Lohrman on Security
DECEMBER 17, 2023
Where next for cyber in 2024? Here’s your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.
Schneier on Security
DECEMBER 22, 2023
Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 19, 2023
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con
The Last Watchdog
DECEMBER 17, 2023
The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 20, 2023
The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.
Schneier on Security
DECEMBER 19, 2023
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
DECEMBER 22, 2023
A hospital situated near Kansas City, Missouri, has encountered significant challenges in delivering patient care this week following a cyberattack that severely impacted its systems. Liberty Hospital provided an update Read More The post Kansas City Hospital Ransomware Attack Consequences appeared first on Axio. The post Kansas City Hospital Ransomware Attack Consequences appeared first on Security Boulevard.
Tech Republic Security
DECEMBER 21, 2023
Generative AI can be used by attackers, but security professionals shouldn't lose sleep over it, according to a Google Cloud threat intelligence analyst. Find out why.
Schneier on Security
DECEMBER 18, 2023
More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.
Bleeping Computer
DECEMBER 19, 2023
The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 19, 2023
Another day, another huge leak: In October, they called it an “outage;” last month, it became a “cybersecurity incident;” now it’s a full-on PII leak. The post Mr. Cooper Hackers Stole ~15 Million Users’ Data appeared first on Security Boulevard.
Tech Republic Security
DECEMBER 20, 2023
Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors.
Schneier on Security
DECEMBER 21, 2023
The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.
Bleeping Computer
DECEMBER 22, 2023
Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
DECEMBER 21, 2023
Google has released an emergency security update for Chrome that brings the browser’s Stable channel to version 120.0.6099.129 for Mac, Linux and to 120.0.6099.129/130 for Windows. This update includes one security fix for a vulnerability that was subject to an existing exploit. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Tech Republic Security
DECEMBER 22, 2023
ESET's latest report highlights the abuse of the ChatGPT name, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware.
Schneier on Security
DECEMBER 20, 2023
Looks like fun. Details here.
Security Boulevard
DECEMBER 18, 2023
With the holiday season well underway, a threat group with a history of gift card scams is ramping up its efforts, according to Microsoft. The vendor’s Threat Intelligence unit wrote in a posting on X (formerly Twitter) that it has seen a “significant surge in activity associated with the threat actor Storm-0539, known to target. The post Microsoft: Storm-0539 Group Behind a Surge of Gift Card Scams appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
DECEMBER 18, 2023
On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.
Tech Republic Security
DECEMBER 21, 2023
ASIC research shows 44% of Australian organisations are not managing third-party supply chain risk. Tesserent says it remains a key risk, and disruption could emerge from geopolitical tensions.
Bleeping Computer
DECEMBER 18, 2023
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [.
Security Boulevard
DECEMBER 21, 2023
As I begin to document the ransomware landscape of 2023, I recognize that the constantly changing nature of these attacks means that any momentary snapshot becomes quickly outdated. Ransomware, although not a novel threat vector, has undeniably intensified its grip this year, permeating diverse industries and platforms. What remains unchanged is the harsh reality that … Continue reading "2023, the year of ransomware" The post 2023, the year of ransomware appeared first on Solvo.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
SecureList
DECEMBER 21, 2023
In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows elevation-of-privilege (EoP) exploits that we have seen in ransomware attacks throughout the year.
Tech Republic Security
DECEMBER 19, 2023
Australia is about to get a national online ID system — the Digital ID — which promises to improve the security and privacy of data online. However, concerns among Australians persist.
Bleeping Computer
DECEMBER 20, 2023
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [.
Security Boulevard
DECEMBER 21, 2023
Did you know that $224 billion is spent annually on cybersecurity? Or did you know that $6 trillion is lost to cyber crimes each year? These statistics show that organizations struggled to maintain basic cybersecurity practices in 2023. But what can organizations do to improve their networks and help prevent attacks in 2024? Basic Cybersecurity […] The post Unpacking 2023 and Predicting 2024: What to Expect in Cybersecurity appeared first on CISO Global.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Security Affairs
DECEMBER 22, 2023
The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N
Tech Republic Security
DECEMBER 19, 2023
As the year comes to a close, Mac users should take these steps to ensure their device's security, performance and organization.
Bleeping Computer
DECEMBER 21, 2023
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. [.
Security Boulevard
DECEMBER 20, 2023
Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale. The post Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored appeared first on Security Boulevard.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Expert insights. Personalized for you.
314 
Let's personalize your content