CSO Magazine

JUNE 7, 2023

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 145

Adware Malware Ransomware Banking 145

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

Malware 311

Malware Firmware Ransomware Encryption 311

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

Surveillance 308

Surveillance Computers and Electronics Encryption Government 308

Tech Republic Security

JUNE 9, 2023

A new study polling software buyers at businesses worldwide finds strong intention to increase budget, with special interest in AI. It also looks at how vendors can engage buyers. The post Firm study predicts big spends on generative AI appeared first on TechRepublic.

Software 167

Software Artificial Intelligence 167

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Bleeping Computer

JUNE 9, 2023

Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading (at the time) cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. [.

Hacking 145

Hacking Cryptocurrency 145

Dark Reading

JUNE 6, 2023

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 145

Hacking 145

Tech Republic Security

JUNE 9, 2023

Get the details about the ransomware group Clop's ultimatum to companies they recently hit with a supply-chain attack. Also, learn cybersecurity mitigation best practices for any organization. The post BBC, British Airways, Boots hit with hackers’ ultimatum after suffering MOVEit supply-chain attack appeared first on TechRepublic.

Ransomware 163

Ransomware Cybersecurity Big data Hacking 163

Bleeping Computer

JUNE 8, 2023

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [.

145

145

CSO Magazine

JUNE 6, 2023

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145

Malware Cybersecurity 145

Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Software 254

Software Hacking Engineering Internet 254

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Tech Republic Security

JUNE 6, 2023

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 166

Risk Big data Ransomware Cybersecurity 166

Bleeping Computer

JUNE 8, 2023

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [.

DDOS 145

DDOS 145

CSO Magazine

JUNE 8, 2023

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group's larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally.

Social Engineering 138

Social Engineering Engineering Phishing Malware 138

Schneier on Security

JUNE 9, 2023

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Malware 225

Malware Backups Mobile 225

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Tech Republic Security

JUNE 7, 2023

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Spyware 155

Spyware Big data Malware Cybersecurity 155

Bleeping Computer

JUNE 8, 2023

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. [.

Ransomware 145

Ransomware 145

CSO Magazine

JUNE 9, 2023

Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, said a framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that supports AI advancements so that when AI models are implemented, they’re secure-by-default.

Technology 134

Technology Risk 134

The Hacker News

JUNE 3, 2023

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "extremely high degree of similarity" between Royal and BlackSuit.

Ransomware 144

Ransomware 144

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Tech Republic Security

JUNE 6, 2023

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 148

Software Mobile 148

Bleeping Computer

JUNE 7, 2023

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 145

Hacking Network Security 145

CSO Magazine

JUNE 8, 2023

Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring.

134

134

The Hacker News

JUNE 4, 2023

Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites.

Cybersecurity 139

Cybersecurity 139

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

Tech Republic Security

JUNE 6, 2023

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.

DDOS 136

DDOS Data breaches Social Engineering Engineering 136

Bleeping Computer

JUNE 7, 2023

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. [.

Healthcare 145

Healthcare Government Education 145

CSO Magazine

JUNE 5, 2023

The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats in the UK and the US , warning that global economic downturns, geopolitical tensions, nation-state actors, and rans

Cybersecurity 138

Cybersecurity Ransomware Healthcare Risk 138

The Hacker News

JUNE 4, 2023

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal.

Banking 139

Banking Accountability Cybercrime 139

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Security Boulevard

JUNE 5, 2023

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 140

Malware Security Awareness Social Engineering Network Security 140

Bleeping Computer

JUNE 7, 2023

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 145

Mobile Software Accountability 145

CSO Magazine

JUNE 6, 2023

Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.

CISO 133

CISO Risk Malware Software 133

CyberSecurity Insiders

JUNE 7, 2023

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’. Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

Cyber Attacks 130

Cyber Attacks DDOS Hacking Cybersecurity 130

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy