Krebs on Security

JANUARY 17, 2023

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves ag

DDOS 208

DDOS Cybercrime Engineering Government 208

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Surveillance 335

Surveillance Media Hacking 335

Tech Republic Security

JANUARY 19, 2023

The cybersecurity implications of ChatGPT are vast, especially for email exploits, but putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense. The post As a cybersecurity blade, ChatGPT can cut both ways appeared first on TechRepublic.

Cybersecurity 205

Cybersecurity Phishing 205

Security Boulevard

JANUARY 20, 2023

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

Data breaches 145

Data breaches Mobile Security Awareness Risk 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.

Mobile 286

Mobile Accountability Data breaches Identity Theft 286

Schneier on Security

JANUARY 19, 2023

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff

Encryption 288

Encryption Authentication Advertising Government 288

Bleeping Computer

JANUARY 19, 2023

T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs). [.

Data breaches 144

Data breaches Mobile Accountability Hacking 144

Security Boulevard

JANUARY 16, 2023

NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard.

Password Management 144

Password Management Passwords Social Engineering Security Awareness 144

Schneier on Security

JANUARY 20, 2023

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

284

284

Tech Republic Security

JANUARY 17, 2023

William “Hutch” Hutchison, founder and CEO of SimSpace, speaks with Karl Greenberg about the virtues of cyber ranges in training IT teams, and SimSpace’s own specialty: Digital-twin based ranges that the firm provides to NATO governments worldwide, including security teams in Ukraine. The post SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training appeared first on TechRepublic.

Cybersecurity 141

Cybersecurity Government 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JANUARY 14, 2023

Brave Browser version 1.47 was released yesterday, adding the Snowflake extension in the software's settings, enabling users to turn their devices into proxies that help users in censored countries connect to Tor. [.].

Software 145

Software 145

CyberSecurity Insiders

JANUARY 16, 2023

First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to release an indigenous mobile operating system that has the potential to offer a health competition to American technology giants and will be safe to use in the current cyber threat landscape.

Cyber Attacks 143

Cyber Attacks Mobile Government Password Management 143

Schneier on Security

JANUARY 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon , a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page.

227

227

Tech Republic Security

JANUARY 18, 2023

This report shows cybercriminals need only a couple days to access your full corporate network and exfiltrate its data. Read on to learn more. The post Threat attackers can own your data in just two days appeared first on TechRepublic.

Cybercrime 134

Cybercrime Malware Cybersecurity 134

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JANUARY 18, 2023

Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers. [.].

Hacking 141

Hacking Marketing Accountability 141

Cisco Security

JANUARY 18, 2023

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

Encryption 142

Encryption Engineering Technology Firewall 142

Schneier on Security

JANUARY 16, 2023

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.

Software 201

Software Hacking Manufacturing Government 201

Security Boulevard

JANUARY 17, 2023

The holidays were anything but happy over at Slack, which saw threat actors access its externally hosted GitHub repositories. The miscreants apparently used a “limited” number of stolen Slack employee tokens. And while they breached some of the platform’s private code repositories, the primary codebase—as well as customer data—weren’t affected. “On December 29, 2022, we.

Data breaches 140

Data breaches Cybersecurity 140

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

JANUARY 15, 2023

Data of about 2.5 billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. A security firm named Imperva Red has issued a warning that the flaw that has been technically dubbed as ‘CVE-2022-365’ allows hackers to steal information such as cloud based credentials and sensitive files from e-wallets. Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to trea

Risk 140

Risk Authentication Software Cybersecurity 140

Bleeping Computer

JANUARY 19, 2023

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing). [.

Malware 140

Malware Mobile 140

Dark Reading

JANUARY 19, 2023

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

Accountability 135

Accountability Authentication Passwords 135

The Hacker News

JANUARY 16, 2023

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.

Malware 136

Malware 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JANUARY 18, 2023

Many of you get confused with terms cybersecurity and Information Security and think that both these words are same and synonymous. However, in reality, both these terms are different and confused with one another. Cybersecurity is one of the significant business function that focuses on protecting IT infrastructure such as data, applications, communication infrastructure and network.

Information Security 136

Information Security Cybersecurity DDOS Data breaches 136

Bleeping Computer

JANUARY 19, 2023

PayPal is sending out notices of a data breach to thousands of users who had their accounts accessed by credential stuffing actors, resulting in the compromise of some personal data. [.

Accountability 138

Accountability Data breaches 138

eSecurity Planet

JANUARY 20, 2023

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali

Malware 134

Malware CISO Cybersecurity Technology 134

Security Boulevard

JANUARY 20, 2023

I’m not sure what is less surprising, that a big company got hacked or that they are trying to play the victim. The headline is that T-Mobile acknowledged that data on roughly 37 million customers was stolen. The breach resulted from a “bad actor” abusing an API to gain access to the data. First, let’s. The post T-Mobile API Breach: Playing the Victim appeared first on Security Boulevard.

Mobile 134

Mobile Hacking Data breaches Cybersecurity 134

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CyberSecurity Insiders

JANUARY 16, 2023

School districts are constantly being targeted by cyber attacks, leading to data breaches and information misuse. So, to those who are worried about the privacy of student info, here are some tips to protect it from prying eyes. 1.) Categorization of data is important in such scenarios and that can be done through data classification where private data like Personally Identifiable Information(PII) can be protected with more security measures than the stuff that don’t need them. 2.

Social Engineering 136

Social Engineering Education Scams Data breaches 136

Bleeping Computer

JANUARY 17, 2023

Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. [.].

Advertising 143

Advertising Malware Software 143

Tech Republic Security

JANUARY 19, 2023

Mail Backup X is the ultimate solution to protect your email from corruptions and crashes. The post Secure your email with this top-rated backup service appeared first on TechRepublic.

Backups 120

Backups 120

Security Boulevard

JANUARY 20, 2023

Whether the project is a renovation, expansion or a new building, construction projects are typically time-consuming and expensive ventures. Active and ongoing construction projects are worth monitoring for security, accountability and liability. There are multiple ways that CCTV remote monitoring can benefit construction companies and property owners. 1.

Surveillance 132

Surveillance Accountability Security Awareness Risk 132

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk