Category: EN

Kaspersky Security Bulletin 2023. Statistics

Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. This article has been indexed from Securelist Read the original article: Kaspersky Security Bulletin 2023. Statistics

Read more →

Booking.com customers targeted in hotel booking scam

Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to…

Read more →

New Employee Checklist and Default Access Policy

Onboarding new employees and providing them with the equipment and access they need can be a complex process involving various departments. This New Employee Checklist and Default Access Policy from TechRepublic Premium enables the IT and HR departments to effectively…

Read more →

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by…

Read more →

Flying Blind: Is your Vulnerability Management program working?

Vulnerability management is a non-trivial problem for any organization that is trying to keep their environment safe.  There can be myriad tools in use, multiple processes, regulations, and numerous stakeholders all putting demands on the program.  All of these factors…

Read more →

Application Security Trends & Challenges with Tanya Janca

In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new…

Read more →

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can…

Read more →

Imperva & Thales: Pioneering a New Era in Cybersecurity

Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world’s leading organizations but…

Read more →

EU lawmakers finalize cyber security rules that panicked open source devs

PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities Infosec in brief  The European Union’s Parliament and Council have reached an agreement on the Cyber Resilience Act (CRA), setting the long-awaited security regulation on a path…

Read more →

Ransomware news currently trending on Google

1.) A cloud computing firm named ‘Trellance‘ recently fell victim to hackers spreading ransomware, causing disruptions and outages for approximately 60 credit unions in the United States. The National Credit Union Administration (NCUA), responsible for overseeing technology related to federal…

Read more →

Understanding Mobile Network Hacking: Risks, Methods, and Safeguarding Measures

In an era dominated by mobile connectivity, the security of mobile networks has become a critical concern. Mobile network hacking refers to unauthorized access and manipulation of mobile communication systems, posing significant risks to individuals and organizations alike. This article…

Read more →

2023 Gartner® Market Guide for Security, Orchestration, Automation and Response Solutions

“The security technology market is in a state of general overload with pressure on budgets, staff hiring/retention, and having too many point solutions are pervasive issues for organizations today.” Security and risk management leaders should evaluate how security orchestration, automation…

Read more →

Put guardrails around AI use to protect your org, but be open to changes

Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating repetitive tasks, and saving time. But…

Read more →

Entertainment Transformed: The Impact of Technology

As the saying goes, “everything old is new again” – and this certainly applies to technology’s impact on entertainment. From music production to live events,… The post Entertainment Transformed: The Impact of Technology appeared first on Security Zap. This article…

Read more →

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to “hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the…

Read more →

New Relic’s cyber-something revealed as attack on staging systems, some users

Ongoing investigation found evidence of stolen employee creds and social engineering Nine days after issuing a vaguely worded warning about a possible cyber security incident, web tracking and analytics outfit New Relic has revealed a two-front attack.… This article has…

Read more →

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations

In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency. But threat actors are learning…

Read more →

Maximizing cybersecurity on a budget

A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization…

Read more →

What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…

What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance own Ongoing Operations LLC, and…

Read more →

Identifying Insider Threats: Addressing the Top Five Insider Threat Indicators

[By John Stringer, Head of Product, Next] Cybersecurity teams work extensively to keep external attackers out of their organization’s IT environment, but insider threats present a different, equally as difficult, challenge. Identifying insider threats is growing increasingly complex, and, as…

Read more →

New Agent Raccoon malware targets the Middle East, Africa and the US

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle…

Read more →

Breaches happen: It’s time to stop playing the blame game and start learning together

Even an organization that has done everything right can suffer a breach. Let’s stop victim blaming and embrace honesty and transparency. This article has been indexed from Security News | VentureBeat Read the original article: Breaches happen: It’s time to…

Read more →

DEF CON 31 – Daniel Avinoam’s ‘Staying Undetected Using The Windows Container Isolation Framework’

Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. Permalink The post DEF…

Read more →

How to Do a Risk Analysis Service in a Software Project

Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A well-executed risk…

Read more →

23andMe Reports Hackers Accessed “Significant Number” of Ancestry Files

  Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach…

Read more →

US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group

The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. …

Read more →

U.S. Seizes Sinbad Crypto Mixer Tied to North Korean Hackers

Federal authorities in the United States have effectively confiscated the Sinbad crypto mixer, a tool purportedly used by North Korean hackers from the Lazarus organization, in a key action against cybercriminal activities. The operation, which focused on the Lazarus group’s…

Read more →

Rising Tide of Cyber Threats: Booking.com Faces Surge in Customer Hacking Incidents

  Dark forums are places where hackers advertise what they can do to increase attacks against Booking.com customers. As cybercriminals continue to target hotel guests by offering up to $2,000 for hotel logins, they are offering up to 2,000 dollars…

Read more →

2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks

There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention.    The post 2023’s…

Read more →

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex…

Read more →

DEF CON 31 – War Stories – Taiiwo’s, Artorias’, Puck’s, TheClockworkBird’s ‘Cracking Cicada 3301’

Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. Permalink The post DEF…

Read more →

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Researchers…

Read more →

Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say

The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers The post Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say appeared first on SecurityWeek. This article…

Read more →

Researchers devised an attack technique to extract ChatGPT training data

Researchers devised an attack technique that could have been used to trick ChatGPT into disclosing training data. A team of researchers from several universities and Google have demonstrated an attack technique against ChetGPT that allowed them to extract several megabytes…

Read more →

Facebook Is Reportedly Struggling To Detect And Remove Child Abuse Content

The post Facebook Is Reportedly Struggling To Detect And Remove Child Abuse Content appeared first on Facecrooks. Facebook has always had a hard time staying ahead of bad actors seeking to exploit the platform. However, the degree to which the…

Read more →

LockBit Claims Cyberattack on India’s National Aerospace lab

  LockBit, the infamous ransomware group, has admitted to being behind a cyber assault on India’s state-owned aerospace research laboratory. Additionally, during the month of July, LockBit’s dark web leaked data of Granules, an Indian pharmaceutical company, as one of…

Read more →

Okta: October Data Breach Impacts All User Across Customer Support Systems

The latest investigation Okta’s recent investigation into the exploit of its Help Center environment in October disclosed that the threat actors stole the data that belonged to all customer support system users. Okta mentioned that the hackers also stole extra…

Read more →

Understanding the New SEC Rules for Disclosing Cybersecurity Incidents

The U.S. Securities and Exchange Commission (SEC) recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. Some requirements apply to this year—for example, disclosures for fiscal years ending December 15, 2023, or…

Read more →

Google Introduces RETVec: Gmail’s New Defense to Identify Spams

Google has recently introduced a new multilingual text vectorizer called RETVec (an acronym for Resilient and Efficient Text Vectorizer), to aid identification of potentially malicious content like spam and fraudulent emails in Gmail.  While massive platforms like YouTube and Gmail…

Read more →

Researchers: ‘Black Basta’ Group Rakes in Over $100 Million

  A cyber extortion group believed to be an offshoot of the infamous Russian Conti hacker organization has reportedly amassed over $100 million since its emergence last year, according to a report published on Wednesday by digital currency tracking service…

Read more →

Amazon Introduces Q, a Business Chatbot Powered by Generative AI

  Amazon has finally identified a solution to counter ChatGPT. Earlier this week, the technology giant announced the launch of Q, a business chatbot powered by generative artificial intelligence.  The announcement, made in Las Vegas at the company’s annual conference…

Read more →

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder. This article has been indexed from Security Latest Read the original article: ChatGPT Spit Out Sensitive Data When Told to Repeat…

Read more →

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own cloud vulnerabilities in their catalog. As the national coordinator for critical infrastructure security and resilience, CISA oversees government cybersecurity operations.  Document Protect Your Storage With SafeGuard…

Read more →

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target…

Read more →

Next-Level AI: Unbelievable Precision in Replicating Doctors’ Notes Leaves Experts in Awe

  In an in-depth study, scientists found that a new artificial intelligence (AI) computer program can generate doctors’ notes with such precision that two physicians could not tell the difference. This indicates AI may soon provide healthcare workers with groundbreaking…

Read more →

China continues Pig-Butchering Crack-down

One of my techniques for keeping current on Cybercrime trends is having an “interesting” collection of international news ticklers. This story came to me via X:CyberScamMonitor via a QQ account called “onCambodia.” @CyberScamMonitor is a Twitter/X account and Substack account…

Read more →

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. … This article…

Read more →

How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises

Amidst surging fake account creation and messaging charges from SMS toll fraud, two industry giants chose Kasada to protect their customers and profit margins. The post How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises appeared first on…

Read more →

Fortune-telling website WeMystic exposes 13M+ user records

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The…

Read more →

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. “This malware family is written using the .NET framework and leverages the domain name service (DNS)…

Read more →

Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to…

Read more →

IT Modernization Efforts Need to Prioritize Cybersecurity

By Mark Marron, CEO and President, ePlus, Inc. Organizations are increasingly advancing their digital transformation efforts to deliver internal efficiencies, reduce costs, and improve customer experiences. As a side-effect of […] The post IT Modernization Efforts Need to Prioritize Cybersecurity…

Read more →

Sustainable Tech Solutions: Paving the Way for a Greener Tomorrow

We are living in a time where the future of our planet is uncertain. In order to ensure a brighter tomorrow, sustainable technology solutions must… The post Sustainable Tech Solutions: Paving the Way for a Greener Tomorrow appeared first on…

Read more →

Getting your organisation post-quantum ready

While quantum computing is still very much in its early stages, it’s important that companies are already thinking about this evolving technology – and more importantly implementing and stress testing much needed solutions suitable for a post-quantum world. In this…

Read more →

How to Build a Phishing Playbook Part 1: Preparation

Automating response to phishing attacks remains one of the core use-cases of SOAR platforms. In 2022, the Anti-Phishing Working Group (APWG) logged ~4.7 million phishing attacks. Since 2019, the number of phishing attacks has increased by more than 150% yearly.…

Read more →

Teaching appropriate use of AI tech – Week in security with Tony Anscombe

Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology This article has been indexed from WeLiveSecurity Read the original article: Teaching appropriate use of AI tech…

Read more →

Particle Network’s Intent-Centric Approach Aims to Simplify and Secure Web3

By Owais Sultan Discover Particle Network’s Web3 evolution! From a Wallet-as-a-Service tool to the Intent-Centric Modular Access Layer, explore the platform’s… This is a post from HackRead.com Read the original post: Particle Network’s Intent-Centric Approach Aims to Simplify and Secure…

Read more →

Digital Transformation in the Financial Industry: The Role of Fintech

By Owais Sultan The financial industry is undergoing a digital transformation. Digital technology has been around for decades, but it’s only… This is a post from HackRead.com Read the original post: Digital Transformation in the Financial Industry: The Role of…

Read more →

Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm

By Waqas Cyber Av3ngers, a group of hacktivists believed to be originating from Iran, conducted the cyber attack. This is a post from HackRead.com Read the original post: Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm This article…

Read more →

Taking the complexity out of identity solutions for hybrid environments

For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to…

Read more →

Top 44 Cybersecurity Companies to Know in 2024

The cybersecurity industry is constantly evolving. Learn about the top cybersecurity companies and what each does best. The post Top 44 Cybersecurity Companies to Know in 2024 appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…

Read more →

23andMe says hackers accessed ‘significant number’ of files about users’ ancestry

Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its…

Read more →

Expert warns of Turtle macOS ransomware

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle…

Read more →

Victory! Montana’s Unprecedented TikTok Ban is Unconstitutional

< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> A federal court on Thursday blocked Montana’s effort to ban TikTok from the state, ruling that the law violated users’ First Amendment rights to speak and to…

Read more →

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Two CVEs can be abused to steal sensitive info or execute code Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack.… This article has been indexed from The Register…

Read more →

Java 11 to 21: A Visual Guide for Seamless Migration

In the ever-evolving software development landscape, staying up-to-date with the latest technologies is paramount to ensuring your applications’ efficiency, security, and maintainability. As a stalwart in the world of programming languages, Java continues to transform to meet the demands of…

Read more →

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Exploits bypass most secure boot solutions from the biggest chip vendors Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.… This article has been indexed from The Register – Security Read the…

Read more →

Accelerating Cloud-Native Data Security Deployments at Scale with Imperva’s eDSF Kit

Today’s evolving digital landscape and the rapid expansion of cloud technologies have necessitated a shift in the approach of deploying and managing data security across multiple platforms. Traditional methods of manual deployment of data activity monitoring, risk analytics, and threat…

Read more →

Randall Munroe’s XKCD ‘X Value’

<a class=” sqs-block-image-link ” href=”https://xkcd.com/2861/”> <img alt=”” height=”192″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/18e75e51-6e7c-467e-8a05-041011ff7344/x_value.png?format=1000w” width=”291″ /> </a><figcaption class=”image-caption-wrapper”> via the comic artistry and dry wit of Randall Munroe, creator of XKCD! Permalink The post Randall Munroe’s XKCD ‘X Value’ appeared first on Security Boulevard. This…

Read more →

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs. This article has been indexed from Security | TechRepublic Read the original article: Apple Security Update Fixes Zero-Day Webkit Exploits

Read more →

U.S. Senator: What Do Our Cars Know? And Who Do They Share that Information With?

< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> U.S. Senator Ed Markey of Massachusetts has sent a much-needed letter to car manufacturers asking them to clarify a surprisingly hard question to answer: what data cars collect? Who has the…

Read more →

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

A new toolset comprised of malware (Agent Raccoon and Ntospy) and a custom version of Mimikatz (Mimilite) was used to target organizations in the U.S., Middle East and Africa. The post New Tool Set Found Used Against Organizations in the…

Read more →

Make your WhatsApp chats even more private with a secret code. Here’s how

Don’t want someone seeing your WhatsApp conversation? Now you can protect it with a password. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Make your WhatsApp chats even more private with a…

Read more →

Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere

Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable. The post Congressmen Ask DOJ to Investigate…

Read more →

Latest Draft of UN Cybercrime Treaty Is A Big Step Backward

< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> A new draft of the controversial United Nations cybercrime treaty has only heightened concerns that the treaty will criminalize expression and dissent, create extensive surveillance powers, and…

Read more →

Embracing Sustainability: Embark on the Journey to a More Sustainable Future!

Sustainability isn’t just about protecting the planet for future generations. It’s also about preserving the delicate balance that allows life to thrive today and tomorrow. This article has been indexed from Cisco Blogs Read the original article: Embracing Sustainability: Embark…

Read more →