Fri.Sep 15, 2023

article thumbnail

On Technologies for Automatic Facial Recognition

Schneier on Security

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

article thumbnail

DDoS 2.0: IoT Sparks New DDoS Alert

The Hacker News

The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT?

DDOS 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LLM Summary of My Book Beyond Fear

Schneier on Security

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book. Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World :

article thumbnail

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

The Hacker News

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Caesars Entertainment paid a ransom to avoid stolen data leaks

Security Affairs

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company also owns and operates a number of other businesses, including a golf course management company, a travel agency, and a marketing firm.

article thumbnail

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

The Hacker News

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates.

Phishing 141

More Trending

article thumbnail

The Interdependence between Automated Threat Intelligence Collection and Humans

The Hacker News

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023.

article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

article thumbnail

Dangerous permissions detected in top Android health apps

Security Affairs

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose.

article thumbnail

Europol lifts the lid on cybercrime tactics

Malwarebytes

The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events. The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the las

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

The Hacker News

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.

article thumbnail

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, and computer fraud.

Malware 134
article thumbnail

Cybersecurity Goals Conflict With Business Aims

Security Boulevard

A study from Forrester Consulting found most organizations face challenges aligning cybersecurity priorities with business outcomes. The post Cybersecurity Goals Conflict With Business Aims appeared first on Security Boulevard.

article thumbnail

TikTok slapped with $368 million fine over child privacy violations

Bleeping Computer

The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cyberthreat Intelligence: Are Telecom Networks Easy Targets?

Security Boulevard

Threat actors are trying to breach telecom service providers' networks and gain access to sensitive data. The post Cyberthreat Intelligence: Are Telecom Networks Easy Targets? appeared first on Security Boulevard.

DDOS 115
article thumbnail

Capslock: What is your code really capable of?

Google Security

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2

Software 114
article thumbnail

Bing Chat AI is down, affecting Windows Copilot and more

Bleeping Computer

Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [.

Software 112
article thumbnail

Attackers Target Crypto Companies in Retool Data Breach

Security Boulevard

A data breach late last month of software development platform firm Retool led to the accelerated acquisition of one of its users and put a spotlight on an account synchronization feature that Google introduced earlier this year. Retool, the six-year-old company whose platform help organizations build business applications, on August 29 notified 27 customers of.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

Dark Reading

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

110
110
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 9/15

Security Boulevard

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t be treated as gospel. The post Cybersecurity Insights with Contrast CISO David Lindner | 9/15 appeared first on Security Boulevard.

CISO 111
article thumbnail

Best Practices for Endpoint Security in Healthcare Institutions

Heimadal Security

While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain name system (DNS). That is simply because being compliant does not necessarily imply being cyber […] The post Best Practices for Endpoint Security in Healthcare Institutions appeared firs

article thumbnail

NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware

Dark Reading

Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Google pays $93M to settle Android tracking lawsuit in California

Bleeping Computer

California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [.

article thumbnail

How to Mitigate Cybersecurity Risks From Misguided Trust

Dark Reading

Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks.

Risk 99
article thumbnail

ORBCOMM ransomware attack causes trucking fleet management outage

Bleeping Computer

Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [.

article thumbnail

Microsoft Flushes Out 'Ncurses' Gremlins

Dark Reading

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

95
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Google extends security update support for Chromebooks to 10 years

Bleeping Computer

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [.

97
article thumbnail

Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs

Dark Reading

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.

article thumbnail

5 Examples of DNS IoCs That Are Red Flags for Cyberattacks

Heimadal Security

In the increasingly digitalized world that we live in, doing business without being connected 24/7 is almost unthinkable. Any medium to large organization needs to have an online way of displaying its products or services. It also needs a fast communication system with employees and customers. Finally, they need a better and more cost-effective way […] The post 5 Examples of DNS IoCs That Are Red Flags for Cyberattacks appeared first on Heimdal Security Blog.

DNS 91
article thumbnail

Securing Your Organization's Digital Media Assets

SecureWorld News

Businesses need to demonstrate more flexibility and agility than ever, especially when it comes to protecting their reputation, finances, and—the topic of this article—assets. Business media assets have become exceptionally valuable intellectual property for brands in recent years. With cyberattacks and data breaches on the rise, it's become especially important for brands to ensure their assets are sufficiently safeguarded, particularly as more of their infrastructure migrates to support remote

Media 89
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.