2023 and Technology - Cyber Security Informer

TP-Link Router Botnet

Schneier on Security

MARCH 14, 2025

This high severity security flaw (tracked as CVE-2023-1389 ) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. Details.

Manufacturing

Manufacturing Healthcare Malware Internet

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. Threat actors hit the company’s information technology (IT) infrastructure.

Technology

Technology Ransomware Engineering Manufacturing

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Amazon was compromised in May, 2023 via a MoveIT 0day exploit.

Data breaches

Data breaches Hacking Ransomware Technology

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

JANUARY 10, 2023

Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. Of particular concern for organizations running Microsoft SharePoint Server is CVE-2023-21743. Microsoft says this flaw is “more likely to be exploited” at some point.

Software

Software Encryption Engineering Internet

Cybersecurity Predictions for 2024

Attackers have taken advantage of the rapid shift to remote work and new technologies. We’ve recently looked back at what happened within cybersecurity in 2023. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Patch Tuesday, October 2023 Edition

Krebs on Security

OCTOBER 10, 2023

The patch fixes CVE-2023-42724 , which attackers have been using in targeted attacks to elevate their access on a local device. Apple said it also patched CVE-2023-5217 , which is not listed as a zero-day bug. ” Microsoft also patched zero-day bugs in Skype for Business ( CVE-2023-41763 ) and Wordpad ( CVE-2023-36563 ).

Engineering

Engineering DDOS Software Authentication

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking

Hacking Government Accountability Technology

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Technology

Technology Ransomware Engineering Manufacturing

Dell Technologies World 2023: Q&A on how Dell sees security at the edge

Tech Republic Security

JUNE 23, 2023

Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. The post Dell Technologies World 2023: Q&A on how Dell sees security at the edge appeared first on TechRepublic.

Technology

Technology Cybersecurity Network Security

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Today’s technology leaders play a more strategic role in establishing cybersecurity strategy for their organizations. November 14th, 2023 at 9:30am PST, 12:30pm EST, 5:30pm GMT Software is complex, which makes threats to the software supply chain more real every day. In the U.S. alone, cyber losses totaled $10.3 billion in 2022.

Cybersecurity

Most Popular Cybersecurity Blogs from 2023

Lohrman on Security

JANUARY 14, 2024

What were the top government technology and security blogs in 2023? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.

Cybersecurity

Cybersecurity Technology Government

Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more

Tech Republic Security

JUNE 23, 2023

The post Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more appeared first on TechRepublic. Explore what matters in data protection today. Cyber resilience, recovery and streamlined software make the list.

Technology

Technology Software Big data Backups

Cyber Security Expert Joseph Steinberg To Continue Serving On Newsweek Expert Forum In 2023

Joseph Steinberg

JANUARY 10, 2023

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. A prolific inventor of cybersecurity technology, Steinberg is also cited in over 500 US patent filings. About Newsweek. www.newsweek.com.

Artificial Intelligence

Artificial Intelligence CISO Technology Cybersecurity

Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats – A Free Webinar With Joseph Steinberg and Dror Liwer

Joseph Steinberg

JANUARY 30, 2024

Steinberg and Liwer will analyze the potential impact of emerging technologies, legislative changes, and geopolitical events on the cybersecurity landscape. They will then shift our focus to the future, and help us forecast for 2024 with a forward-thinking exploration of anticipated cybersecurity challenges and advancements.

Artificial Intelligence

Artificial Intelligence Cybersecurity Cyber threats Technology

Debating SIEM in 2023, Part 1

Anton on Security

MARCH 1, 2023

Hey, it is 2023, let’s debate SIEM again! Obligatory Gartner quote from 2022 SIEM MQ ) Finally, let’s move to an obligatory Anton Twitter poll :-) ( source ) So, our mini-conclusion at this stage is that yes, SIEM is relevant for 2023. Debate SIEM? This is so 1997! Or perhaps 2017. Question game time! Q: Can XDR kill SIEM?

Marketing

Marketing Technology

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity

Cybersecurity Social Engineering Cyber threats Software

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. According to an August 2023 report (PDF) from the U.S. co — first came online in February 2023. 2023 on the forum Cracked.

Hacking

Hacking Cybercrime Advertising Data breaches

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. But this past year, Interisle found the U.S.

Cybercrime

Cybercrime Phishing Accountability Internet

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. police as part of an FBI investigation into the MGM hack.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests.

Hacking

Hacking Accountability Government Social Engineering

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S. . “What we’re seeing with these tolls scams is just a continuation of the Chinese smishing groups rotating from package redelivery schemes to toll road scams,” Merrill said. Postal Service customers.

Phishing

Phishing Scams Mobile Passwords

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

The Last Watchdog

JULY 11, 2023

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner. We are developing intelligent software to help them.”

Cyber Risk

Cyber Risk Cyber threats Risk Technology

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

JULY 27, 2023

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities.

Phishing

Phishing Social Engineering Engineering Media

Financial cyberthreats in 2023

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing

Phishing Banking Mobile Scams

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. The cost of ignoring such measures can be substantial, as noted in IBM’s 2023 Cost of a Data Breach Report, which found the average impact of a data breach on small businesses can exceed $3.31

Small Business

Small Business Data breaches Backups Passwords

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

“Today, the Department of the Treasurys Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S.

Cybersecurity

Cybersecurity IoT Hacking Technology

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. technologies.” ” reported the NYT.

Artificial Intelligence

Artificial Intelligence Technology Risk Hacking

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

The Last Watchdog

JULY 7, 2023

Budapest, Hungary, July 07, 2023 — Silent Signal, a leading technology provider of state-of-the-art ethical hacking services and solutions, discovered and reported a vulnerability to IBM, that has been confirmed and identified under CVE-2023-30990. Affected product(s) and version(s) are IBM i 7.2, IBM i 7.3, and IBM i 7.5

Architecture

Architecture Hacking Media Government

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile. Image: U.S.

Retail

Retail Advertising Cryptocurrency Marketing

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

VPN

VPN Government Malware Manufacturing

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 OmniVision Technologies Inc.

Data breaches

Data breaches Ransomware Manufacturing Encryption

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

Schneier on Security

JULY 20, 2023

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” ” Lots of interesting bits. Second, there are clear wins. But there are missed opportunities as well.

Cybersecurity

Cybersecurity Software Risk Accountability

GUEST ESSAY: Why ‘continuous pentesting’ is high among the trends set to accelerate in 2023

The Last Watchdog

DECEMBER 14, 2022

Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023. Continuous pentesting. However, a longtime challenge with pentesting has been the “point-in-time” nature of the tests.

Penetration Testing

Penetration Testing Risk Marketing Government

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

“This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.” Most directors, primarily Chinese nationals, lacked immigration records in Thailand, with one leaving in August 2023 and not returning.

Mobile

Mobile Scams Technology Telecommunications

Artificial Intelligence and CyberSecurity Expert Joseph Steinberg To Keynote Pennsylvania Summit

Joseph Steinberg

OCTOBER 4, 2023

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will keynote the upcoming Securing the Future: Cloud, Cybersecurity, and AI Summit , taking place on Wednesday, October 11, 2023, in Pennsylvania, USA.

Artificial Intelligence

Artificial Intelligence Cybersecurity Technology

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Seashell Blizzard (aka Sandworm , BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRUs Main Center for Special Technologies (GTsST). The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Telecommunications

Telecommunications DNS Passwords Hacking

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

.” Those third-party reports came in late June 2024 from Michael Horka , senior lead information security engineer at Black Lotus Labs , the security research arm of Lumen Technologies , which operates one of the global Internet’s largest backbones. victims and one non-U.S.

Internet

Internet Internet Technology Engineering

Existential Risk and the Fermi Paradox

Schneier on Security

DECEMBER 2, 2022

In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable. Technology changes the amplitude of the noise. It’s a “noisy” process. We can’t be sure of that anymore.

Risk

Risk Technology Hacking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. In 2023, the carrier disclosed two data breaches , one in January and another in May. The security breach poses a major national security risk.

Mobile

Mobile Telecommunications Data breaches Hacking

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government

Government Surveillance Ransomware Cybercrime

Human by Default: The New Imperative in Trust and Technology

Jane Frankland

MARCH 27, 2024

And I can’t help but be concerned that technology, especially advancements in artificial intelligence, is not just reshaping our world; it’s actually reshaping our identity and the fabric of trust that binds us. This has led to a new imperative in trust and technology – being human by default. The result?

Technology

Technology Artificial Intelligence Authentication Scams

Second Interdisciplinary Workshop on Reimagining Democracy

Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology. My thinking is very broad here. Representation would look different.

Technology

TP-Link Router Botnet

Ransomware attack hit Indian multinational Tata Technologies

Trending Sources

Amazon discloses employee data breach after May 2023 MOVEit attacks

Microsoft Patch Tuesday, January 2023 Edition

Cybersecurity Predictions for 2024

Patch Tuesday, October 2023 Edition

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Dell Technologies World 2023: Q&A on how Dell sees security at the edge

Software Composition Analysis: The New Armor for Your Cybersecurity

Most Popular Cybersecurity Blogs from 2023

Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more

Cyber Security Expert Joseph Steinberg To Continue Serving On Newsweek Expert Forum In 2023

Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats – A Free Webinar With Joseph Steinberg and Dror Liwer

Debating SIEM in 2023, Part 1

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Why Phishers Love New TLDs Like.shop,top and.xyz

Feds Charge Five Men in ‘Scattered Spider’ Roundup

FBI: Spike in Hacked Police Emails, Fake Subpoenas

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

MY TAKE: RSAC 2023 roundup – evidence of ‘stronger together’ innovation takes shape

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

Financial cyberthreats in 2023

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Hackers stole OpenAI secrets in a 2023 security breach

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

An Interview With the Target & Home Depot Hacker

China’s Volt Typhoon botnet has re-emerged

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

GUEST ESSAY: Why ‘continuous pentesting’ is high among the trends set to accelerate in 2023

Thai police arrested Chinese hackers involved in SMS blaster attacks

Artificial Intelligence and CyberSecurity Expert Joseph Steinberg To Keynote Pennsylvania Summit

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Existential Risk and the Fermi Paradox

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Human by Default: The New Imperative in Trust and Technology

Second Interdisciplinary Workshop on Reimagining Democracy

Stay Connected