Sat.Sep 09, 2023 - Fri.Sep 15, 2023

article thumbnail

Cybersecurity the Biggest Challenge for Smaller Organizations

Security Boulevard

A survey identified cybersecurity as the biggest challenge small organizations face today, with 49% more concerned than they were six months ago. The post Cybersecurity the Biggest Challenge for Smaller Organizations appeared first on Security Boulevard.

article thumbnail

On Robots Killing People

Schneier on Security

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot continued to work silently, smashing into Williams’s head and instantly killing him.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. Over the decades, it’s grown in a way that has left it with many inherent vulnerabilities. These vulnerabilities, not borne out of malice, were the result of choices made with limited information available at the time.

Internet 290
article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Weekly Update 364

Troy Hunt

I'm in Spain! Alicante, to be specific, where we've spent the last few days doing family wedding things, and I reckon we scrubbed up pretty well: Getting fancy in Spain 😍 pic.twitter.com/iDFmBORnHa — Troy Hunt (@troyhunt) September 9, 2023 Next stop is Amsterdam and by the end of today, we'll be sipping cold beer canal side in the 31C heat 😎 Meanwhile, this week's video focuses mostly on the Dymocks breach and the noteworthiness of what appears to be ex

Scams 236
article thumbnail

Fake Signal and Telegram Apps in the Google Play Store

Schneier on Security

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org.

Malware 313

More Trending

article thumbnail

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. 

Spyware 239
article thumbnail

Space Systems and IoT: What Are the Biggest Cyber Threats?

Lohrman on Security

In this interview with Dick Wilkinson, CTO at Proof Labs, we explore the cyber threats in space and on the Internet of Things, and how they impact each of us.

article thumbnail

Zero-Click Exploit in iPhones

Schneier on Security

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Spyware 313
article thumbnail

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

The Last Watchdog

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management.

Risk 203
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Check Point: Hackers Are Dropping USB Drives at Watering Holes

Tech Republic Security

Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives.

CISO 208
article thumbnail

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.

article thumbnail

Cars Have Terrible Data Privacy

Schneier on Security

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

article thumbnail

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

The Hacker News

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

Tech Republic Security

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware.

Malware 189
article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

article thumbnail

On Technologies for Automatic Facial Recognition

Schneier on Security

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

article thumbnail

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

The Hacker News

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.

Spyware 140
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Want a New Job? Explore Opportunities at the 10 Top US Startup Ecosystems

Tech Republic Security

Written by: Kirstie McDermott Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.

article thumbnail

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best pr

Phishing 137
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page.

238
238
article thumbnail

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

The Hacker News

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts.

Phishing 138
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

Tech Republic Security

Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code.

article thumbnail

MGM Resorts shuts down IT systems and slot machines go quiet following “cybersecurity incident”

Graham Cluley

Hotel and casino giant MGM Resorts has revealed that it is investigating a "cybersecurity incident" that has resulted in its website being taken offline, an outage of online booking systems, and even problems with slot machines. Read more in my article on the Hot for Security blog.

article thumbnail

Free Download Manager site redirected Linux users to malware for years

Bleeping Computer

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [.

Malware 139
article thumbnail

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

The Hacker News

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.

134
134
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool

Tech Republic Security

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

article thumbnail

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

WIRED Threat Level

State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.

article thumbnail

New Windows 11 feature blocks NTLM-based attacks over SMB

Bleeping Computer

Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. [.

Passwords 141
article thumbnail

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

The Hacker News

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser.

135
135
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.