The Hacker News

AUGUST 31, 2023

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics.

Cyber Attacks 133

Cyber Attacks Government 133

Troy Hunt

AUGUST 30, 2023

Last week I was contacted by CERT Poland. They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. The campaign began with a typical email requesting more information: In this case, the email contained a fake purchase order attachment which requested login credentials that were then posted back to infrastructure controlled by the attacker: All in all, CERT Poland identifi

Phishing 362

Phishing Password Management Passwords Banking 362

Schneier on Security

AUGUST 31, 2023

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance.

Surveillance 345

Surveillance Government Mobile Media 345

Krebs on Security

AUGUST 29, 2023

The U.S. government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers.

Hacking 313

Hacking Malware Ransomware Government 313

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

Joseph Steinberg

AUGUST 9, 2023

Newsweek recently profiled Joseph Steinberg, a member of its Expert Forum, who regularly serves as a cybersecurity expert witness in both civil and criminal cases throughout the United States and Canada. Cybercrime-related civil lawsuits and criminal prosecutions are, of course, highly dependent on complex technical details — complicating the task of judges and juries in their quest to deliver justice.

Cybersecurity 246

Cybersecurity Artificial Intelligence Cybercrime 246

Troy Hunt

AUGUST 29, 2023

Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. Beyond just taking down the backbone of the operation, the FBI began actively intercepting traffic from the botnet and instructing infected machines the uninstall the malware: To disrupt the botnet, the FBI was able to redirect Qakbot botnet traffic

Malware 360

Malware Passwords Password Management Antivirus 360

Schneier on Security

AUGUST 30, 2023

Interesting story of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad. With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that c

340

340

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing 245

Phishing Scams Computers and Electronics Software 245

The Last Watchdog

AUGUST 13, 2023

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI. Related: Can ‘CNAPP’ do it all? Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023 , which returned to its full pre-Covid grandeur here last week.

Artificial Intelligence 246

Artificial Intelligence Engineering Internet Internet 246

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

AUGUST 28, 2023

Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.

Big data 211

Big data Artificial Intelligence Software 211

Lohrman on Security

AUGUST 27, 2023

NIST has released a draft version 2.0 of the Cybersecurity Framework. Here’s what you need to know and how to get your recommendations included.

Cybersecurity 242

Cybersecurity 242

Troy Hunt

AUGUST 7, 2023

This is a big one. A massive one. It's the culmination of a solid 7 months of work that finally, as of now, is live. The full back story is in my blog post from mid-June about The Big 5 Announcements but to save you trawling through all of that, here are the cliff notes: Domain searches in HIBP are resource intensive and the impact was becoming increasingly obvious More than half the Fortune 500 are using this feature, along with a who's who of big brands We decided to introduce pricin

Data breaches 246

Data breaches Accountability Cryptocurrency Banking 246

Schneier on Security

AUGUST 15, 2023

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Technology 246

Technology Artificial Intelligence Surveillance 246

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Mobile 244

Mobile Cyber Risk Data breaches Cryptocurrency 244

The Last Watchdog

AUGUST 6, 2023

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach. Related: A call to regulate facial recognition That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

CISO 245

CISO Data breaches Technology Hacking 245

Tech Republic Security

AUGUST 30, 2023

After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now.

206

206

Lohrman on Security

AUGUST 6, 2023

CAPTCHAs have been around for decades, but new AI advances are changing the methods required to prove you are a real person. So where next with human verification — and user frustrations?

189

189

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

AUGUST 14, 2023

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are: Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data bre

Data breaches 242

Data breaches Mobile Engineering 242

Schneier on Security

AUGUST 3, 2023

If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants , but it’s silent about its own corporate parent’s misdeeds. When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours.

Surveillance 246

Surveillance Internet Internet Technology 246

Krebs on Security

AUGUST 3, 2023

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric , a security firm based in Amsterdam.

Mobile 244

Mobile Malware Banking Cybercrime 244

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Scams 189

Scams Banking Accountability Authentication 189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

AUGUST 29, 2023

A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.

Phishing 195

Phishing Social Engineering Artificial Intelligence Engineering 195

Lohrman on Security

AUGUST 13, 2023

The 2023 MS-ISAC and EI-ISAC meeting just wrapped up in Salt Lake City. Here’s a roundup of what happened and what’s next.

189

189

Troy Hunt

AUGUST 20, 2023

This week hasd been manic! Non-stop tickets related to the new HIBP domain subscription service, scrambling to support invoicing and resellers, struggling our way through some odd Stripe things and so on and so forth. It's all good stuff and there have been very few issues of note (and all of those have merely been people getting to grips with the new model), so all in all, it's happy days 😊 References Sponsored by: Unpatched devices keeping you up at night?

Education 236

Education 236

Schneier on Security

AUGUST 7, 2023

A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “ negligent security practices ” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.

Government 246

Government Authentication Hacking Accountability 246

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing 242

Phishing Passwords Hacking Internet 242

The Last Watchdog

AUGUST 7, 2023

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time. Related: Going on the security offensive Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Penetration Testing 189

Penetration Testing Internet Internet Network Security 189

Tech Republic Security

AUGUST 30, 2023

With passkeys, you no longer need to use a password to log into supported websites. Here's how to use them with password manager NordPass.

Password Management 193

Password Management Passwords Software Cybersecurity 193

WIRED Threat Level

AUGUST 31, 2023

Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.

145

145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams