Schneier on Security

AUGUST 22, 2023

License plate scanners aren’t new. Neither is using them for bulk surveillance. What’s new is that AI is being used on the data, identifying “suspicious” vehicle behavior: Typically, Automatic License Plate Recognition (ALPR) technology is used to search for plates linked to specific crimes. But in this case it was used to examine the driving patterns of anyone passing one of Westchester County’s 480 cameras over a two-year period.

Surveillance 195

Surveillance Mobile Technology Artificial Intelligence 195

Troy Hunt

AUGUST 21, 2023

There's a "hidden" API on HIBP. Well, it's not "hidden" insofar as it's easily discoverable if you watch the network traffic from the client, but it's not meant to be called directly, rather only via the web app. It's called "unified search" and it looks just like this: It's been there in one form or another since day 1 (so almost a decade now), and it serves a sole purpose: to perform searches from the home page.

Firewall 199

Firewall Authentication Internet Internet 199

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Cyber Risk 192

Cyber Risk Phishing Data breaches Cryptocurrency 192

Lohrman on Security

AUGUST 20, 2023

Surveys show that most Americans think online security is too hard, confusing and frustrating. So as we prepare for Cybersecurity Awareness Month in October, the goal is to make cybersecurity easy.

Cybersecurity 188

Cybersecurity 188

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Schneier on Security

AUGUST 25, 2023

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But there’s also examples of companies hacking the laws: Companies like Coca-Cola and Kraft Heinz have begun designing their products so that their packages don’t have a true front or back, but rather two nearly identical labels—except for the fact that only

Hacking 188

Hacking Manufacturing Marketing 188

Troy Hunt

AUGUST 20, 2023

This week hasd been manic! Non-stop tickets related to the new HIBP domain subscription service, scrambling to support invoicing and resellers, struggling our way through some odd Stripe things and so on and so forth. It's all good stuff and there have been very few issues of note (and all of those have merely been people getting to grips with the new model), so all in all, it's happy days 😊 References Sponsored by: Unpatched devices keeping you up at night?

Education 195

Education 195

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. These scammers impersonate Bank of America representatives, using the genuine bank’s phone number (+18004321000) to gain trust and deceive their targets.

Scams 244

Scams Banking Authentication Accountability 244

Schneier on Security

AUGUST 23, 2023

Imagine that we’ve all—all of us, all of society—landed on some alien planet, and we have to form a government: clean slate. We don’t have any legacy systems from the US or any other country. We don’t have any special or unique interests to perturb our thinking. How would we govern ourselves? It’s unlikely that we would use the systems we have today.

Government 190

Government Artificial Intelligence Hacking Technology 190

Tech Republic Security

AUGUST 22, 2023

If you have users that need certain admin privileges on your Linux machines, here's a walk-through of the process for granting full or specific rights.

155

155

Digital Shadows

AUGUST 25, 2023

Loader malware is working behind the scenes in many organizations' environments, doing the heavy lifting that helps an infection spread. ReliaQuest has picked out the most commonly observed loaders and outlined why SOC analysts should worry about them, plus how to defend against them.

Malware 98

Malware Cybercrime 98

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Security Boulevard

AUGUST 25, 2023

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those [.] The post API Abuse – Lessons from the Duolingo Data Scraping Attack appeared first on Wallarm.

98

98

Schneier on Security

AUGUST 21, 2023

At Black Hat last week, the White House announced an AI Cyber Challenge. Gizmodo reports : The new AI cyber challenge (which is being abbreviated “AIxCC”) will have a number of different phases. Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate in a 2024 “qualifying event.” During that event, the top 20 teams will be invited to a semifinal competi

Cybersecurity 184

Cybersecurity Small Business Government Risk 184

Tech Republic Security

AUGUST 24, 2023

This QR code phishing campaign is targeting multiple industries and using legitimate services such as Microsoft Bing to increase its efficiency and bypass security.

Phishing 141

Phishing Cybersecurity 141

Dark Reading

AUGUST 25, 2023

Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by “promot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.

Malware 96

Malware 96

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Bleeping Computer

AUGUST 23, 2023

Microsoft has released the optional KB5029331 Preview cumulative update for Windows 10 22H2 with sixteen improvements or fixes, including the introduction of a new Backup app. [.

Backups 98

Backups 98

Schneier on Security

AUGUST 24, 2023

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.

Authentication 202

Authentication 202

Tech Republic Security

AUGUST 25, 2023

A new variant of malware called XLoader is targeting macOS users. Learn more about how to protect yourself from this malicious software.

Malware 145

Malware Software Cybersecurity 145

Dark Reading

AUGUST 22, 2023

Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.

Risk 94

Risk Cybersecurity 94

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Malwarebytes

AUGUST 25, 2023

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Researchers from the University of London and Universita di Catania produced a paper explaining the dangers of common IoT products. In this case, how smart bulbs can be compromised to gain access to your home or office network.

Passwords 98

Passwords Risk IoT Firmware 98

Bleeping Computer

AUGUST 24, 2023

Microsoft says the August 2023 preview updates released this week for Windows 11 and Windows 10 systems are causing blue screens with errors mentioning an unsupported processor issue.

98

98

Tech Republic Security

AUGUST 25, 2023

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.

Malware 131

Malware Healthcare Internet Internet 131

Security Boulevard

AUGUST 24, 2023

It's time to ask tough questions and carefully scrutinize new cybersecurity tools before pulling the trigger on purchases. The post Do we really need another cybersecurity tool? appeared first on SafeBreach. The post Do we really need another cybersecurity tool? appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

The Hacker News

AUGUST 19, 2023

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams.

Scams 98

Scams Cybersecurity Engineering 98

Bleeping Computer

AUGUST 23, 2023

Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry. [.

Password Management 98

Password Management Encryption Passwords Software 98

Tech Republic Security

AUGUST 24, 2023

A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners.

Cybersecurity 116

Cybersecurity Ransomware Healthcare 116

Security Boulevard

AUGUST 24, 2023

Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more. The post Lapsus$ Jury Says Teen Duo Did Do Crimes appeared first on Security Boulevard.

Hacking 98

Hacking Security Awareness Social Engineering Network Security 98

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

Dark Reading

AUGUST 21, 2023

AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.

97

97

The Hacker News

AUGUST 21, 2023

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.

98

98

Tech Republic Security

AUGUST 22, 2023

Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.

Cybersecurity 130

Cybersecurity Artificial Intelligence Phishing 130

Bleeping Computer

AUGUST 21, 2023

Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. [.

Authentication 98

Authentication Technology 98

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy