Security Boulevard

SEPTEMBER 3, 2023

Cyber insurance offers financial protection and support in the event of a cyber attack, data breach, or other cyber-related incidents. Ironically, the security that insurance brings to policyholders stands in contrast to the shifting, dynamic state of the cyber insurance market in general. The cyber insurance market is currently experiencing a state of flux due […] The post Cyber Insurance Explained: What It Covers, Who Needs It appeared first on Centraleyes.

Cyber Insurance 117

Cyber Insurance Insurance Marketing Data breaches 117

Schneier on Security

SEPTEMBER 6, 2023

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

Cryptocurrency 340

Cryptocurrency Encryption Technology 340

Troy Hunt

SEPTEMBER 6, 2023

I'm super late pushing out this week's video, I mean to the point where I now have a couple of days before doing the next one. Travel from the opposite side of the world is the obvious excuse, then frankly, just wanting to hang out with friends and relax. And now, I somehow find myself publishing this from the most mind-bending set of circumstances: Heading to 31C.

Phishing 249

Phishing Passwords 249

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220

IoT Government Internet Internet 220

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Lohrman on Security

SEPTEMBER 3, 2023

Reports from cybersecurity companies in 2023 show mixed trends regarding the number of global data breaches, ransomware attacks, records affected and government costs. But one thing is clear: Cyber attack impacts steadily grow.

Data breaches 216

Data breaches Ransomware Cyber Attacks Government 216

Schneier on Security

SEPTEMBER 5, 2023

Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value.

Software 326

Software 326

The Hacker News

SEPTEMBER 8, 2023

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.

Spyware 143

Spyware 143

Bleeping Computer

SEPTEMBER 2, 2023

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. [.

Passwords 143

Passwords 143

Schneier on Security

SEPTEMBER 8, 2023

Last March, just two weeks after GPT-4 was released , researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs). This was just one milestone in the race across industry and academia to find the best ways to teach LLMs how to manipulate tools, which would supercharge

Banking 309

Banking Risk Accountability Government 309

Tech Republic Security

SEPTEMBER 8, 2023

It’s a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.

Spyware 193

Spyware Cyber threats Mobile 193

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Graham Cluley

SEPTEMBER 7, 2023

A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. Read more in my article on the Tripwire State of Security blog.

Malware 142

Malware 142

Bleeping Computer

SEPTEMBER 7, 2023

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. [.

Spyware 142

Spyware 142

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks.

Ransomware 138

Ransomware VPN Authentication Hacking 138

Tech Republic Security

SEPTEMBER 8, 2023

Australian data breach costs have jumped over the last five years to $2.57 million USD, according to IBM. Prioritizing DevSecOps and incident response planning can help IT leaders minimize the financial risk.

Data breaches 156

Data breaches Risk 156

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 7, 2023

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key.

Hacking 134

Hacking Accountability 134

Bleeping Computer

SEPTEMBER 8, 2023

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. [.

Software 139

Software 139

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

Social Engineering 136

Social Engineering Engineering Authentication Accountability 136

Tech Republic Security

SEPTEMBER 6, 2023

When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide from TechRepublic Premium provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying comparison tool will document your research and provide.

147

147

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

SEPTEMBER 3, 2023

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

Antivirus 137

Antivirus Cybersecurity 137

Bleeping Computer

SEPTEMBER 6, 2023

The Flipper Zero portable wireless pen-testing and hacking tool can be used to aggressively spam Bluetooth connection messages at Apple iOS devices, such as iPhones and iPads. [.

Wireless 131

Wireless Hacking 131

Security Boulevard

SEPTEMBER 8, 2023

Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction. The post Google Kills 3rd-Party Cookies — but Monopolizes AdTech appeared first on Security Boulevard.

Advertising 132

Advertising Social Engineering Data privacy Engineering 132

Tech Republic Security

SEPTEMBER 7, 2023

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

IoT 171

IoT Media Internet Internet 171

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

SEPTEMBER 2, 2023

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.

Authentication 135

Authentication 135

Security Affairs

SEPTEMBER 6, 2023

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats. “Without further ado, the MITRE Caldera team is proud to announce the release of Caldera for O

Cyber threats 134

Cyber threats Technology Engineering Hacking 134

WIRED Threat Level

SEPTEMBER 6, 2023

After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.

Hacking 134

Hacking 134

Tech Republic Security

SEPTEMBER 4, 2023

Linux is a powerful and customizable operating system that has been the backbone of many businesses for decades. This policy from TechRepublic Premium provides guidelines for securing Linux on company computers and computers used to conduct company business. It assumes administrative knowledge of Linux servers and/or workstation environments. From the policy: DEVELOP TEMPLATES BASED ON.

132

132

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

SEPTEMBER 7, 2023

Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database.

132

132

Security Affairs

SEPTEMBER 4, 2023

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine.

DDOS 133

DDOS Financial Services Insurance Banking 133

Malwarebytes

SEPTEMBER 7, 2023

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies. The attack was first reported by Microsoft in July , in an article that left some important questions unanswered.

Authentication 130

Authentication Accountability Government Passwords 130

SecureList

SEPTEMBER 8, 2023

A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a distributed network of data processing centers around the world. What can possibly be wrong with a Telegram mod duly tested by Google Play and available through the official store?

Encryption 126

Encryption Spyware Accountability Malware 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity