October, 2022

article thumbnail

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

Schneier on Security

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.

article thumbnail

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window. According to multiple media reports, the Australian Institute of Company Directors had been scheduled to run an an online event today for nearly 5,000 registrants at which the organization planned to discuss its new “cybersecurity governance principles.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Alchimist attack framework hits Windows, Linux and Mac

Tech Republic Security

The attack framework of probable Chinese origin used by cybercriminals has been discovered. The post New Alchimist attack framework hits Windows, Linux and Mac appeared first on TechRepublic.

Malware 195
article thumbnail

Almost 900 servers hacked using Zimbra zero-day flaw

Bleeping Computer

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. [.].

Hacking 145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper

Firewall 145
article thumbnail

6 Ways Enterprises Can Secure Private Blockchains

Security Boulevard

There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.

Risk 145

More Trending

article thumbnail

8 strange ways employees can (accidently) expose data

CSO Magazine

Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a

Phishing 143
article thumbnail

2022 State of the Threat: Ransomware is still hitting companies hard

Tech Republic Security

SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.

article thumbnail

New open-source tool scans public AWS S3 buckets for secrets

Bleeping Computer

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. [.].

145
145
article thumbnail

Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day

Security Affairs

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.

Hacking 145
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

LEAKED: Intel’s BIOS Source Code — All 6GB of It

Security Boulevard

Source code for the Intel Alder Lake processor EUFI BIOS has gone walkies. 4chan is said to be involved. The post LEAKED: Intel’s BIOS Source Code — All 6GB of It appeared first on Security Boulevard.

article thumbnail

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.

Hacking 326
article thumbnail

TOP 10 unattributed APT mysteries

SecureList

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.

Malware 142
article thumbnail

2022 cyber threat report details growing trends

Tech Republic Security

SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Over 45,000 VMware ESXi servers just reached end-of-life

Bleeping Computer

Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [.].

Software 145
article thumbnail

A massive cyberattack hit Slovak and Polish Parliaments

Security Affairs

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.

article thumbnail

Human-Centric No-Code Automation is the Future of Cybersecurity

Security Boulevard

It’s never been more challenging to work in cybersecurity. The cost of a breach keeps going up, the number of attacks is constantly increasing and the industry is in the middle of a multi-year staffing crisis. It’s no surprise that 90% of security teams see automation as essential for them to deliver on their mandate. The post Human-Centric No-Code Automation is the Future of Cybersecurity appeared first on Security Boulevard.

article thumbnail

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.

Spyware 311
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

5 steps to protect your school from cyberattacks

We Live Security

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity.

article thumbnail

Ransomware In Q3 2022

Digital Shadows

Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start. The post Ransomware In Q3 2022 first appeared on Digital Shadows.

article thumbnail

Internet connectivity worldwide impacted by severed fiber cables in France

Bleeping Computer

A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].

Internet 144
article thumbnail

CISA says hospitals should be wary of new Daixin Team Ransomware

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet. Information is out that the said hackers group is spreading malware to healthcare and the public sector and is demanding cryptocurrency in Bitcoins for an exchange of decryption key.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.

article thumbnail

Indian Energy Company Tata Power's IT Infrastructure Hit By Cyber Attack

The Hacker News

Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India.

article thumbnail

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

Dark Reading

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

139
139
article thumbnail

APT10: Tracking down LODEINFO 2022, part I

SecureList

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and public sector organizations and think-tanks in Japan.

Malware 139
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

Chrome extensions with 1 million installs hijack targets’ browsers

Bleeping Computer

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages. [.].

144
144
article thumbnail

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

Security Boulevard

OpenSSL has a new ‘critical’ bug. But it’s a secret until next month. The post OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1 appeared first on Security Boulevard.

article thumbnail

Alternative Future Analysis: Pro-Russian Hacktivism

Digital Shadows

Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber. The post Alternative Future Analysis: Pro-Russian Hacktivism first appeared on Digital Shadows.

137
137
article thumbnail

Meta Pixel hack leads to US healthcare provider data breach affecting 3 million patients

CyberSecurity Insiders

Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients. According to the information available to Cybersecurity Insiders, AAH websites are loaded by Meta Pixel, and hackers used a vulnerability in the software tool to access information. Technically, Meta Pixel is a Facebook researchers supplied JavaScript code based analytics tool that assists website owners to gain insights on user interaction

article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.