Schneier on Security
AUGUST 17, 2023
Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.) News article.
Krebs on Security
AUGUST 17, 2023
You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 17, 2023
Learn how to retrieve and generate Google 2FA backup codes with this easy-to-follow, step-by-step tutorial.
The Hacker News
AUGUST 17, 2023
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 17, 2023
Learn seven different ways to boot a Windows 10 PC in Safe Mode to help troubleshoot issues using this comprehensive guide.
Bleeping Computer
AUGUST 17, 2023
A very useful and previously unknown Windows tip was revealed this week, where you can halt process jumping in Task Manager by holding down the Ctrl key on your keyboard, allowing easier access to a listed process. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
AUGUST 17, 2023
The SEC adopted new rules surrounding cybersecurity risk management, strategy, governance, and incident disclosure. As a CISO, this no doubt impacts how your company discloses material cybersecurity incidents through a Form 8-K item and annually cybersecurity risk management and governance through the company’sForm 10-K. The final rule requires the 8-K to be filed within four […] The post New SEC Cybersecurity Rules and What It Means for Board Oversight appeared first on BlackCloak | Protec
IT Security Guru
AUGUST 17, 2023
Cybersecurity is a matter of national and international security and should be prioritised as such. This is particularly important when it comes to protecting Critical National Infrastructure (CNI) and the services that UK citizens rely on in their daily lives, as the consequences of disruption to these services has the potential to be devastating. With the world more digitised and interconnected than ever, a significant attack on CNI could lead to physical harm or even the loss of life.
Graham Cluley
AUGUST 17, 2023
Security researchers have identified that a widespread LinkedIn hacking campaign has seen many users locked out of their accounts worldwide. Read more in my article on the Tripwire State of Security blog.
IT Security Guru
AUGUST 17, 2023
As the world moves increasingly online, risk management professionals and business owners must continue to invest in the prevention of cyber threats. It’s surprising, to see just how many businesses have plans in place for all sorts of things such as fire, flood and COVID-related issues, yet don’t have any action plans in place should a cyber attack occur.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
AUGUST 17, 2023
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware.
Security Affairs
AUGUST 17, 2023
Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. AT&T Alien Labs researchers uncovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. The experts identified a company that is charging for proxy service on traffic that goes through infected machines.
The Hacker News
AUGUST 17, 2023
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign.
Security Affairs
AUGUST 17, 2023
Researchers detailed a new exploit for Apple iOS 16 that can allow attackers to gain access to a device even when the victim believes it is in Airplane Mode. Jamf Threat Labs researchers developed a post-exploit persistence technique on iOS 16 that trick victims into believing that the device is in functional Airplane Mode. In reality, the researchers plant an artificial Airplane Mode that modifies the UI to display Airplane Mode icons and cuts internet connection to all apps except the rogue at
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 17, 2023
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks. [.
Security Affairs
AUGUST 17, 2023
Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. The experts detected two PDF files masqueraded as coming from the German embassy and that contained two diplomatic invitation lures.
Heimadal Security
AUGUST 17, 2023
In a sweeping global campaign, LinkedIn users are falling victim to a surge of account hijacks, leaving many locked out or held at ransom by threat actors. Rampant Account Hijacking and Extortion LinkedIn, the professional networking platform, is facing a surge of account breaches, with hackers resorting to both brute-force attacks and leaked credentials to […] The post Cyber Alert: Global Campaign Targets LinkedIn Accounts appeared first on Heimdal Security Blog.
Security Affairs
AUGUST 17, 2023
Cleaning products manufacturer Clorox Company announced that it has taken some systems offline in response to a cyberattack. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced it was the victim of a cybersecurity incident this week that forced it to take some systems offline.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
AUGUST 17, 2023
Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.
Security Affairs
AUGUST 17, 2023
The world’s most popular websites lack basic cybersecurity hygiene, an investigation by Cybernews shows. Do you happen to love exploring DIY ideas on Pinterest? Scrolling through IMDB to pick the next movie to watch? Or simply scrolling through Facebook to see what your friends and enemies have been up to? The Cybernews research team has deep-dived into an issue that’s quite often overlooked by developers – HTTP security headers.
Bleeping Computer
AUGUST 17, 2023
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression algorithms. [.
The Hacker News
AUGUST 17, 2023
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
AUGUST 17, 2023
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network. [.
WIRED Threat Level
AUGUST 17, 2023
An innovation agency within the US Department of Health and Human Services will fund research into better defenses for the US health care system’s digital infrastructure.
The Hacker News
AUGUST 17, 2023
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long.
Bleeping Computer
AUGUST 17, 2023
Ransomware attacks continue to grow both in sophistication and quantity. Learn more from Flare about ransomware operation's increasing shift to triple extortion. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Graham Cluley
AUGUST 17, 2023
AI chatbots are under fire in Las Vegas, the secrets of hackers’ passwords are put under the microscope, and Graham reveals (possibly) the greatest TV programme of all time. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
SecureWorld News
AUGUST 17, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that a critical vulnerability in Citrix ShareFile is being targeted by unknown actors, and has added the flaw to its catalog of known security flaws exploited in the wild, tracked as CVE-2023-24489. Citrix ShareFile (also known as Citrix Content Collaboration) is a managed file transfer SaaS cloud storage solution that allows customers and employees to upload and download files securely.
Bleeping Computer
AUGUST 17, 2023
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide. [.
Heimadal Security
AUGUST 17, 2023
In a notable comeback, the creators of the notorious Raccoon Stealer information-stealing malware have reemerged after a six-month hiatus. This resurgence brings forth an upgraded version tailored to cater to the evolving needs of cybercriminals. Brief Overview Raccoon Stealer has maintained its status as a prominent player in the realm of information-stealing malware since its inception […] The post Raccoon Stealer 2.3.0 Malware – A Stealthier Comeback appeared first on Heimdal Secu
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
191 
Let's personalize your content