The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Schneier on Security

JULY 26, 2023

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.

Telecommunications 227

Telecommunications Encryption Technology Software 227

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Malware 197

Malware VPN Internet Internet 197

Tech Republic Security

JULY 25, 2023

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 185

Big data Software 185

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

JULY 27, 2023

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246

VPN Cybersecurity Data collection Threat Detection 246

Schneier on Security

JULY 27, 2023

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

Social Engineering 204

Social Engineering Artificial Intelligence Engineering 204

Tech Republic Security

JULY 28, 2023

The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.

Risk 143

Risk Artificial Intelligence Cybersecurity 143

Security Boulevard

JULY 28, 2023

C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.

Social Engineering 98

Social Engineering IoT Security Awareness Engineering 98

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 203

Internet Internet 203

The Hacker News

JULY 27, 2023

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Cybersecurity 98

Cybersecurity 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 28, 2023

The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.

VPN 131

VPN Cybersecurity Network Security 131

Security Boulevard

JULY 27, 2023

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: a North Korean APT group targets developers via GitHub. Also: This Barbie is a cybercriminal. The post The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Software 98

Schneier on Security

JULY 28, 2023

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.

Artificial Intelligence 201

Artificial Intelligence 201

Bleeping Computer

JULY 26, 2023

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. [.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JULY 25, 2023

If you're new to cyber security or trying to improve your knowledge, Cyber Security Specialist Workshop Live Sessions provides 32 weeks of essential training for under $500.

Cybersecurity 128

Cybersecurity 128

Security Boulevard

JULY 27, 2023

Fraud is a pervasive threat to any organization’s viability and sustainability, with fraudsters continually seeking innovative ways to deceive and steal from businesses. To protect themselves and their customers, it’s critical for businesses today to have a comprehensive fraud risk management plan that identifies, assesses, and mitigates risks associated with nefarious cyber activities.

Risk 98

Risk 98

The Hacker News

JULY 26, 2023

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

Cryptocurrency 98

Cryptocurrency Passwords Malware 98

Bleeping Computer

JULY 26, 2023

Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. [.

VPN 98

VPN 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

Network Security 145

Network Security 145

Malwarebytes

JULY 25, 2023

Stalkerware-type app Spyhide is coded so badly that it’s possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device. And it's not a small number. Hacktivist maia arson crimew told TechCrunch she'd found 60,000 compromised Android devices, dating back to 2016. Spyhide, like many other stalkerware-type apps “silently and continually uploads the phone’s contacts, messages, photos, call logs and recordings, and granular locat

Surveillance 98

Surveillance Mobile Marketing Government 98

Security Boulevard

JULY 26, 2023

We will kill WEI: A thinly veiled attempt to track you and make more ad money. The post ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ appeared first on Security Boulevard.

Security Awareness 98

Security Awareness IoT Risk Mobile 98

The Hacker News

JULY 28, 2023

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

98

98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JULY 28, 2023

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

Artificial Intelligence 146

Artificial Intelligence Cyber threats Hacking Engineering 146

Bleeping Computer

JULY 25, 2023

A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to take full control over a device and remain undetected. [.

Risk 98

Risk 98

Security Boulevard

JULY 27, 2023

Every year, Congress passes the National Defense Authorization Act (NDAA), which sets the budget and defines key policy priorities for the U.S. Department of Defense (DoD). This legislation plays a crucial role in shaping the defense priorities and resources of the country, ensuring the readiness and capabilities of the military, and providing oversight for defense-related […] The post Supply Chain and Firmware Security Take Center Stage in 2024 NDAA appeared first on Eclypsium | Supply Cha

Firmware 98

Firmware 98

WIRED Threat Level

JULY 24, 2023

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Encryption 98

Encryption Hacking 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JULY 24, 2023

Derek Hanson, Yubico’s VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical.

135

135

Bleeping Computer

JULY 24, 2023

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. [.

98

98

Security Boulevard

JULY 25, 2023

A recent article in Forbes discusses the shifting mindset in cybersecurity from the traditional “detect and respond” approach to a prevention-first philosophy. With the continuous evolution of cybersecurity threats, organizations are investing in various tools like EDR (endpoint detection and response), MDR (managed detection and response), and XDR (extended detection and response).

Cybersecurity 98

Cybersecurity 98

The Hacker News

JULY 24, 2023

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

98

98

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk