Schneier on Security

DECEMBER 7, 2023

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed

Surveillance 278

Surveillance Government Accountability Spyware 278

Lohrman on Security

DECEMBER 3, 2023

There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention.

Cyber Attacks 261

Cyber Attacks Cybersecurity 261

Troy Hunt

DECEMBER 7, 2023

10 years later. 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with absolutely no expectations of anything, and now it's, well, massive! I'm a bit lost for words if I'm honest, I hope the chat with Charlotte adds some candour to this week's update, she's seen this thing grow since before its first birthday, through the hardest times and the best times and now lives and breathes HIBP day in day out with me.

Malware 244

Malware 244

Krebs on Security

DECEMBER 6, 2023

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Phishing 232

Phishing Malware Scams Internet 232

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 321

Surveillance Internet Internet Spyware 321

Tech Republic Security

DECEMBER 6, 2023

Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support.

Small Business 172

Small Business Software 172

Malwarebytes

DECEMBER 7, 2023

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apple’s servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by Google. But, it seems, it’s not just Apple and Google who can view them.

Government 145

Government VPN Surveillance Accountability 145

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 276

Surveillance Spyware Data privacy Government 276

Tech Republic Security

DECEMBER 4, 2023

The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.

Cyber Attacks 174

Cyber Attacks Risk CISO Software 174

Kali Linux

DECEMBER 4, 2023

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.

Passwords 145

Passwords Firmware Architecture Software 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

DECEMBER 7, 2023

Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.” The most severe of these flaws is a vulnerability in the System component that could lead to remote code execution (RCE) without any additional execution

Cybersecurity 142

Cybersecurity Risk 142

Schneier on Security

DECEMBER 6, 2023

Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.

Cybersecurity 242

Cybersecurity 242

Tech Republic Security

DECEMBER 7, 2023

AMI, Insyde and Lenovo have released patches for LogoFAIL, an image library poisoning attack. Learn more about LogoFAIL.

Technology 178

Technology 178

Veracode Security

DECEMBER 7, 2023

December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations.

138

138

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

DECEMBER 8, 2023

Newly discovered cracked applications being distributed by unauthorized websites are delivering Trojan-Proxy malware to macOS users who are looking for free or cheap versions of the software tools they want. The malware can be used by bad actors for a range of malicious activities, including hacking into systems or running phishing campaigns. “Attackers can use.

Malware 136

Malware Software Phishing Hacking 136

Schneier on Security

DECEMBER 8, 2023

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

Authentication 242

Authentication 242

Tech Republic Security

DECEMBER 6, 2023

Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.

Malware 175

Malware Ransomware Risk Network Security 175

Security Affairs

DECEMBER 8, 2023

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Hacking 135

Hacking Malware Cybersecurity Information Security 135

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

DECEMBER 8, 2023

Misconfigured AWS Role Enables Cloud Initial Access The post AWS Misconfiguration Leads to Buckets of Data appeared first on Horizon3.ai. The post AWS Misconfiguration Leads to Buckets of Data appeared first on Security Boulevard.

133

133

Bleeping Computer

DECEMBER 5, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [.

Cybersecurity 134

Cybersecurity Government 134

Tech Republic Security

DECEMBER 7, 2023

Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules.

Cyber threats 126

Cyber threats Cybersecurity 126

The Hacker News

DECEMBER 8, 2023

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

Firmware 130

Firmware IoT Mobile 130

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

We Live Security

DECEMBER 6, 2023

Smart cars include many new functions that make our lives easier, but they also do so by intruding upon personal privacy through an incessant amount of tracking, which can make these cars targets of cyberattacks.

Phishing 130

Phishing 130

Bleeping Computer

DECEMBER 8, 2023

A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems. [.

Mobile 127

Mobile 127

Tech Republic Security

DECEMBER 7, 2023

Norton VPN’s small server network and lack of notable features make it hard to recommend over other available VPNs today. Read our full review to learn more.

VPN 133

VPN 133

Security Boulevard

DECEMBER 5, 2023

Not nice: Hacker claimed 20 million, 23andMe said it was only 14,000—but now admits to 6.9 million. The post 23andMe Finally Admits: 6.9 MILLION Users’ PII Breached appeared first on Security Boulevard.

Security Awareness 131

Security Awareness Data privacy Digital transformation Network Security 131

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

WIRED Threat Level

DECEMBER 7, 2023

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Encryption 126

Encryption Media 126

Bleeping Computer

DECEMBER 4, 2023

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.

129

129

Tech Republic Security

DECEMBER 4, 2023

An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.

Cybersecurity 129

Cybersecurity Mobile 129

Security Boulevard

DECEMBER 5, 2023

With the proliferation of data in all aspects of life, from personal information to business operations, its protection becomes more critical than ever. The post What the Future Holds for Data Security appeared first on Security Boulevard.

Data privacy 131

Data privacy Risk Cybersecurity Government 131

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware