Tech Republic Security
JUNE 13, 2023
A poll of security software buyers shows 39% of small and medium-sized businesses lost customer data due to cyberattacks. The post Cyberattacks surge to 61% of small and medium-sized businesses, says study appeared first on TechRepublic.
Schneier on Security
JUNE 12, 2023
New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models have led to a shared interest among security and machine learning researchers in developing scalable steganography te
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JUNE 13, 2023
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
WIRED Threat Level
JUNE 15, 2023
The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JUNE 16, 2023
Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.
Schneier on Security
JUNE 16, 2023
I’m just back from the sixteenth Workshop on Security and Human Behavior , hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyer
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JUNE 16, 2023
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling.
Tech Republic Security
JUNE 13, 2023
Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.
Schneier on Security
JUNE 13, 2023
The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives.
Bleeping Computer
JUNE 14, 2023
The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
JUNE 12, 2023
A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said.
Tech Republic Security
JUNE 15, 2023
FBI, CISA and international organizations released an advisory detailing breadth and depth of LockBit, and how to defend against the most prevalent ransomware of 2022 and (so far) 2023. The post CISA advisory on LockBit: $91 million extorted from 1,700 attacks since 2020 appeared first on TechRepublic.
Google Security
JUNE 14, 2023
Tamás Koczka, Security Engineer In 2020 , we integrated kCTF into Google's Vulnerability Rewards Program (VRP) to support researchers evaluating the security of Google Kubernetes Engine (GKE) and the underlying Linux kernel. As the Linux kernel is a key component not just for Google, but for the Internet, we started heavily investing in this area. We extended the VRP's scope and maximum reward in 2021 (to $50k), then again in February 2022 (to $91k), and finally in August 2022 (to $133k).
Bleeping Computer
JUNE 13, 2023
VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
JUNE 15, 2023
A Guide to Key Management as a Service madhav Thu, 06/15/2023 - 11:29 As companies adopt a cloud-first strategy and high-profile breaches hit the headlines, securing sensitive data has become a paramount business concern. The most effective way to ensure data security is through encryption and proper key management. Key Management as a Service (KMaaS) allows companies to manage encryption keys more effectively through a cloud-based solution instead of running the service on physical, on-premises
Tech Republic Security
JUNE 16, 2023
The study shows attackers are using more bots and doing more sophisticated phishing exploits and server attacks, especially targeting retail. The post Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot appeared first on TechRepublic.
WIRED Threat Level
JUNE 12, 2023
A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans.
Bleeping Computer
JUNE 16, 2023
The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JUNE 16, 2023
The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.
Tech Republic Security
JUNE 13, 2023
The assumptions a business shouldn’t make about its DDoS defenses and the steps it should take now to reduce its likelihood of attack. The post DDoS threats and defense: How certain assumptions can lead to an attack appeared first on TechRepublic.
We Live Security
JUNE 15, 2023
ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files The post Android GravityRAT goes after WhatsApp backups appeared first on WeLiveSecurity
Bleeping Computer
JUNE 11, 2023
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JUNE 16, 2023
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
Tech Republic Security
JUNE 12, 2023
Google’s ChromeOS is not just for Chromebooks. Thomas Riedl, the Google unit’s head of enterprise, sees big growth opportunities for the OS where security and versatility matter most. The post Google’s ChromeOS aims for enterprise with security and compatibility appeared first on TechRepublic.
SecureList
JUNE 15, 2023
Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. The Malware-as-a-Service (MaaS) business model emerged as a result of this, allowing malware developers to share the spoils of affiliate attacks and lowering the bar even further.
Bleeping Computer
JUNE 13, 2023
Hackers are distributing Windows 10 using torrents that hide cryptocurrency hijackers in the EFI (Extensible Firmware Interface) partition to evade detection. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
JUNE 15, 2023
A newly discovered ChatGPT-based attack technique, dubbed AI package hallucination, lets attackers publish their own malicious packages in place of an unpublished package. In this way, attackers can execute supply chain attacks through the deployment of malicious libraries to known repositories. The technique plays off of the fact that generative AI platforms like ChatGPT use.
CSO Magazine
JUNE 15, 2023
When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don't realize that using third-party APIs can expose their applications to security issues, such as malware, data breaches, and unauthorized access.
The Hacker News
JUNE 14, 2023
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.
Bleeping Computer
JUNE 13, 2023
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. [.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
179 
Let's personalize your content