Schneier on Security

SEPTEMBER 5, 2023

Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value.

Software 266

Software 266

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220

IoT Government Internet Internet 220

Dark Reading

SEPTEMBER 5, 2023

To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.

Risk 119

Risk 119

Security Affairs

SEPTEMBER 5, 2023

The nonprofit organization Freecycle Network (Freecycle.org) confirmed that it has suffered a data breach that impacted more than 7 million users. The Freecycle Network (TFN,) is a private, nonprofit organization that coordinates a worldwide network of “gifting” groups to divert reusable goods from landfills. The organization confirmed that it has suffered a data breach that impacted more than 7 million users In response to the incident, The Freecycle Network prompted users to reset

Data breaches 115

Data breaches Passwords Phishing Hacking 115

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

SEPTEMBER 5, 2023

Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.

Accountability 110

Accountability 110

Security Affairs

SEPTEMBER 5, 2023

Crypto gambling site Stake suffered a security breach, and threat actors withdrew $41M of funds stolen including Tether and Ether. Researchers reported abnormally large withdrawals made from the crypto gambling site Stake to an account with no previous activity, a circumstance that suggests that threat actors have hacked the platform and stolen crypto assets, including Tether and Ether.

Cryptocurrency 114

Cryptocurrency Accountability Hacking Cybercrime 114

PCI perspectives

SEPTEMBER 5, 2023

Welcome PCI Pal, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, PCI Pal’s Chief Information Security Officer Geoff Forsyth introduces us to his company and how they are helping to shape the future of payment security.

Information Security 101

Information Security 101

Dark Reading

SEPTEMBER 5, 2023

GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.

Surveillance 109

Surveillance 109

Identity IQ

SEPTEMBER 5, 2023

What Happens to Your Credit After 7 Years? IdentityIQ Having a good credit report is important if you want to take out loans, apply for a mortgage, or get low interest rates. Your credit score is determined by major credit bureaus, including Experian®, TransUnion®, and Equifax®, and they independently set your credit score based on information they receive from your lenders.

Accountability 95

Accountability Banking Insurance Risk 95

Dark Reading

SEPTEMBER 5, 2023

Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.

Media 99

Media 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

SEPTEMBER 5, 2023

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic.

Malware 86

Malware 86

Dark Reading

SEPTEMBER 5, 2023

Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.

CISO 104

CISO 104

SecureWorld News

SEPTEMBER 5, 2023

In a recent revelation, security researcher Jeremiah Fowler uncovered a significant data leak affecting one of the United States' largest health insurance companies, Cigna Health. The exposed database, containing more than 17 billion records, has raised concerns about the security of sensitive healthcare provider information and negotiated rates for medical procedures.

Backups 88

Backups Insurance Healthcare Data breaches 88

Dark Reading

SEPTEMBER 5, 2023

Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.

108

108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

SEPTEMBER 5, 2023

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart.

Malware 86

Malware 86

WIRED Threat Level

SEPTEMBER 5, 2023

Posts praising the Wagner Group boss following his death in a mysterious plane crash last month indicate he was still in control of his "troll farm," researchers claim.

89

89

Malwarebytes

SEPTEMBER 5, 2023

Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX Introduction The majority of the malvertising campaigns we have tracked for the past few months have targeted Windows users.

Phishing 88

Phishing Malware Advertising Marketing 88

Bleeping Computer

SEPTEMBER 5, 2023

Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto reportedly stolen. [.

Cryptocurrency 81

Cryptocurrency 81

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

SEPTEMBER 5, 2023

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of “name, address, phone number and card details” is bad enough. If such things are tied to sensitive material or websites, it can be many times worse.

Internet 84

Internet Internet IoT Passwords 84

Bleeping Computer

SEPTEMBER 5, 2023

The Coffee Meets Bagel dating platform confirms last week's outage was caused by hackers breaching the company's systems and deleting company data. [.

89

89

Malwarebytes

SEPTEMBER 5, 2023

When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the Internet is of interest to cybercriminals. Microsoft's Remote Desktop Protocol has been a favourite point of entry for ransomware gangs for several years now.

Internet 82

Internet Internet Ransomware Passwords 82

The Hacker News

SEPTEMBER 5, 2023

IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What’s interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team’s nightmare scenario.

Cybersecurity 77

Cybersecurity Technology 77

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Graham Cluley

SEPTEMBER 5, 2023

An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.

Ransomware 90

Ransomware Malware 90

SecureWorld News

SEPTEMBER 5, 2023

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes. Arun DeSouza is the Chief Information Security Officer and Chief Privacy Officer for Nexteer Automotive.

Cybersecurity 76

Cybersecurity CISO Risk Firewall 76

Heimadal Security

SEPTEMBER 5, 2023

The University of Sydney (USYD) has reported a data breach involving a third-party service provider, leading to the exposure of personal information for a subset of international applicants. The breach did not affect local students, staff, alumni, or donors. Upon detecting the breach, USYD promptly initiated an investigation. Their findings indicate that the breach was […] The post University of Sydney Reports Data Breach appeared first on Heimdal Security Blog.

Data breaches 74

Data breaches Cybersecurity 74

Dark Reading

SEPTEMBER 5, 2023

No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.

95

95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

SEPTEMBER 5, 2023

Freecycle, a global online platform promoting the exchange of used items, announced a significant data breach affecting over 7 million of its users. The nonprofit organization became aware of the intrusion on August 30th, though the stolen information had been available for sale on a hacking forum since May 30. The platform has nearly 11 […] The post Freecycle Confirms Data Breach Affecting Over 7 Million Users appeared first on Heimdal Security Blog.

Data breaches 70

Data breaches Hacking Cybersecurity 70

Dark Reading

SEPTEMBER 5, 2023

A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.

84

84

CompTIA on Cybersecurity

SEPTEMBER 5, 2023

MSPs, vendors and partners will gather in London to learn about the latest trends, make connections and share business best practices.

73

73

Dark Reading

SEPTEMBER 5, 2023

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

86

86

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.