CSO Magazine

JUNE 7, 2023

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139

Adware Malware Banking Mobile 139

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

Firmware 307

Firmware Malware Software Ransomware 307

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

Surveillance 303

Surveillance Computers and Electronics Encryption Government 303

Tech Republic Security

JUNE 6, 2023

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 167

Risk Big data Software Ransomware 167

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 6, 2023

The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks. [.

Media 145

Media 145

CSO Magazine

JUNE 6, 2023

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145

Malware Cybersecurity 145

Tech Republic Security

JUNE 9, 2023

A new study polling software buyers at businesses worldwide finds strong intention to increase budget, with special interest in AI. It also looks at how vendors can engage buyers. The post Firm study predicts big spends on generative AI appeared first on TechRepublic.

Software 164

Software Artificial Intelligence 164

Bleeping Computer

JUNE 8, 2023

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [.

DDOS 143

DDOS 143

Security Boulevard

JUNE 5, 2023

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145

Malware Social Engineering Security Awareness Engineering 145

Schneier on Security

JUNE 9, 2023

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Malware 211

Malware Backups Mobile 211

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 9, 2023

Get the details about the ransomware group Clop's ultimatum to companies they recently hit with a supply-chain attack. Also, learn cybersecurity mitigation best practices for any organization. The post BBC, British Airways, Boots hit with hackers’ ultimatum after suffering MOVEit supply-chain attack appeared first on TechRepublic.

Ransomware 160

Ransomware Cybersecurity Big data Software 160

Bleeping Computer

JUNE 8, 2023

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [.

143

143

Dark Reading

JUNE 6, 2023

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 135

Hacking 135

Schneier on Security

JUNE 7, 2023

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

Cyber Insurance 207

Cyber Insurance Insurance Cybersecurity 207

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JUNE 8, 2023

At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO. The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic.

Artificial Intelligence 151

Artificial Intelligence Firewall Cybersecurity 151

Bleeping Computer

JUNE 7, 2023

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 137

Hacking Network Security 137

CyberSecurity Insiders

JUNE 7, 2023

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’. Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

Cyber Attacks 127

Cyber Attacks DDOS Mobile Hacking 127

CSO Magazine

JUNE 5, 2023

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125

CISO Phishing 125

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 7, 2023

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Big data 151

Big data Spyware Mobile Software 151

Bleeping Computer

JUNE 6, 2023

Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [.

DDOS 136

DDOS 136

CyberSecurity Insiders

JUNE 5, 2023

In an increasingly connected world, where our lives revolve around the internet, safeguarding our privacy online has become paramount. From social media platforms to online shopping and banking, we share a wealth of personal information that can be vulnerable to misuse or exploitation. However, by adopting a few simple yet effective practices, you can significantly enhance your online privacy.

Passwords 126

Passwords Encryption Media Banking 126

Dark Reading

JUNE 6, 2023

Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.

Malware 136

Malware Software 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 6, 2023

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 145

Software Mobile 145

Bleeping Computer

JUNE 7, 2023

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 136

Mobile Accountability Software 136

CSO Magazine

JUNE 5, 2023

The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats in the UK and the US , warning that global economic downturns, geopolitical tensions, nation-state actors, and rans

Cybersecurity 124

Cybersecurity Healthcare Technology Ransomware 124

We Live Security

JUNE 7, 2023

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity

Internet 124

Internet Internet 124

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 6, 2023

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.

DDOS 139

DDOS Social Engineering Data breaches Engineering 139

Bleeping Computer

JUNE 9, 2023

A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. [.

Banking 143

Banking 143

CyberSecurity Insiders

JUNE 5, 2023

Hackers somehow managed to exploit a vulnerability in Moveit file transfer software and ac-cessed information from the servers of Zellis, a payroll service provider in Britain. Unfortu-nately, British Airways (BA) and Boots are two among the list of companies that were impact-ed by the security incident. MOVEit produced by Progress Software is taking all precautions to mitigate the risks associat-ed with the incident and has informed the staff of Zellis on how to neutralize the effects of the cy

Data breaches 122

Data breaches Cybersecurity Insurance Ransomware 122

We Live Security

JUNE 8, 2023

A curious case of a threat actor at the border between crimeware and cyberespionage The post Asylum Ambuscade: crimeware or cyberespionage?

137

137

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk