Sat.Jan 27, 2024 - Fri.Feb 02, 2024

article thumbnail

Facebook’s Extensive Surveillance Network

Schneier on Security

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Data Breach "Personal Stash" Ecosystem

Troy Hunt

I've always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they've collected over time and by virtue of existing in the same social circles, trades are frequent, and cards flow back and forth on a regular basis.

article thumbnail

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

David Kahn

Schneier on Security

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.

299
299
article thumbnail

Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats – A Free Webinar With Joseph Steinberg and Dror Liwer

Joseph Steinberg

Embark on a journey of thought leadership into the dynamic realm of cybersecurity, and be part of the conversation and collective effort to shape the future of the industry, by joining the inaugural webinar of Coro’s new series, Cybersphere. Taking place on Thursday, February 1st, 2024 1:00 PM US Eastern Daylight Savings Time (10:00 AM US Pacific = 5:00 PM UTC/GMT), Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats , will be a thought-provoking session that will f

More Trending

article thumbnail

Weekly Update 384

Troy Hunt

I spent longer than I expected talking about Trello this week, in part because I don't feel the narrative they presented properly acknowledges their responsibility for the incident and in part because I think the impact of scraping in general is misunderstood. I suspect many of us are prone to looking at this in a very binary fashion: if the data is publicly accessible anyway, scraping it poses no risk.

Risk 230
article thumbnail

NSA Buying Bulk Surveillance Data on Americans without a Warrant

Schneier on Security

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles.

article thumbnail

Ransomware’s Impact Could Include Heart Attacks, Strokes & PTSD

Tech Republic Security

New research details the possible effects of ransomware attacks on businesses and staff, society, the economy and national security, highlighting that its impact on mental and physical health is often overlooked.

article thumbnail

CVE-2024-21626: Docker Confronts Critical Container Escape Threat

Penetration Testing

In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization. Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cloudflare hacked using auth tokens stolen in Okta attack

Bleeping Computer

Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. [.

Hacking 144
article thumbnail

Microsoft Executives Hacked

Schneier on Security

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and

Hacking 282
article thumbnail

What Is Cyber Threat Hunting? (Definition & How it Works)

Tech Republic Security

Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system.

article thumbnail

Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices

Penetration Testing

Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers. Discovered on January 10, 2024, by JPCERT/CC, this vulnerability has... The post Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

New Linux glibc flaw lets attackers get root on major distros

Bleeping Computer

​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). [.

144
144
article thumbnail

CFPB’s Proposed Data Rules

Schneier on Security

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.

Banking 269
article thumbnail

Botnet Struck U.S. Routers. Here’s How to Keep Employees Safe

Tech Republic Security

The FBI spotted this state-sponsored attack that highlights how home office setups can be overlooked when it comes to employees’ cybersecurity.

article thumbnail

CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws

Penetration Testing

FFmpeg, a widely used open-source project for handling multimedia files, has recently been spotlighted for its vulnerabilities. Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

AnyDesk says hackers breached its production servers, reset passwords

Bleeping Computer

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [.

Passwords 142
article thumbnail

New Images of Colossus Released

Schneier on Security

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article.

269
269
article thumbnail

What Do Apple’s EU App Store Changes Mean for App Developers?

Tech Republic Security

The EU says the DMA keeps markets fair and open; Apple says the DMA introduces security problems. Apple is leveling fees against independent app stores.

Marketing 182
article thumbnail

Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc

Penetration Testing

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. This local privilege escalation (LPE) vulnerability has sent ripples through the Linux community. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

ESET takes part in global operation to disrupt the Grandoreiro banking trojan

We Live Security

ESET has worked with the Federal Police of Brazil on an effor to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities.

Banking 137
article thumbnail

Tax Season is Upon Us, and So Are the Scammers

Security Boulevard

It’s still relatively early in the year, but bad actors are already targeting accounting and finance organizations as well as filers in the United States with tax-related scams. Researchers at cybersecurity company Proofpoint wrote in a report this week that the return of tax season reliably brought the threat group TA576 back into action. “TA576. The post Tax Season is Upon Us, and So Are the Scammers appeared first on Security Boulevard.

Scams 130
article thumbnail

McAfee True Key Review (2024): Pricing, Features, Pros & Cons

Tech Republic Security

McAfee True Key’s focus on simplicity as a password manager may leave users seeking more security and usability features in other options. Learn more in our hands-on review.

article thumbnail

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Graham Cluley

China-sponsored attacks likened to "placing bombs in water treatment facilities, and power plants". Is it just me, or does this sound like the plot of a Mission Impossible movie?

Hacking 128
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday

Bleeping Computer

CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. [.

VPN 128
article thumbnail

‘Extremely serious’ — Mercedes-Benz Leaks Data on GitHub

Security Boulevard

Oh, Lord: My friends all hack Porsches—I must make amends. The post ‘Extremely serious’ — Mercedes-Benz Leaks Data on GitHub appeared first on Security Boulevard.

Hacking 135
article thumbnail

Mobile Device Security Policy

Tech Republic Security

Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. Desktops are routinely stationary devices and laptops are harder to lose than smartphones or tablets, being more sizable. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops.

Mobile 143
article thumbnail

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Security Affairs

The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology “Planet.” The Russian center processes data received from satellites and also provides relevant p

Malware 127
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.