Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Scams 276

Scams Malware Cryptocurrency Hacking 276

Schneier on Security

OCTOBER 17, 2023

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system.

Malware 311

Malware Internet Internet Government 311

Troy Hunt

OCTOBER 19, 2023

I did it again - I tweeted about Twitter doing something I thought was useful and the hordes did descend on Twitter to tweet about how terrible Twitter is. Right, gotcha, so 1.3M views of that tweet later. As I say in this week's video, there's a whole bunch of crazy arguments in there but the thing that continues to get me the most in every one of these discussions is the argument that Elon is a poo poo head.

Marketing 243

Marketing Accountability 243

Tech Republic Security

OCTOBER 17, 2023

Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.

Software 184

Software Risk 184

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

OCTOBER 17, 2023

Amir Golestan , the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Ca

Internet 291

Internet Internet VPN Marketing 291

Bleeping Computer

OCTOBER 16, 2023

Cisco warned admins today of a new maximum severity authentication bypass zero-day in its IOS XE software that lets unauthenticated attackers gain full administrator privileges and take complete control of affected routers and switches remotely. [.

Authentication 139

Authentication Software 139

Tech Republic Security

OCTOBER 17, 2023

The number of devices exposing the web UI on the internet, a timeline and technical details about this malicious activity, and tips for mitigating this zero-day threat are featured.

Software 158

Software Internet Internet Cybersecurity 158

Malwarebytes

OCTOBER 18, 2023

Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common occurrence these days due to a feature known as tracking templates, but this attack used an additional layer of deception.

Password Management 138

Password Management Malware Passwords Advertising 138

Bleeping Computer

OCTOBER 15, 2023

Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real. [.

Technology 138

Technology 138

Graham Cluley

OCTOBER 16, 2023

One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details. How do I know? The fraudsters tried the trick with me.

Phishing 138

Phishing 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 20, 2023

The Five Eyes coalition's principles focus on reducing the possibility of IP theft, particularly from nation-state-sponsored threat actors.

Cybersecurity 170

Cybersecurity 170

The Hacker News

OCTOBER 16, 2023

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system.

Software 137

Software 137

Bleeping Computer

OCTOBER 20, 2023

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. [.

136

136

Thales Cloud Protection & Licensing

OCTOBER 17, 2023

Cyber Security Awareness Month – Answering Google’s Most Commonly Asked Questions madhav Wed, 10/18/2023 - 05:25 This month is Cyber Security Awareness Month , highlighting how far security education needs to go in order to enable a secure interconnected world. Technology continues to improve our lives – but at the same time the risks continue to grow.

Security Awareness 129

Security Awareness Passwords Authentication Encryption 129

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

OCTOBER 17, 2023

Microsoft OneDrive accounts for 26% of the overall usage of cloud storage apps to host malware, ahead of Microsoft PowerPoint and GitHub.

Malware 166

Malware Accountability Phishing Cybercrime 166

Security Affairs

OCTOBER 16, 2023

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

Accountability 135

Accountability Internet Internet Software 135

Bleeping Computer

OCTOBER 20, 2023

​Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. [.

134

134

Duo's Security Blog

OCTOBER 18, 2023

“Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messages.” - Just one successful attack is needed Phishing can be delivered by a variety of different vehicles such as email, text, phone call (voice phishing or a “vhish”) or even social media post, instant message or QR code.

Phishing 131

Phishing Security Awareness Software Media 131

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

OCTOBER 18, 2023

The Australian federal government aims to deliver changes to privacy laws in 2024. Organisations are being warned to prepare ahead of time by creating a comprehensive map of organisational data.

Government 141

Government Big data Data breaches Data privacy 141

Security Affairs

OCTOBER 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is a provider of technology solutions and services for business, government and education.

Ransomware 134

Ransomware Technology Healthcare Government 134

Bleeping Computer

OCTOBER 20, 2023

Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. [.

Malware 134

Malware 134

The Hacker News

OCTOBER 17, 2023

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account.

Passwords 128

Passwords Accountability 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

OCTOBER 16, 2023

Read our comprehensive review of Avast SecureLine VPN. We analyze its features, speed, security, and more to determine if it is the best VPN option for you.

VPN 148

VPN 148

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more.

Ransomware 129

Ransomware Healthcare Data breaches Cyber Attacks 129

Bleeping Computer

OCTOBER 16, 2023

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams. [.

134

134

Malwarebytes

OCTOBER 16, 2023

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware.

Malware 129

Malware Ransomware Accountability Software 129

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

OCTOBER 16, 2023

The European Union’s General Data Protection Regulation requires every organization that collects sensitive personal data from those residing in the EU to ask for clear and specific consent before collecting that data. The three sample texts from TechRepublic Premium will provide a customizable framework for your organization to use and stay compliant.

132

132

Security Boulevard

OCTOBER 20, 2023

Law enforcement agencies throughout Europe and the United States took a big swing at the notorious RagnaLocker ransomware group, arresting a malware developer, seizing parts of its infrastructure, and shutting down negotiations and leak sites on the Tor network. During the operation, which stretched over the last four days and multiple European countries, authorities also.

Ransomware 128

Ransomware Malware Cybersecurity Network Security 128

Bleeping Computer

OCTOBER 18, 2023

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. [.

Hacking 130

Hacking Ransomware 130

Malwarebytes

OCTOBER 19, 2023

The key is under the doormat by the front door. The administrator password is "admin". These are easy to remember clues when you are providing entrance to someone you trust. The problem is that they are also enormously easy to guess. It’s where we would expect an unwanted visitor to check first, before breaking out the toolbox. Random end users could be forgiven for relying on such obviously insecure habits, but what about professionals who job it is to keep things safe and secure?

Passwords 127

Passwords Authentication Password Management Engineering 127

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk