Sat.Aug 19, 2023 - Fri.Aug 25, 2023

article thumbnail

Applying AI to License Plate Surveillance

Schneier on Security

License plate scanners aren’t new. Neither is using them for bulk surveillance. What’s new is that AI is being used on the data, identifying “suspicious” vehicle behavior: Typically, Automatic License Plate Recognition (ALPR) technology is used to search for plates linked to specific crimes. But in this case it was used to examine the driving patterns of anyone passing one of Westchester County’s 480 cameras over a two-year period.

article thumbnail

Kroll Employee SIM-Swapped for Crypto Investor Data

Krebs on Security

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Mobile 207
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2023 Cybersecurity Awareness Month Appeal: Make Online Security Easier

Lohrman on Security

Surveys show that most Americans think online security is too hard, confusing and frustrating. So as we prepare for Cybersecurity Awareness Month in October, the goal is to make cybersecurity easy.

article thumbnail

GUEST ESSAY: Lessons to be learned from the waves of BofA phone number spoofing scams

The Last Watchdog

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Scams 246
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

December’s Reimagining Democracy Workshop

Schneier on Security

Imagine that we’ve all—all of us, all of society—landed on some alien planet, and we have to form a government: clean slate. We don’t have any legacy systems from the US or any other country. We don’t have any special or unique interests to perturb our thinking. How would we govern ourselves? It’s unlikely that we would use the systems we have today.

article thumbnail

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Krebs on Security

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

More Trending

article thumbnail

Hybrid Post-Quantum Signatures in Hardware Security Keys

Elie

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

117
117
article thumbnail

Hacking Food Labeling Laws

Schneier on Security

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But there’s also examples of companies hacking the laws: Companies like Coca-Cola and Kraft Heinz have begun designing their products so that their packages don’t have a true front or back, but rather two nearly identical labels—except for the fact that only

Hacking 195
article thumbnail

Windows 10 KB5029331 update introduces a new Backup app

Bleeping Computer

Microsoft has released the optional KB5029331 Preview cumulative update for Windows 10 22H2 with sixteen improvements or fixes, including the introduction of a new Backup app. [.

Backups 98
article thumbnail

Major US Energy Company Hit by QR Code Phishing Campaign

Tech Republic Security

This QR code phishing campaign is targeting multiple industries and using legitimate services such as Microsoft Bing to increase its efficiency and bypass security.

Phishing 139
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

The Hacker News

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams.

Scams 98
article thumbnail

White House Announces AI Cybersecurity Challenge

Schneier on Security

At Black Hat last week, the White House announced an AI Cyber Challenge. Gizmodo reports : The new AI cyber challenge (which is being abbreviated “AIxCC”) will have a number of different phases. Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate in a 2024 “qualifying event.” During that event, the top 20 teams will be invited to a semifinal competi

article thumbnail

Leaseweb is restoring ‘critical’ systems after security breach

Bleeping Computer

Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled following a recent security breach. [.

98
article thumbnail

XLoader Malware Variant Targets MacOS Disguised as OfficeNote App

Tech Republic Security

A new variant of malware called XLoader is targeting macOS users. Learn more about how to protect yourself from this malicious software.

Malware 144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The 3 Malware Loaders Behind 80% of Incidents

Digital Shadows

Loader malware is working behind the scenes in many organizations' environments, doing the heavy lifting that helps an infection spread. ReliaQuest has picked out the most commonly observed loaders and outlined why SOC analysts should worry about them, plus how to defend against them.

Malware 98
article thumbnail

Parmesan Anti-Forgery Protection

Schneier on Security

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.

article thumbnail

API Abuse – Lessons from the Duolingo Data Scraping Attack

Security Boulevard

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those [.] The post API Abuse – Lessons from the Duolingo Data Scraping Attack appeared first on Wallarm.

98
article thumbnail

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses

Tech Republic Security

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.

Malware 129
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

MSI: Recent wave of Windows blue screens linked to MSI motherboards

Bleeping Computer

MSI has officially confirmed the recent surge of blue screens of death (BSODs) encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard models. [.

article thumbnail

Smart lightbulb and app vulnerability puts your Wi-Fi password at risk

Malwarebytes

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Researchers from the University of London and Universita di Catania produced a paper explaining the dangers of common IoT products. In this case, how smart bulbs can be compromised to gain access to your home or office network.

article thumbnail

Do we really need another cybersecurity tool?

Security Boulevard

It's time to ask tough questions and carefully scrutinize new cybersecurity tools before pulling the trigger on purchases. The post Do we really need another cybersecurity tool? appeared first on SafeBreach. The post Do we really need another cybersecurity tool? appeared first on Security Boulevard.

article thumbnail

Critical Insight Reports Fewer Cybersecurity Breaches in Health Care, Yet Victim Numbers Are Up in 2023

Tech Republic Security

A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

New Windows updates cause UNSUPPORTED_PROCESSOR blue screens

Bleeping Computer

Microsoft says the August 2023 preview updates released this week for Windows 11 and Windows 10 systems are causing blue screens with errors mentioning an unsupported processor issue.

98
article thumbnail

Danish Cloud Hosting Companies Ravaged by Ransomware Attacks

Heimadal Security

CloudNordic and AzeroCloud, Danish hosting firms specializing in cloud services, have been hit hard by ransomware attacks, causing widespread data loss and operational disruptions. The companies are steadfast in their decision not to pay the ransom demanded by the hackers. Further Context The attack seems to have targeted servers during a data center migration.

article thumbnail

Lapsus$ Jury Says Teen Duo Did Do Crimes

Security Boulevard

Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more. The post Lapsus$ Jury Says Teen Duo Did Do Crimes appeared first on Security Boulevard.

Hacking 98
article thumbnail

Akamai Report: LockBit, Cl0P Expand Ransomware Efforts

Tech Republic Security

Phishing is so last year: Akamai's report finds that zero-day and one-day vulnerabilities caused a 143% increase in total ransomware victims.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Hackers use public ManageEngine exploit to breach internet org

Bleeping Computer

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [.

article thumbnail

Spear Phishing Prevention: 10 Ways to Protect Your Organization

eSecurity Planet

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets. A typical spear phishing attack follows a familiar pattern of emails with attachments.

article thumbnail

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

The Hacker News

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.

98
article thumbnail

Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers

Tech Republic Security

Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.