The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious activity.…
Category: EN
Microsoft Warns of COLDRIVER’s Evolving Evasion and Credential-Stealing Tactics
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster…
Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme
The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an…
LogoFail vulnerability affects many Windows and Linux devices
Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. Security researchers at Binarly have disclosed security vulnerabilities in system firmware […] Thank you for being a Ghacks reader.…
New infosec products of the week: December 8, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis. Varonis enhances DSPM capabilities with Azure and AWS support Varonis Systems has expanded…
Twitter fired its Information Security head for cutting budget on data security and privacy
Elon Musk has been making headlines recently, not only for his contentious remarks against his company’s investors but also for the abrupt dismissal of his Information Security head. The focus of the controversy lies in allegations made by Alan Rosa,…
Guidelines for Secure AI System Development
In an era where artificial intelligence (AI) plays an increasingly pivotal role across various industries, ensuring the security of AI systems has become a paramount concern. As AI technology continues to advance, developers and organizations must prioritize robust security measures…
Safeguard Business Transactions with Online Payment Security Tips
By Zac Amos, Features Editor, ReHack Secure online payments have become an integral part of the shopping experience. More people are using e-commerce than ever before, and business owners must […] The post Safeguard Business Transactions with Online Payment Security…
Increase In Mobile Threats Calls for A Proactive Mindset.
By Nicole Allen, Senior Marketing Executive at Salt Communications Mobile threats are always evolving in the world of business. Threats to mobile security are increasing: More than 60% of cyber […] The post Increase In Mobile Threats Calls for A…
Halting Hackers on the Holidays 2023
by Gary S. Miliefsky, Publisher of Cyber Defense Magazine As we saw with major holidays including Black Friday and Cyber Monday and now right around the corner and a massive […] The post Halting Hackers on the Holidays 2023 appeared…
Aim for a modern data security approach
Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data…
Alert fatigue puts pressure on security and development teams
Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed…
AI literacy gap extends beyond technical skills
Even as organizations accelerate AI adoption, the majority don’t understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, according to Pluralsight. “AI is transforming the way that business is done, but many…
Movie Forums – 39,914 breached accounts
In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted…
Meta Makes End-to-End Encryption a Default on Facebook Messenger
End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages. The post Meta Makes End-to-End Encryption a Default on Facebook Messenger appeared first on SecurityWeek.…
Love for sports could lead to poor password practices
33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports team (46%) versus a college sports team (22%). 49% of…
Canadian privacy czars release principles for responsible development of AI
The principles remind AI developers they have to follow Canadian data pr This article has been indexed from IT World Canada Read the original article: Canadian privacy czars release principles for responsible development of AI
Five Eyes nations warn Moscow’s mates at the Star Blizzard gang have new phishing targets
The Russians are coming! Err, they’ve already infiltrated UK, US inboxes Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance.……
Russia-linked APT8 exploited Outlook zero-day to target European NATO members
Russia-linked group APT28 exploited Microsoft Outlook zero-day to target European NATO members, including a NATO Rapid Deployable Corps. Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in…
Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents
By Waqas The documents were leaked on December 6th, 2023, on Breach Forums. This is a post from HackRead.com Read the original post: Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents This article has been indexed from Hackread – Latest…