Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Malware 300

Malware Passwords Accountability Advertising 300

Schneier on Security

APRIL 18, 2023

I’m not sure there are good ways to build guardrails to prevent this sort of thing : There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm.

Risk 282

Risk Artificial Intelligence 282

The Last Watchdog

APRIL 18, 2023

Domain Name Service. DNS. It’s the phone directory of the Internet. Related: DNS — the good, bad and ugly Without DNS the World Wide Web never would never have advanced as far and wide as it has. However, due to its intrinsic openness and anonymity DNS has also become engrained as the primary communications mechanism used by cyber criminals and cyber warfare combatants.

DNS 207

DNS Internet Internet Cybersecurity 207

Tech Republic Security

APRIL 18, 2023

Experts see the latest DDoS attacks against Israel as a case study in the effectiveness of simple, brute-force cybersecurity attacks, even against the most sophisticated targets. The post New DDoS attacks on Israel’s enterprises should be a wake-up call appeared first on TechRepublic.

DDOS 197

DDOS Cybersecurity 197

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

APRIL 18, 2023

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS. Related: How SBOMs instill accountability Interestingly, you could make the argument that SSCS runs counter-intuitive to the much-discussed “ shift left ” movement.

Software 200

Software CISO Internet Internet 200

We Live Security

APRIL 18, 2023

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater' The post Discarded, not destroyed: Old routers reveal corporate secrets appeared first on WeLiveSecurity

142

142

Naked Security

APRIL 18, 2023

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.

Data breaches 134

Data breaches 134

Security Boulevard

APRIL 18, 2023

Enterprises already understand how important a role physical security plays in protecting their staff, work environments and privileged information from outsiders. Fences, walls, security guards and RFID-controlled doors all help organizations protect themselves, but these measures are far from sufficient when it comes to protecting critical infrastructure environments from cybersecurity incidents.

Cybersecurity 128

Cybersecurity Manufacturing IoT Mobile 128

Dark Reading

APRIL 18, 2023

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

128

128

CSO Magazine

APRIL 18, 2023

An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions. Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the mos

Manufacturing 125

Manufacturing Healthcare Data collection Internet 125

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

APRIL 18, 2023

In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.

Ransomware 128

Ransomware 128

CyberSecurity Insiders

APRIL 18, 2023

As data breaches and cyber attacks continue to rise, the traditional method of securing online accounts using passwords is becoming increasingly ineffective. Hackers can easily crack simple and commonly used passwords, or even use social engineering tactics to trick users into giving away their login credentials. In response, many tech companies and cybersecurity experts are advocating for a passwordless future.

Authentication 125

Authentication Passwords Social Engineering Data breaches 125

Security Boulevard

APRIL 18, 2023

Learn about the top 10 JavaScript vulnerabilities and how to avoid them. The post The Top Ten JavaScript Vulnerabilities and How to Avoid Them appeared first on GuardRails. The post The Top Ten JavaScript Vulnerabilities and How to Avoid Them appeared first on Security Boulevard.

122

122

CSO Magazine

APRIL 18, 2023

Security researchers warn of a new malware loader that's used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions. The Aurora infostealer is written in Go and is operated as a malware-as-a-service platform that's advertised on Russian-language cybercrime forums.

Malware 120

Malware Cryptocurrency Cybercrime Advertising 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks. With the COVID-19 pandemic leading to a surge in remote work over the past several years, the risk of phishing attacks has only increased.

Phishing 122

Phishing Social Engineering Education Retail 122

Dark Reading

APRIL 18, 2023

The data-stealing malware threatens the cyber safety of individual and organizational privacy by infecting a range of Web browsers.

Malware 115

Malware 115

Security Boulevard

APRIL 18, 2023

Introduction As technology continues to evolve at a breakneck pace, the importance of secure software development cannot be overstated. Penetration testing has been a crucial component of AppSec for years, but with the rise of DevSecOps, traditional security practices are no longer sufficient. In this guide, we will explore the evolution of penetration testing to […] The post From Penetration Testing to AppSec/DevSecOps: A Guide to Staying Ahead of the Curve appeared first on GuardRails.

Penetration Testing 115

Penetration Testing Technology Software 115

Dark Reading

APRIL 18, 2023

The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload.

Malware 113

Malware 113

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CyberSecurity Insiders

APRIL 18, 2023

CommScope, an American company that is in the business of providing network infrastructure, was reportedly hit by a ransomware attack. Afterward, cybercriminals leaked data of thousands of the company’s employees onto the dark web, including social security numbers and bank account details of employees involved in the R&D of infrastructure products.

Cyber Attacks 113

Cyber Attacks Banking Retail Media 113

Security Boulevard

APRIL 18, 2023

Applying a software update sounds like such a simple thing to do. And if you have just one computer with a few apps, it is indeed pretty straightforward to ensure that your software and operating system are kept up to date with the latest security patches and software updates. But even in your personal life, you’ve probably hit the “apply. Read More The post The Importance of Patch Management in Cybersecurity appeared first on Nuspire.

Cybersecurity 111

Cybersecurity Software 111

CSO Magazine

APRIL 18, 2023

Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 days in 2022.

Malware 110

Malware Cybersecurity 110

Bleeping Computer

APRIL 18, 2023

Google Search is currently suffering a partial outage that prevents the search engine from returning search results for some people. [.

Engineering 107

Engineering 107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

CyberSecurity Insiders

APRIL 18, 2023

Cybersecurity analysts from Securonix have discovered a new malware variant hiding in the images produced by the James Webb Space Telescope. The malware is being dubbed as “Go#Webbfuscator” and has the potential to be spread through phishing emails loaded with a malicious deep image file in a Word document, apart from the James Webb Space Telescope generated images.

Malware 106

Malware Cybercrime Phishing Cybersecurity 106

Security Boulevard

APRIL 18, 2023

Cybersecurity breaches or ransomware-induced shutdowns can crush a company. Financial loss. Reputation damage. Legal penalties. Nobody wants to be responsible for any of these, but attacks are on the rise. The average corporate data breach in the U.S. costs $9.44 million, plus regulatory penalties. And attackers are always looking for better weapons.

Cybersecurity 105

Cybersecurity Data breaches Ransomware Security Awareness 105

Heimadal Security

APRIL 18, 2023

Researchers recently discovered a new malware family named “Domino”, allegedly created by ITG14, also known as the FIN7 threat group. Reportedly, ex-Conti hackers have been using it since at least February 2023 to spread Project Nemesis info stealer or Cobalt Strike. Due to massive code overlap with the Lizar post-exploitation toolkit, researchers also attributed the […] The post New ”Domino” Malware Strain Targets Corporate Networks appeared first on Heimdal Security Blog.

Malware 105

Malware Cybersecurity 105

Security Boulevard

APRIL 18, 2023

A report published by Akamai Technologies suggested that in addition to launching attacks against web applications, more cybercriminals are specifically looking to compromise application programming interfaces (APIs). Overall, the attacks against web applications and APIs grew 137% in 2022, with, not surprisingly, local file inclusion (LFI) attacks—most widely used for reconnaissance purposes—growing 193% year-over-year, the.

Technology 100

Technology Malware Cybersecurity Network Security 100

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Jane Frankland

APRIL 18, 2023

Most people have heard and most likely shared, the following quote… Men apply for a job when they meet only 60% of the required qualifications, but women apply only if they meet 100% of them. The finding comes from a Hewlett Packard internal report, and is often quoted in webinars, panels, talks, blogs, and books, including Lean In and The Confidence Code.

Penetration Testing 100

Penetration Testing Cybersecurity Education Accountability 100

The Hacker News

APRIL 18, 2023

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload.

Ransomware 99

Ransomware Encryption 99

WIRED Threat Level

APRIL 18, 2023

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

Hacking 98

Hacking 98

The Hacker News

APRIL 18, 2023

A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively.

99

99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!