Sat.Sep 23, 2023 - Fri.Sep 29, 2023

article thumbnail

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord.

article thumbnail

Signal Will Leave the UK Rather Than Add a Backdoor

Schneier on Security

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

The Last Watchdog

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade. Related: Biden’s cybersecurity strategy As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front. Given the divergent path s of the U.S. Senate and the U.S.

article thumbnail

Build for Detection Engineering, and Alerting Will Improve (Part 3)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Adopting detection engineering practices should have a roadmap and eventually bec

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Weekly Update 367

Troy Hunt

Ah, home 😊 It's been more than a month since I've been able to sit at this desk and stream a weekly video. And now I'm doing it with the glorious spring weather just outside my window, which I really must make more time to start enjoying. Anyway, this week is super casual due to having had zero prep time, but I hope the discussion about the ABC's piece on HIBP and I in particular is interesting.

Passwords 216
article thumbnail

Critical Vulnerability in libwebp Library

Schneier on Security

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP ima

258
258

More Trending

article thumbnail

ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package

Tech Republic Security

We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.

Malware 197
article thumbnail

APT34 Deploys Phishing Attack With New Malware

Trend Micro

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Phishing 145
article thumbnail

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

We Live Security

ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.

144
144
article thumbnail

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data

Tech Republic Security

These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.

Big data 146
article thumbnail

Malicious ad served inside Bing's AI chatbot

Malwarebytes

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the balance in the future. Considering that tech giants make most of their revenue from advertising, it wasn't surprising to see Microsoft introduce ads into Bing Chat shortly after its release.

Malware 145
article thumbnail

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

The Hacker News

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).

Software 142
article thumbnail

Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

The Last Watchdog

APIs. The glue of hyper connectivity; yet also the wellspring of risk. Related: The true scale of API breaches I had an enlightening discussion at Black Hat USA 2023 with Traceable.ai Chief Security Officer Richard Bird about how these snippets of code have dramatically expanded the attack surface in ways that have largely been overlooked. Please give the accompanying podcast a listen.

CSO 204
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

ProtonVPN vs. AtlasVPN (2023): Which VPN Should You Use?

Tech Republic Security

Which VPN is better, ProtonVPN or AtlasVPN? Read our in-depth comparison to decide which one fits you in terms of pricing, key features and more.

VPN 156
article thumbnail

Ransomware group claims it's "compromised all of Sony systems"

Malwarebytes

Newcomer ransomware group RansomedVC claims to have successfully compromised the computer systems of entertainment giant Sony. As ransomware gangs do, it made the announcement on its dark web website, where it sells data that it's stolen from victims' computer networks. The announcement says Sony's data is for sale: Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato,

article thumbnail

Building automation giant Johnson Controls hit by ransomware attack

Bleeping Computer

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations. [.

article thumbnail

DarkBeam leaks billions of email and password combinations

Security Affairs

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.

Passwords 141
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Australian Government’s ‘Six Cyber Shields’ Is Potentially a Well-Meaning Skills Crisis

Tech Republic Security

The Australian government’s new national cyber security strategy might have the inadvertent effect of making security efforts even more difficult for businesses by intensifying the current skills shortage.

article thumbnail

Pegasus spyware and how it exploited a WebP vulnerability

Malwarebytes

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. For those that have missed the subtle clues, we have tried to construct a clear picture. We attempted to follow the timeline of events, but have made some adjustments to keep the flow of the story alive. On September 12, 2023 we published two blogs urging our readers to urgently patch two Apple issues which were added to the catalog of known exploited vulnerabilities by the Cybersecurity &

Spyware 138
article thumbnail

Exploit released for Microsoft SharePoint Server auth bypass flaw

Bleeping Computer

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [.

article thumbnail

Ransomware group demands $51 million from Johnson Controls after cyber attack

Graham Cluley

Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack. Read more in my article on the Hot for Security blog.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Identity Theft Protection Policy

Tech Republic Security

Help protect your employees and customers from identity theft. This policy from TechRepublic Premium outlines precautions for reducing risk, signs to watch out for and steps to take if you suspect identity theft has occurred. While such misfortune may not be 100% preventable for everyone who follows these guidelines (since identity theft can still occur.

article thumbnail

Google’s Bard conversations turn up in search results

Malwarebytes

Google is coming under scrutiny after people discovered transcripts of conversations with its AI chatbot Bard are being indexed in Google search results. Bard is Google’s answer to ChatGPT, and allows users to have conversations with an AI. Services like these have attracted a lot of attention, because with a bit of tweaking and getting used to they can be really helpful in speeding up tasks.

article thumbnail

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

The Hacker News

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report.

article thumbnail

Discord is investigating cause of ‘You have been blocked’ errors

Bleeping Computer

Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [.

134
134
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

How To Implement Zero Trust: Best Practices and Guidelines

Tech Republic Security

Learn how to implement a Zero Trust security model with our comprehensive guide. Discover the best practices and steps to secure your organization.

Software 150
article thumbnail

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Security Affairs

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed servers.

Hacking 130
article thumbnail

iOS 17 update secretly changed your privacy settings; here’s how to set them back

Graham Cluley

Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy. Read more in my article on the Hot for Security blog.

131
131
article thumbnail

BingGPT is now infested with malware

Bleeping Computer

Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware.

Malware 141
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?