Schneier on Security

JUNE 27, 2024

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet.

145

145

Tech Republic Security

JUNE 27, 2024

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

Ransomware 93

Ransomware Phishing Software Cybersecurity 93

Schneier on Security

JUNE 20, 2024

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.

264

264

Troy Hunt

JUNE 23, 2024

Ah, sunshine! As much as I love being back in Norway, the word "summer" is used very loosely there. Not as much in Greece, however, which is just spectacular: Finally escaped the bitterly cold Norwegian summer for something… warmer 🇬🇷 pic.twitter.com/jk9knZvJar — Troy Hunt (@troyhunt) June 17, 2024 3 nights in Mykonos, 2 in Santorini and I'm pushing this post out just before our second night in Athens before embarking on the long journey home.

Accountability 188

Accountability 188

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Affairs

JUNE 24, 2024

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27

Hacking 145

Hacking Banking Ransomware Encryption 145

The Hacker News

JUNE 25, 2024

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report.

Scams 130

Scams 130

Schneier on Security

JUNE 25, 2024

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works.

200

200

Tech Republic Security

JUNE 21, 2024

According to Gartner, there are gotchas that can impede an organization’s ability to embrace Copilot. Here’s what enterprises interested in implementing Copilot should keep in mind.

Artificial Intelligence 138

Artificial Intelligence Government 138

Bleeping Computer

JUNE 25, 2024

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. [.

Banking 130

Banking Malware Mobile 130

The Hacker News

JUNE 26, 2024

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 129

Firmware Authentication 129

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JUNE 25, 2024

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives. The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

Security Awareness 124

Security Awareness Information Security Cybersecurity 124

Schneier on Security

JUNE 21, 2024

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom.

Engineering 238

Engineering 238

Tech Republic Security

JUNE 21, 2024

Immersing yourself in best practices for ethical hacking, pen-testing and information security can set you up for a career or better-protected business.

Hacking 141

Hacking Information Security 141

Bleeping Computer

JUNE 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. [.

Cybersecurity 120

Cybersecurity Software 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

NetSpi Technical

JUNE 24, 2024

Intro – What is Prototype Pollution? Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution. It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have var

Education 129

Education 129

Malwarebytes

JUNE 21, 2024

The cybercriminal acting under the name “Sp1d3r” gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it happened to be the first major event that was shared on the resurrected BreachForums , and someone acting under the handle “ShinyHunters” offered the full details (name, address, e

Data breaches 140

Data breaches Phishing Passwords Password Management 140

Penetration Testing

JUNE 21, 2024

A critical vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads, has left countless web scrapers and applications exposed to remote code execution (RCE) attacks. The flaw, designated CVE-2024-28397 and... The post CVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE appeared first on Cybersecurity News.

Cybersecurity 131

Cybersecurity 131

Bleeping Computer

JUNE 22, 2024

The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. [.

Ransomware 137

Ransomware 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

JUNE 24, 2024

Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz.

Artificial Intelligence 126

Artificial Intelligence Cybersecurity 126

Security Boulevard

JUNE 21, 2024

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again). The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.

Ransomware 133

Ransomware Hacking Digital transformation Data privacy 133

Schneier on Security

JUNE 24, 2024

Former NSA Director Paul Nakasone has joined the board of OpenAI.

Artificial Intelligence 161

Artificial Intelligence 161

Bleeping Computer

JUNE 25, 2024

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. [.

Scams 121

Scams 121

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

JUNE 23, 2024

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.

Antivirus 125

Antivirus 125

Security Boulevard

JUNE 25, 2024

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the. The post LockBit Claims Ransomware Attack on U.S.

Ransomware 116

Ransomware Hacking Malware Cybersecurity 116

Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. An attacker can trigger the vulnerability to launch phishing attacks. I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a v

Accountability 134

Accountability Phishing Hacking Information Security 134

Tech Republic Security

JUNE 21, 2024

In this TechRepublic exclusive, Gartner VP Analyst Dionisio Zumerle shares three leadership strategies for achieving cybersecurity platform consolidation.

Cybersecurity 123

Cybersecurity CISO 123

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JUNE 23, 2024

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. [.

133

133

The Hacker News

JUNE 26, 2024

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.

Authentication 107

Authentication Software 107

Security Boulevard

JUNE 24, 2024

In today’s business landscape, adhering to the Payment Card Industry Data Security Standard (PCI DSS) is essential. As a business owner, have you ever considered how secure your client’s credit card information is? In the modern digital age, safeguarding sensitive data is crucial. Protecting your clients’ card information not only maintains their trust in your […] The post What’s New in PCI DSS Version 4.1?

Risk 114

Risk Government 114

Security Affairs

JUNE 22, 2024

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Although RansomHub only emerged in February 2024, it has rapidly grown and has become the fourth most prolific ransomware operator over the past three months based on the number of publicly claimed attacks.

Ransomware 123

Ransomware Encryption Backups Healthcare 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity