Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Schneier on Security

SEPTEMBER 5, 2023

Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value.

Software 331

Software 331

The Last Watchdog

SEPTEMBER 5, 2023

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz , a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the checkout pages. As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart.

Retail 278

Retail Media Marketing Technology 278

Malwarebytes

SEPTEMBER 5, 2023

Users of X (formerly Twitter) paying for a checkmark under what used to be called Twitter Blue (now X Premium) have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is (re)introducing identity verification. The old verification system typically verified users by requesting a copy of government issued ID like a passport scan.

Government 142

Government Education Accountability Media 142

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220

IoT Government Internet Internet 220

Security Affairs

SEPTEMBER 5, 2023

Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a circumstance that suggests that threat actors have hacked the platform and stolen crypto assets, including Tether and Ether.

Cryptocurrency 135

Cryptocurrency Accountability Hacking Cybercrime 135

Security Affairs

SEPTEMBER 5, 2023

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert reusable goods from landfills. The organization confirmed that it has suffered a data breach that impacted more than 7 million users In response to the incident, The Freecycle Network prompted users to reset

Data breaches 134

Data breaches Passwords Phishing Hacking 134

Dark Reading

SEPTEMBER 5, 2023

Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.

Accountability 110

Accountability 110

Security Affairs

SEPTEMBER 5, 2023

Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network giant revealed it has blocked thousands of accounts and pages across its platform. The company removed 7,704 Facebook accounts, 954 Pages,15 Groups, and 15 Instagram accounts to dismantle the operation from China.

Accountability 126

Accountability Government Media Hacking 126

Dark Reading

SEPTEMBER 5, 2023

GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.

Surveillance 109

Surveillance 109

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

SecureWorld News

SEPTEMBER 5, 2023

In a recent revelation, security researcher Jeremiah Fowler uncovered a significant data leak affecting one of the United States' largest health insurance companies, Cigna Health. The exposed database, containing more than 17 billion records, has raised concerns about the security of sensitive healthcare provider information and negotiated rates for medical procedures.

Backups 109

Backups Insurance Healthcare Data breaches 109

Dark Reading

SEPTEMBER 5, 2023

Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.

108

108

Malwarebytes

SEPTEMBER 5, 2023

Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX Introduction The majority of the malvertising campaigns we have tracked for the past few months have targeted Windows users.

Phishing 105

Phishing Malware Advertising Marketing 105

eSecurity Planet

SEPTEMBER 5, 2023

Major cybersecurity events in the last week make clear that hackers just keep getting savvier — and security teams need to be vigilant to keep up. Ransomware groups continue to exploit unpatched vulnerabilities. Remote code execution (RCE) vulnerabilities, such as those exploited by a pair of botnets, highlight the hazards of unpatched devices and the need for patch management.

VPN 105

VPN Authentication Ransomware Antivirus 105

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

SEPTEMBER 5, 2023

Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.

CISO 104

CISO 104

SecureWorld News

SEPTEMBER 5, 2023

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes. Arun DeSouza is the Chief Information Security Officer and Chief Privacy Officer for Nexteer Automotive.

Cybersecurity 104

Cybersecurity CISO Risk Firewall 104

PCI perspectives

SEPTEMBER 5, 2023

Welcome PCI Pal, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, PCI Pal’s Chief Information Security Officer Geoff Forsyth introduces us to his company and how they are helping to shape the future of payment security.

Information Security 101

Information Security 101

The Hacker News

SEPTEMBER 5, 2023

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic.

Malware 100

Malware 100

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

SEPTEMBER 5, 2023

Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.

Media 99

Media 99

The Hacker News

SEPTEMBER 5, 2023

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart.

Malware 100

Malware 100

Identity IQ

SEPTEMBER 5, 2023

What Happens to Your Credit After 7 Years? IdentityIQ Having a good credit report is important if you want to take out loans, apply for a mortgage, or get low interest rates. Your credit score is determined by major credit bureaus, including Experian®, TransUnion®, and Equifax®, and they independently set your credit score based on information they receive from your lenders.

Accountability 98

Accountability Banking Insurance Risk 98

The Hacker News

SEPTEMBER 5, 2023

IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What’s interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team’s nightmare scenario.

Cybersecurity 100

Cybersecurity Technology 100

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

SEPTEMBER 5, 2023

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of “name, address, phone number and card details” is bad enough. If such things are tied to sensitive material or websites, it can be many times worse.

Internet 98

Internet Internet IoT Passwords 98

The Hacker News

SEPTEMBER 5, 2023

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes.

Banking 99

Banking Malware 99

Malwarebytes

SEPTEMBER 5, 2023

When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the Internet is of interest to cybercriminals. Microsoft's Remote Desktop Protocol has been a favourite point of entry for ransomware gangs for several years now.

Internet 98

Internet Internet Ransomware Passwords 98

Heimadal Security

SEPTEMBER 5, 2023

The University of Sydney (USYD) has reported a data breach involving a third-party service provider, leading to the exposure of personal information for a subset of international applicants. The breach did not affect local students, staff, alumni, or donors. Upon detecting the breach, USYD promptly initiated an investigation. Their findings indicate that the breach was […] The post University of Sydney Reports Data Breach appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Cybersecurity 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

SEPTEMBER 5, 2023

No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.

95

95

Heimadal Security

SEPTEMBER 5, 2023

Freecycle, a global online platform promoting the exchange of used items, announced a significant data breach affecting over 7 million of its users. The nonprofit organization became aware of the intrusion on August 30th, though the stolen information had been available for sale on a hacking forum since May 30. The platform has nearly 11 […] The post Freecycle Confirms Data Breach Affecting Over 7 Million Users appeared first on Heimdal Security Blog.

Data breaches 97

Data breaches Hacking Cybersecurity 97

Graham Cluley

SEPTEMBER 5, 2023

An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.

Ransomware 93

Ransomware Malware 93

Dark Reading

SEPTEMBER 5, 2023

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

86

86

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!