October, 2023

article thumbnail

Don’t Let Zombie Zoom Links Drag You Down

Krebs on Security

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

article thumbnail

NSA AI Security Center

Schneier on Security

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Many Cyber Attacks Begin by Breaking Human Trust

Lohrman on Security

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

article thumbnail

GUEST ESSAY: Has shielding and blocking electromagnetic energy become the new normal?

The Last Watchdog

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Making Sense of Today's Payment Cybersecurity Landscape

Dark Reading

PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.

article thumbnail

GDPR Data Breach Notification Letter

Tech Republic Security

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a.

More Trending

article thumbnail

Hacking Gas Pumps via Bluetooth

Schneier on Security

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 166
article thumbnail

Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series

NSTIC

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20 th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

article thumbnail

Microsoft Defender no longer flags Tor Browser as malware

Bleeping Computer

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [.

Malware 89
article thumbnail

FBI: Crippling 'Dual Ransomware Attacks' on the Rise

Dark Reading

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Common Errors When Connecting Multiple iPhones to One Apple ID

Tech Republic Security

Don't be surprised when connecting multiple iPhones to one Apple ID. Learn how to prevent common errors and issues with this guide.

Mobile 110
article thumbnail

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – e

article thumbnail

Threat Hunting with MITRE ATT&CK

IT Security Guru

Cybercriminal tactics continue to grow in number and advance in ability; in response, many organisations have seen the need to reach a security posture where their teams can proactively combat threats. Threat hunting plays a pivotal role in modern organisations’ cybersecurity strategies. It involves actively searching for signs of advanced threats and vulnerabilities beyond passive defence mechanisms.

article thumbnail

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

The Hacker News

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

New Marvin attack revives 25-year-old decryption flaw in RSA

Bleeping Computer

A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today. [.

87
article thumbnail

Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection

Dark Reading

Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.

article thumbnail

Cyberghost VPN Review (2023): Features, Pricing, and Security

Tech Republic Security

In this comprehensive review of Cyberghost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.

VPN 96
article thumbnail

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs

The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare system based in Michigan, United States. It is one of the largest integrated health systems in the state and serves a significant portion of the population through its network of hospitals, clinics, and healthcare facilities.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

Predictive Policing Software Terrible at Predicting Crimes

WIRED Threat Level

A software company sold a New Jersey police department an algorithm that was right less than 1 percent of the time.

Software 101
article thumbnail

SecureWorld Champions 'Securing Our World' for Cybersecurity Awareness Month

SecureWorld News

As we embark on the 20th anniversary of Cybersecurity Awareness Month this October, SecureWorld proudly steps forward to champion the 2023 theme, "Secure Our World." This year marks a significant milestone in the ongoing initiative to bolster cybersecurity awareness, and SecureWorld is at the forefront, connecting the #SecureOurWorld theme directly with our mission and contributions to the cybersecurity community.

article thumbnail

FBI warns of surge in 'phantom hacker' scams impacting elderly

Bleeping Computer

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [.

Scams 84
article thumbnail

The Silent Threat of APIs: What the New Data Reveals About Unknown Risk

Dark Reading

The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.

Risk 108
article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

article thumbnail

Browse Safer and Faster Around the World with JellyVPN — Now Just $34.99

Tech Republic Security

This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.

VPN 101
article thumbnail

North Korea-linked Lazarus targeted a Spanish aerospace company

Security Affairs

North Korea-linked APT group Lazarus impersonated Meta’s recruiters in an attack against a Spanish company in the Aerospace industry. ESET researchers linked the North Korea-linked Lazarus APT Group to a cyber attack targeting an unnamed Spanish aerospace firm. The cyberspies impersonated Meta’s recruiters to lure employees with trojanized coding challenges.

article thumbnail

Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses

The Hacker News

A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer, attributing it to an actor who is knowledgeable in the Chinese language.

71
article thumbnail

Unlocking the Secrets of Hardened Secure Endpoint in 2023

Security Boulevard

Introduction Endpoint security is a critical component of a comprehensive cybersecurity strategy, especially for small businesses. It focuses on safeguarding various endpoints in a network from potential cyber threats. Endpoints include devices such as laptops, smartphones, and other connected devices. Endpoint security solutions come with a range of features designed to protect your business, including … Unlocking the Secrets of Hardened Secure Endpoint in 2023 Read More » The post Unlocking th

article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

article thumbnail

Amazon sends Mastercard, Google Play gift card order emails by mistake

Bleeping Computer

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. [.

article thumbnail

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org

Dark Reading

The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.

Malware 78
article thumbnail

A CISO Explains 4 Steps that Make it Easy to Stay Safe Online

Veracode Security

To secure our world, Cybersecurity Awareness Month encourages four steps that make it easy to stay safe online. As a CISO, my team and I advocate for these practices constantly within our organization. If you are a security practitioner looking to bolster cybersecurity awareness, here’s a brief look at how we explain these steps to help make staying safe online easier.

CISO 69
article thumbnail

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Progress Software recently warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?