Wed.Dec 13, 2023

article thumbnail

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

article thumbnail

Surveillance by the US Postal Service

Schneier on Security

This is not about mass surveillance of mail , this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves : To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company, and, most damning of all, hid a camera inside one of the targeted blue post boxes which captured the suspect’s full face as they allegedly helped themselves to swathes of peoples’ mail.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Adds Gemini Pro API to AI Studio and Vertex AI

Tech Republic Security

Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec.

article thumbnail

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Why a Master’s in Cyber Security is Your Ticket to a Thriving Career

IT Security Guru

Have you ever wondered who keeps our online world safe from all the bad guys? The heroes who do this have a special kind of training – they have a Master’s degree in something called Cyber Security. It’s like being a detective in the digital world, where you need to solve online mysteries and catch cybercriminals. This field is expanding as corporations everywhere seek digital detectives to protect their data.

Banking 131
article thumbnail

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity and maintain access to applications even if they lose access to the initially compromised account.

More Trending

article thumbnail

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

Security Affairs

A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. According to a parliamentary report published by the Joint Committee on the National Security Strategy (JCNSS) the UK government can face a ‘catastrophic ransomware attack at any moment.’ The report highlighted the superficial approach to cyber security of S

article thumbnail

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

Fox IT

Max Groot & Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response.

article thumbnail

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild.

Firmware 126
article thumbnail

How to Use Google’s Titan Security Keys With Passkey Support

Tech Republic Security

Learn how to use Titan Security Keys with passkey support to enhance your online security. Follow these step-by-step instructions.

Mobile 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

Security Affairs

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS and DHCP server; and Microsoft Dynamic.

DNS 129
article thumbnail

Secure AI development guidance: What software teams need to know

Security Boulevard

The use of generative AI systems has been spreading like wildfire, and if systems are not developed securely, the blaze could end up burning your organization. To help organizations tackle the problem, t he United Kingdom's National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released " Guidelines for Secure AI System Development.

Software 123
article thumbnail

FakeSG campaign, Akira ransomware and AMOS macOS stealer

SecureList

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

article thumbnail

FCC Warns Carriers to Protect Customers Against SIM Swaps

Security Boulevard

A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission (FCC) is warning mobile phone service providers of their obligations to protect consumers against the growing threat. The FCC’s Enforcement Bureau will not only be aggressive in protecting consumers’ data and privacy but also “will hold accountable.

Mobile 122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Enhancing Security and Trust - The Digital Identity Wallet and Qualified Electronic Signatures and Seals

GlobalSign

Explore why Qualified Trust Services and Qualified Electronic Signatures and Seals are a necessity, and their role in the Digital Identity Wallet.

128
128
article thumbnail

At a Glance: The Year in Cybersecurity 2023

Security Boulevard

In this post, we’ll take a look at some of the trends and news from 2023, and see what insights they could hold for the years ahead. The post At a Glance: The Year in Cybersecurity 2023 appeared first on Security Boulevard.

article thumbnail

UK’s Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk

Graham Cluley

The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021. Read more in my article on the Hot for Security blog.

article thumbnail

Hackers are exploiting critical Apache Struts flaw using public PoC

Bleeping Computer

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. [.

108
108
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft patches 34 vulnerabilities, including one zero-day

Malwarebytes

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. The AMD vulnerability sounds like something from back in the eighties: “A division by zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Software 109
article thumbnail

How to Set Up a VLAN in 12 Steps: Creation & Configuration

eSecurity Planet

Setting up a virtual local area network (VLAN) can be a complicated process, especially if you’re operating a large enterprise network, a network with legacy or hybrid architectures, or a network with specific workloads that require additional security and regulatory compliance safeguards. Each VLAN configuration process will look a little different, depending on the specifications you bring to the table, and some of these steps — particularly steps five through eight — may be completed simultan

article thumbnail

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar

WIRED Threat Level

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

Mobile 113
article thumbnail

Top CISOs to Follow in 2024: Germany Edition

Security Boulevard

Here are just some of the top CISOs in Germany going into 2024 and some of their insights and experiences we can learn from. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Scytale. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Security Boulevard.

CISO 105
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

LDAPWordlistHarvester: generate a wordlist from the information present in LDAP

Penetration Testing

LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be.... The post LDAPWordlistHarvester: generate a wordlist from the information present in LDAP appeared first on Penetration Testing.

article thumbnail

Python 2 EOL: Coping with Legacy System Challenges

Security Boulevard

Python 2 was officially maintained and supported until January 1, 2020. The system becomes highly vulnerable without Python 2 security updates. TuxCare’s ELS for Python provides security fixes for Python 2.7 versions. Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July […] The post Python 2 EOL: Coping with Legacy System Challenges appeared first on TuxCare.

Software 105
article thumbnail

LockBit ransomware now poaching BlackCat, NoEscape affiliates

Bleeping Computer

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. [.

article thumbnail

Lazarus APT Continues to Exploit Log4j Vulnerability

SecureWorld News

Lazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, officially known as CVE-2021-44228 , continues to pose significant risks to organizations worldwide, with Lazarus demonstrating the persistence of cyber threats and the challenges associated with mitigating known vulnerabilities.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Microsoft seizes domains used to sell fraudulent Outlook accounts

Bleeping Computer

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. [.

article thumbnail

Delivering trust with DNS security

We Live Security

TELCOs and ISPs, by exploring DNS protection in league with security vendors, can enable rapid deployment of more robust security measures where needed in an age of rapidly expanding online threats.

DNS 93
article thumbnail

New cybercrime market 'OLVX' gains popularity among hackers

Bleeping Computer

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. [.

article thumbnail

Lazarus Hackers Exploit 2-Year-Old Log4j Vulnerability to Deploy New RAT Malware

Heimadal Security

Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains. The new campaign, dubbed Operation Blacksmith, became active on March 23. Hackers target manufacturing, agricultural, and physical security companies that failed to apply existing patches against Log4Shell vulnerability. More about the new RAT malware Researchers revealed Lazarus […] The post Lazarus Hackers Exploit 2-Year-Old Log4j Vulnerability to Deploy New RA

Malware 90
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.