Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Phishing 272

Phishing Retail Mobile Scams 272

Bleeping Computer

JUNE 22, 2023

Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. [.

Malware 145

Malware Accountability 145

Tech Republic Security

JUNE 22, 2023

UltraVPN offers up to 10 simultaneous secure connections with unlimited bandwidth, over 1,000 servers in more than 100 virtual global locations and cool extra features. Protect your most sensitive data with this UltraVPN Secure USA VPN Proxy for 3 Years Subscription plus Free Antivirus for 30 Days while it’s available for just $30. The post Get three years of a powerful VPN plus 30 days of anti-virus protection for $30 appeared first on TechRepublic.

VPN 134

VPN Antivirus Encryption Network Security 134

Bleeping Computer

JUNE 22, 2023

DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download with no restrictions. [.

Software 142

Software 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 22, 2023

Tired of those annoying CAPTCHA images that leave you feeling like you're solving a puzzle just to log in online? Learn how to use Apple’s "CAPTCHA killer" feature called Automatic Verification in iOS 16. The post How to bypass CAPTCHAs online with Safari on iOS 16 appeared first on TechRepublic.

Mobile 120

Mobile Software 120

The Last Watchdog

JUNE 22, 2023

Eden Prairie, Minn., June 22, 2023 — Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity software and services provider Fortra. Email impersonation threats such as BEC currently make up nearly 99 percent of threats, and of those 99 percent of threats observed in corporate inboxes are response-based or credential theft attacks.

Social Engineering 100

Social Engineering Engineering Phishing Security Awareness 100

Bleeping Computer

JUNE 22, 2023

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users. [.

114

114

Dark Reading

JUNE 22, 2023

Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

Ransomware 110

Ransomware 110

The Hacker News

JUNE 22, 2023

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives.

Malware 107

Malware 107

Security Boulevard

JUNE 22, 2023

Web applications have become a vital part of any business, especially as many businesses continue to realize their digital transformations. As such, web application security vulnerabilities are security risks for businesses of all sizes, regardless of industry. Cybercriminals are constantly looking for ways to exploit vulnerabilities inherent to web applications and APIs and gain access […] The post Web Application Security Vulnerabilities appeared first on Security Boulevard.

Digital transformation 104

Digital transformation Risk Account Security Accountability 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Trend Micro

JUNE 22, 2023

The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.

Ransomware 103

Ransomware 103

Security Boulevard

JUNE 22, 2023

Prime Day is Amazon’s largest, most highly anticipated retail event, often thought as bigger than Cyber Monday and Black Friday combined. Shoppers enjoy two days of special sales, this year running from July 11th-12th, on everything from Amazon devices such as the Echo and Kindle to stylish furniture. While shoppers flock to Amazon’s website to… Continue reading How to Avoid Online Shopping Scams on Amazon Prime Day The post How to Avoid Online Shopping Scams on Amazon Prime Day appeared first o

Scams 104

Scams Retail 104

eSecurity Planet

JUNE 22, 2023

Dynamic Application Security Testing (DAST) combines elements of pentesting, vulnerability scanning and code security to evaluate the security of web applications. The cyber security team adopts the role of a simulated hacker and expertly scrutinizes the application’s defenses, thoroughly assessing its vulnerability to potential threats. By doing this, DAST helps determine how secure the web application is and pinpoint areas that need improvement.

Software 103

Software Cyber Attacks Hacking Risk 103

Security Boulevard

JUNE 22, 2023

There is a lot of talk about building an effective cybersecurity program, with security analysts recommending that your organization strive for cybersecurity maturity. But what do they mean by maturity, and what is the role of the SOC in reaching that point? Cybersecurity maturity measures the success of the security systems and protocols that your.

Cybersecurity 103

Cybersecurity CISO Risk 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

JUNE 22, 2023

Fancy $10 million? Of course you do! Well, all you have to do is provide information that helps identify or locate members of the notorious Cl0p ransomware gang.

Ransomware 105

Ransomware Data breaches Malware 105

Security Boulevard

JUNE 22, 2023

We all authenticate ourselves multiple times in a day, whether online shopping, logging into our bank account or booking flights. And with authentication, we confirm our digital identities so often that it doesn’t seem like a security action; instead, it seems like a step in the process of gaining access to services/resources. However, the reality. The post Resisting Identity-Based Threats With Identity Management appeared first on Security Boulevard.

Authentication 102

Authentication Banking Accountability Cybersecurity 102

Bleeping Computer

JUNE 22, 2023

Network and IT admins have been dealing with ongoing Microsoft 365 issues this week, reporting that some end users cannot use Microsoft Outlook or other Microsoft 365 apps. [.

99

99

Dark Reading

JUNE 22, 2023

The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.

Authentication 107

Authentication Accountability 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 22, 2023

Getting a Facebook post, profile, or page taken down because it impersonates your brand and could lead to the defrauding of your customers can seem like… The post How to Delete Fake Facebook Accounts that Impersonate your Brand appeared first on Security Boulevard.

Accountability 98

Accountability Advertising 98

Bleeping Computer

JUNE 22, 2023

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. [.

Authentication 98

Authentication 98

Security Boulevard

JUNE 22, 2023

A survey of 500 security, IT and engineering professionals published today found that nearly half (49%) experienced a data breach resulting from unauthorized access to a cloud computing environment. A full 80% said they felt that their existing tooling and configuration would sufficiently cover their organization from a well-orchestrated attack on their cloud environment.

Data breaches 97

Data breaches Engineering Cybersecurity 97

Graham Cluley

JUNE 22, 2023

If you have an Apple computer, watch, or smartphone you have hopefully already received a notification that you should install an update to your operating system. And yes, you really should update your devices.

Malware 97

Malware 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect Secure Mobility Client and Secure Client for Windows.

VPN 96

VPN Mobile Software Authentication 96

CyberSecurity Insiders

JUNE 22, 2023

Nope, says a renowned international bank from UK. Instead, the ransom pay can be covered from a cyber insurance policy, provided it is taken prior to the launch of the attack and covers the costs associated with the malware attack. Moreover, paying a ransom in a ransomware attack is generally discouraged for several reasons: No guarantee of decryption: There is no guarantee that paying the ransom will result in the recovery of your files or the decryption of your systems.

Ransomware 96

Ransomware Banking Cyber Insurance Insurance 96

Bleeping Computer

JUNE 22, 2023

The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. [.

Malware 112

Malware 112

CyberSecurity Insiders

JUNE 22, 2023

The National Cyber Security Centre (NCSC) of UK has issued a warning to all law firms operating in Britain and European Union to step-up their security capabilities against ongoing ransomware attacks- some funded and propelled by adversaries. Legal data or the information related to court cases now seems to have attracted the attention of cyber criminals as they have launched around 7 file encrypting malware attacks to siphon data from almost 13 laws firms across the world, in a span of just 3 m

Ransomware 95

Ransomware Backups Threat Reports Software 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JUNE 22, 2023

A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service (DDoS) attacks. [.

DDOS 95

DDOS 95

CyberSecurity Insiders

JUNE 22, 2023

In recent times, there has been a concerning trend of ransomware groups targeting companies and extracting sensitive information. However, the latest development takes this threat to a whole new level. It appears that a criminal gang has gone a step further and established its own research and development (R&D) team with the specific aim of creating a ransomware that can infect Apple M1 chips.

Ransomware 95

Ransomware IoT Architecture Cryptocurrency 95

The Hacker News

JUNE 22, 2023

Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report.

Software 94

Software 94

Dark Reading

JUNE 22, 2023

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

100

100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.