Joseph Steinberg

JULY 23, 2024

CyberSecurity Expert Witness and Board Member , Joseph Steinberg, will, tomorrow, Wednesday, July 24th, 2024, speak with the public as part of a panel of experts from Columbia University, discussing both the recent CrowdStrike-Microsoft cybersecurity incident, and the incident’s ongoing global impact. On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 million devices running Microsoft Windows, disrupting air travel, hospitals, gov

Artificial Intelligence 284

Artificial Intelligence Cybersecurity Government Technology 284

Tech Republic Security

JULY 23, 2024

Australia is among the APAC governments forging closer ties with the private sector due to the realisation that the public sector can no longer fight the increase in cyber criminals alone.

Government 169

Government Ransomware 169

Schneier on Security

JULY 23, 2024

It’s heavily redacted , but still interesting. Many more ODNI documents here.

217

217

The Hacker News

JULY 23, 2024

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today.

Malware 139

Malware Hacking 139

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Tech Republic Security

JULY 23, 2024

Bitwarden’s affordability and extensive MFA options give it the slight edge over Dashlane’s uber-polished password management experience. Read more below.

Password Management 136

Password Management Passwords 136

Security Boulevard

JULY 23, 2024

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.

Social Engineering 135

Social Engineering Advertising Marketing Surveillance 135

Security Affairs

JULY 23, 2024

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure.

DDOS 127

DDOS Government Hacking Accountability 127

The Hacker News

JULY 23, 2024

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January.

Malware 125

Malware Cyber Attacks Cybersecurity 125

Tech Republic Security

JULY 23, 2024

Legacy security measures, while offering a baseline level of protection, heavily rely on predefined signatures and a narrow definition of the “abnormal.” They often follow a reactive approach, can be siloed, limiting information sharing, and lack the scalability to handle the terabytes of data generated by today’s complex IT systems. This is where artificial intelligence.

Artificial Intelligence 110

Artificial Intelligence 110

WIRED Threat Level

JULY 23, 2024

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.

Malware 123

Malware Hacking 123

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

The Hacker News

JULY 23, 2024

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said.

Malware 122

Malware 122

Bleeping Computer

JULY 23, 2024

CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [.

Malware 130

Malware 130

The Hacker News

JULY 23, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY.

Malware 118

Malware Phishing Government 118

Security Affairs

JULY 23, 2024

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to survive multiple cleanup attempts.

Malware 114

Malware Firewall Information Security Hacking 114

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

JULY 23, 2024

It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers. Read more in my article on the Hot for Security blog.

DDOS 113

DDOS 113

Malwarebytes

JULY 23, 2024

For more than a year , Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. This week, Google tossed much of that work aside. In an update about Google’s Privacy Sandbox , the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forwa

Advertising 112

Advertising Internet Internet Marketing 112

Security Boulevard

JULY 23, 2024

Cloud security startup Wiz reportedly is rejecting Google's $23 billion acquisition bid, with the CEO saying the Israeli company will now focus on going public and reach the point of having $1 billion in recurring revenue. The post Wiz Walks Away From $23 Billion Google Bid appeared first on Security Boulevard.

Cybersecurity 112

Cybersecurity Network Security 112

The Hacker News

JULY 23, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.

Internet 111

Internet Internet Cybersecurity 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Graham Cluley

JULY 23, 2024

British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies. Read more in my article on the Hot for Security blog.

Ransomware 110

Ransomware Data breaches Malware 110

Pen Test Partners

JULY 23, 2024

I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it. Shipping security is something we know quite a bit about, having been asked to hack a large number of ships by their owners, to help improve their security.

Hacking 108

Hacking Manufacturing Engineering Software 108

The Hacker News

JULY 23, 2024

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions.

Consumer Protection 106

Consumer Protection Advertising Media Risk 106

We Live Security

JULY 23, 2024

ESET research reveals how the success of Hamster Kombats has attracted malicious actors trying to abuse interest in the game for monetary gain.

119

119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 23, 2024

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [.

105

105

The Hacker News

JULY 23, 2024

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks.

Passwords 104

Passwords Risk 104

Bleeping Computer

JULY 23, 2024

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [.

Cryptocurrency 105

Cryptocurrency Hacking 105

Penetration Testing

JULY 23, 2024

Docker has issued a security advisory for a critical vulnerability affecting certain versions of Docker Engine. This vulnerability, identified as CVE-2024-41110, has a CVSS score of 10, indicating a critical severity. The issue allows... The post Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover appeared first on Cybersecurity News.

Engineering 98

Engineering Cybersecurity 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 23, 2024

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. [.

Data breaches 99

Data breaches Wireless 99

Penetration Testing

JULY 23, 2024

A significant vulnerability has been identified in Laravel v11.x, the popular PHP web framework renowned for building modern, elegant web applications. This vulnerability, designated as CVE-2024-40075, is an XML External Entity (XXE) flaw that... The post CVE-2024-40075: XXE Vulnerability Found in Laravel v11.x appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

JULY 23, 2024

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware.

Malware 107

Malware Hacking 107

We Live Security

JULY 23, 2024

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

99

99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft