Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Phishing 272

Phishing Retail Mobile Scams 272

Schneier on Security

JUNE 21, 2023

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “ Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation “: Abstract: The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be “morally good” or at least “morally allowed / acceptable.” Among phil

Education 243

Education 243

Lohrman on Security

JUNE 18, 2023

Will all the buzz surrounding new artificial intelligence applications like ChatGPT soon be spreading to other tech areas like quantum computing?

Artificial Intelligence 258

Artificial Intelligence 258

Tech Republic Security

JUNE 20, 2023

Practices such as using a separate email for sensitive activities and removing personal data from people search sites can help executives improve their data privacy. The post One overlooked element of executive safety: Data privacy appeared first on TechRepublic.

Data privacy 153

Data privacy Big data Media 153

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties.

Malware 212

Malware Antivirus Cybercrime Hacking 212

Schneier on Security

JUNE 19, 2023

This is a clever new side-channel attack : The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­or of an attached peripheral device­during cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva.

Surveillance 236

Surveillance Internet Internet Government 236

Tech Republic Security

JUNE 23, 2023

Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. The post Dell Technologies World 2023: Q&A on how Dell sees security at the edge appeared first on TechRepublic.

Technology 151

Technology Cybersecurity Network Security 151

Security Boulevard

JUNE 23, 2023

Vulns unpatched for FOUR years: ‘Triangulation’ spyware said to use backdoor Apple gave to NSA. The post Apple Fixes 0-Days — Russia Says US Used for Spying appeared first on Security Boulevard.

Spyware 145

Spyware Social Engineering Engineering Risk 145

Schneier on Security

JUNE 23, 2023

I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.

Phishing 206

Phishing Cybercrime 206

Bleeping Computer

JUNE 21, 2023

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM. [.

Mobile 145

Mobile Software 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 21, 2023

Cybersecurity has always been challenging, but with the cloud becoming more complex, the Internet of Things more advanced and remote work more embraced, security and endpoint management face a host of new challenges. Experts weighed in on the subject at the recent Syxsense Synergy event. The post Remote work and the cloud create new endpoint security challenges appeared first on TechRepublic.

Internet 150

Internet Internet Cybersecurity 150

Security Boulevard

JUNE 20, 2023

Unlucky number: Time and again this month, “Russian” hackers bring down Microsoft clouds. The post Microsoft Repeatedly Burned in ‘Layer 7’ DDoS appeared first on Security Boulevard.

DDOS 144

DDOS Security Awareness IoT Risk 144

CyberSecurity Insiders

JUNE 21, 2023

At the end of May 2023, a Zero Day vulnerability was discovered by risk analysing firm Kroll and on June 7th of this year, Clop ransomware gang published on its blog that they have gained access to the servers of MOVEit software via Zellis Payroll software and urged the victims to contact via the blog post, as their email response could go at snail pace as the number of victims related to the incident was large.

Cyber Attacks 137

Cyber Attacks Retail Insurance Healthcare 137

Bleeping Computer

JUNE 17, 2023

A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing of SMS delivery reports to deduce a recipient's location. [.

Technology 145

Technology Mobile 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JUNE 23, 2023

The company’s CTO of its Prisma Cloud says that when the software development process meets continuous integration and development, security must be efficient and holistic. The post Palo Alto Networks CTO Talks Securing ‘Code to Cloud’ appeared first on TechRepublic.

Software 150

Software 150

SecureList

JUNE 21, 2023

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel.

Spyware 134

Spyware Encryption Passwords Backups 134

Naked Security

JUNE 20, 2023

“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them.

140

140

Bleeping Computer

JUNE 20, 2023

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner. [.

Malware 142

Malware DDOS 142

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 20, 2023

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

Authentication 150

Authentication Passwords Password Management Software 150

CyberSecurity Insiders

JUNE 19, 2023

The widespread adoption of SaaS applications has created an intricate ‘SaaS mesh’ in most organizations. While these applications have undoubtedly improved productivity, they have also introduced a new set of security risks. From insecure integrations and unmanaged user identities to rogue data sharing, businesses face numerous challenges that traditional security solutions such as CASBs struggle to address.

Risk 126

Risk Cybersecurity 126

We Live Security

JUNE 22, 2023

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources The post Maltego: Check how exposed you are online appeared first on WeLiveSecurity

120

120

Bleeping Computer

JUNE 17, 2023

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. [.

Ransomware 142

Ransomware Government 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 23, 2023

Looking for the best VPNs for Chrome extension to enhance your online security and privacy? Dive into our list of top rated VPNs and find your best fit. The post 5 Best Chrome VPN Extensions for 2023 appeared first on TechRepublic.

VPN 134

VPN 134

CyberSecurity Insiders

JUNE 21, 2023

Cybersecurity in today’s world is a matter of national security and so the Department of Justice (DoJ) has created a separate litigation section in its National Security Division dedicated to Cybersecurity. Matthew G. Olsen, the head of Justice Department has endorsed the news on Tuesday by announcing the same at the Stanford’s Hoover Institution. As per the update released by Matthew the new section will be called as NatSec Cyber and will be highly scalable as per the need/demand.

Cybersecurity 120

Cybersecurity Cyber threats 120

Dark Reading

JUNE 20, 2023

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

138

138

Bleeping Computer

JUNE 21, 2023

Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. [.

Phishing 140

Phishing Data breaches 140

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 21, 2023

In an effort to target online child sexual abuse and pro-terror content, Australia may cause global changes in how tech companies handle data. The post Australia plans to mandate file scanning for all tech companies appeared first on TechRepublic.

Big data 134

Big data Government Cybersecurity 134

CyberSecurity Insiders

JUNE 20, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncov

Cybersecurity 120

Cybersecurity Cybercrime Software Cyber threats 120

Security Boulevard

JUNE 19, 2023

Two months after noticing suspicious activity in its systems, PharMerica disclosed that nearly six million patients had their health care data stolen by threat actors. The large pharmacy services company, which has more than 2,500 locations in the U.S., filed a data breach notification in May 2023. PharMerica noted that a third party had gained. The post PharMerica Breach: The Lure of Health Care Data appeared first on Security Boulevard.

Data breaches 120

Data breaches Healthcare Risk Government 120

Bleeping Computer

JUNE 19, 2023

A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,' allowing threat actors to steal data and credentials or deploy ransomware on the infected device. [.

Malware 140

Malware Ransomware 140

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk