Schneier on Security

JULY 26, 2024

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Firmware 283

Firmware Encryption Manufacturing Passwords 283

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.

DNS 136

DNS Software Internet Internet 136

Bleeping Computer

JULY 26, 2024

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [.

136

136

The Hacker News

JULY 26, 2024

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.

Ransomware 131

Ransomware Healthcare Government Technology 131

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Tech Republic Security

JULY 26, 2024

Prepare for your cybersecurity certification with comprehensive study materials (including 30 hours of videos and hands-on labs) and expert guidance.

Cybersecurity 130

Cybersecurity 130

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing 128

Phishing Hacking Data breaches Cybersecurity 128

Security Boulevard

JULY 26, 2024

North Korea's APT45 threat group is using ransomware attacks on U.S. health care firms to fund an ongoing cyberespionage campaign to steal military and defense secrets that are fed back into the country's banned nuclear weapons program. A North Korean operative was indicted by the DOJ. The post Suspect Indicted in North Korea Group’s Expansive Spying Operation appeared first on Security Boulevard.

Ransomware 126

Ransomware Malware Cybersecurity Hacking 126

Penetration Testing

JULY 26, 2024

Cybercriminals have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT service providers for the U.S. government, Bloomberg reports. According to a source familiar with the situation, Leidos recently became... The post Hackers Leak Sensitive Documents from Major Pentagon IT Contractor, Leidos appeared first on Cybersecurity News.

Government 117

Government Cybersecurity 117

Security Boulevard

JULY 26, 2024

Organizations can keep their deepfake response plans current by continuously monitoring industry trends and integrating new technologies. The post Deepfake Attacks Prompt Change in Security Strategy appeared first on Security Boulevard.

Technology 125

Technology Social Engineering Engineering Security Awareness 125

The Hacker News

JULY 26, 2024

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can.

Cybersecurity 114

Cybersecurity Internet Internet 114

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

JULY 26, 2024

Outdated software components often contain vulnerabilities that have been discovered and are well-understood by threat actors. The post Networking Equipment Riddled With Software Supply Chain Risks appeared first on Security Boulevard.

Software 120

Software Risk Security Awareness Cybersecurity 120

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 114

Cybercrime Phishing Malware Cybersecurity 114

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and autofill their passwords.

Password Management 110

Password Management Passwords Engineering Hacking 110

The Hacker News

JULY 26, 2024

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months.

Malware 112

Malware 112

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

JULY 26, 2024

Meta announced the take-down of 63,000 sextortion-related Instagram accounts in Nigeria alone. The action was directed against a group known as Yahoo Boys, a loosely organized set of cybercriminals that largely operate out of Nigeria and specialize in different types of scams. Meta took down a host of accounts, including some 2,500 that belonged to a coordinated group of around 20 criminals which primarily targeted adult men in the US.

Accountability 109

Accountability Scams Media Internet 109

Bleeping Computer

JULY 26, 2024

Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [.

Data breaches 108

Data breaches 108

Digital Guardian

JULY 26, 2024

Bottom-feeding cybercriminals are seizing new opportunities in the wake of this past week's massive Crowdstrike outage. Meanwhile, more prominent hackers from China, North Korea, and Russia aren't showing signs of slowing down. Read up on all these stories in this week's Friday Five!

97

97

Bleeping Computer

JULY 26, 2024

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. [.

Accountability 109

Accountability Ransomware Cryptocurrency 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CompTIA on Cybersecurity

JULY 26, 2024

How will the CrowdStrike outage impact businesses and consumers in the near future? Learn more about the need for oversight and preparation for companies and individuals alike as we explore the outage. Plus, hear insights from CompTIA’s VP of Industry Research, Seth Robinson.

92

92

Bleeping Computer

JULY 26, 2024

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [.

Data breaches 94

Data breaches Cryptocurrency 94

WIRED Threat Level

JULY 26, 2024

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds.

90

90

Bleeping Computer

JULY 26, 2024

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours.

Password Management 104

Password Management Passwords Software 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 26, 2024

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private. The post PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’ appeared first on Security Boulevard.

Social Engineering 87

Social Engineering Firmware Data privacy Engineering 87

Heimadal Security

JULY 26, 2024

Did you know, the average employee today uses 2.5 devices to carry out their work? Across businesses, this can add up to hundreds or even thousands of bits of kit. One 2021 study in the UK found two-thirds of large businesses (250+ employees) have more than 1,000 devices on their networks, while medium-sized companies (50-249 […] The post 8 Benefits of Endpoint Detection & Response (EDR) You Should Know [2024] appeared first on Heimdal Security Blog.

83

83

Penetration Testing

JULY 26, 2024

In a recent and alarming discovery, cybersecurity specialists from Binarly have identified a critical flaw affecting hundreds of UEFI products from 10 prominent suppliers. The vulnerability, dubbed “PKfail,” poses a severe threat as it... The post PKfail Vulnerability: A New Threat to UEFI Security Unveiled by Binarly Research Team appeared first on Cybersecurity News.

Cybersecurity 80

Cybersecurity 80

Security Boulevard

JULY 26, 2024

TL;DR: Cyber liability insurance is essential, but premiums are increasing, and numerous exclusions exist. Important steps to lower premiums include preparation, articulating your risk, and demonstrating progressive improvement in security through measurable metrics. Why Do Organizations Need Cyber Liability Insurance? Cyber liability insurance has become an important component of every organization’s cyber strategy.

Cyber Insurance 78

Cyber Insurance Insurance Risk CISO 78

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JULY 26, 2024

X, the social media platform previously known as Twitter, has sparked privacy concerns by enabling a data-sharing feature by default. This feature allows X to share user data, including posts and interactions with the... The post X (Formerly Twitter) Silently Trains AI on User Data, Sparks Privacy Concerns appeared first on Cybersecurity News.

Media 78

Media Cybersecurity Technology 78

Security Boulevard

JULY 26, 2024

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise. The post Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more appeared first on Security Boulevard.

76

76

Penetration Testing

JULY 26, 2024

The popular decentralized cryptocurrency exchange platform MonoSwap recently suffered a cyberattack. The platform’s administration urges users not to add liquidity or participate in farming pools until further notice. Moreover, users with open positions on... The post MonoSwap Hacked: Urgent Withdrawal Alert appeared first on Cybersecurity News.

Hacking 75

Hacking Cryptocurrency Cybersecurity 75

Heimadal Security

JULY 26, 2024

Threat actors are exploiting publicly known exploits to chain together ServiceNow flaws in order to infiltrate government organizations and commercial companies in data theft campaigns. Security researchers monitored the malicious activity and identified multiple victims, including government agencies, data centres, energy providers, and even software development firms.

Government 74

Government Software Cybersecurity 74

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft