, 2023

An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. [.

Ransomware 107

Ransomware Government 107

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

OCTOBER 31, 2023

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads.

Software 103

Software 103

Bleeping Computer

OCTOBER 31, 2023

The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. [.

106

106

eSecurity Planet

OCTOBER 31, 2023

A penetration testing report discloses the vulnerabilities discovered during a penetration test to the client. A pentest report should also outline the vulnerability scans and simulated cybersecurity attacks the pentester used to probe for weaknesses in an organization’s overall security stack or specific systems, such as websites, applications, networks, and cloud infrastructure.

Penetration Testing 104

Penetration Testing Computers and Electronics Risk Cybersecurity 104

The Hacker News

OCTOBER 31, 2023

The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets.

Spyware 102

Spyware Malware 102

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.