Sat.Sep 30, 2023 - Fri.Oct 06, 2023

article thumbnail

Don’t Let Zombie Zoom Links Drag You Down

Krebs on Security

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

article thumbnail

NSA AI Security Center

Schneier on Security

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Many Cyber Attacks Begin by Breaking Human Trust

Lohrman on Security

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

article thumbnail

GUEST ESSAY: Has shielding and blocking electromagnetic energy become the new normal?

The Last Watchdog

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

article thumbnail

Hacking Gas Pumps via Bluetooth

Schneier on Security

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 166

More Trending

article thumbnail

GDPR Data Breach Notification Letter

Tech Republic Security

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a.

article thumbnail

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

Security Affairs

Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management.

article thumbnail

FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert.

article thumbnail

FBI: Crippling 'Dual Ransomware Attacks' on the Rise

Dark Reading

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Common Errors When Connecting Multiple iPhones to One Apple ID

Tech Republic Security

Don't be surprised when connecting multiple iPhones to one Apple ID. Learn how to prevent common errors and issues with this guide.

Mobile 110
article thumbnail

FBI warns of dual ransomware attacks

Security Affairs

The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims. The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times. “As of July 2023, the FBI noted two trends emerging across the ransomware environment and is releasing this notification for industry awareness.

article thumbnail

Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series

NSTIC

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20 th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

article thumbnail

Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection

Dark Reading

Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Cyberghost VPN Review (2023): Features, Pricing, and Security

Tech Republic Security

In this comprehensive review of Cyberghost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.

VPN 96
article thumbnail

Progress Software fixed two critical severity flaws in WS_FTP Server

Security Affairs

Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. Progress Software warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide. “The WS_FTP team recently discovered vulnerabilities in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface.

Software 105
article thumbnail

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

The Hacker News

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah.

Malware 103
article thumbnail

Microsoft Defender no longer flags Tor Browser as malware

Bleeping Computer

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [.

Malware 89
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

Threat Hunting with MITRE ATT&CK

IT Security Guru

Cybercriminal tactics continue to grow in number and advance in ability; in response, many organisations have seen the need to reach a security posture where their teams can proactively combat threats. Threat hunting plays a pivotal role in modern organisations’ cybersecurity strategies. It involves actively searching for signs of advanced threats and vulnerabilities beyond passive defence mechanisms.

article thumbnail

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Security Affairs

The ALPHV/BlackCat ransomware gang added the hotel chain Motel One to the list of victims on its Tor leak site. Motel One is a German hotel chain that offers budget-friendly accommodations primarily targeted at business and leisure travelers. It is known for its stylish and design-focused hotels that aim to provide a comfortable and affordable stay for guests.

article thumbnail

Browse Safer and Faster Around the World with JellyVPN — Now Just $34.99

Tech Republic Security

This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.

VPN 101
article thumbnail

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

The Hacker News

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

The Silent Threat of APIs: What the New Data Reveals About Unknown Risk

Dark Reading

The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.

Risk 108
article thumbnail

Child abuse site taken down, organized child exploitation crime suspected – exclusive

Security Affairs

A child abuse site has been taken down following a request to German law enforcement by Cybernews research team. A hacker collective, who wanted to remain anonymous, has been relentlessly hunting online crooks who benefit from videos of children being abused. This week, they discovered a website dedicated to pedophiles – it was full of explicit video material featuring minors.

Hacking 101
article thumbnail

Predictive Policing Software Terrible at Predicting Crimes

WIRED Threat Level

A software company sold a New Jersey police department an algorithm that was right less than 1 percent of the time.

Software 101
article thumbnail

Cloudflare DDoS protections ironically bypassed using Cloudflare

Bleeping Computer

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [.

DDOS 95
article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

article thumbnail

SecureWorld Champions 'Securing Our World' for Cybersecurity Awareness Month

SecureWorld News

As we embark on the 20th anniversary of Cybersecurity Awareness Month this October, SecureWorld proudly steps forward to champion the 2023 theme, "Secure Our World." This year marks a significant milestone in the ongoing initiative to bolster cybersecurity awareness, and SecureWorld is at the forefront, connecting the #SecureOurWorld theme directly with our mission and contributions to the cybersecurity community.

article thumbnail

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – e

article thumbnail

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org

Dark Reading

The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.

Malware 78
article thumbnail

FBI warns of surge in 'phantom hacker' scams impacting elderly

Bleeping Computer

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [.

Scams 84
article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.