Sun.Nov 12, 2023

article thumbnail

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

The IQ of our smart homes is about to level-up. Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season. Related: Extending digital trust globally Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

article thumbnail

Australian Nonprofit Cyber Security Is So Poor It Might Be Affecting Donations

Tech Republic Security

Research from Infoxchange indicates that poor cyber security practices in Australia’s not-for-profit sector are putting its donors’ and communities’ data at risk.

Risk 187
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber Insurance Roundup: What’s Happening Now?

Lohrman on Security

From the roller-coaster ride in rates to new generative AI uses to dramatic changes in underwriting rules, cyber insurance is evolving fast. Here are some of the latest trends.

article thumbnail

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

Security Affairs

The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital. In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Iranian hackers launch malware attacks on Israel’s tech sector

Bleeping Computer

Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms. [.

Malware 127
article thumbnail

Signal is testing usernames so you don’t have to share your phone number

Malwarebytes

Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities. Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of privacy protection, customization of settings, and enhanced data security.

VPN 125

More Trending

article thumbnail

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

The Hacker News

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week.

article thumbnail

Google Chrome & Microsoft Edge to get 'Save Frame' feature for YouTube

Bleeping Computer

You can soon right-click on any YouTube video in Microsoft Edge or Google Chrome and save the frame (capture the screenshot of the video) in the original resolution and PNG format. [.

Software 115
article thumbnail

Unlock Cybersecurity with Mitre ATT&CK and D3FEND Mapping

Security Boulevard

Introduction In the ever-evolving landscape of cybersecurity, staying ahead of threats such as APT threats is more challenging than ever. That’s where frameworks like Mitre Att&ck and D3fend mapping come into play. These robust frameworks offer a comprehensive approach to understanding, mapping, and countering cybersecurity threats. But how do they work together?

article thumbnail

Windows 11 will soon let you uninstall more inbox apps

Bleeping Computer

Microsoft is gearing up to roll out an update for Windows 11 that will significantly enhance user control over built-in apps. In the upcoming version, you will be able to uninstall a wider range of inbox apps. [.

Software 113
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2023-46850: OpenVPN Access Server Flaw Exposes Sensitive Data, RCE Possible

Penetration Testing

OpenVPN Access Server, a popular open-source VPN solution, has been patched to address two vulnerabilities that could allow attackers to gain unauthorized access to sensitive information. The vulnerabilities, CVE-2023-46849 and CVE-2023-46850, affect OpenVPN Access... The post CVE-2023-46850: OpenVPN Access Server Flaw Exposes Sensitive Data, RCE Possible appeared first on Penetration Testing.

article thumbnail

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

The Hacker News

Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S.

Phishing 110
article thumbnail

Microsoft Edge is testing a new video translation feature

Bleeping Computer

Microsoft Edge's latest Canary update has an innovative feature: video translation. This feature translates YouTube videos in real-time, and it allegedly supports four languages. [.

Software 110
article thumbnail

codetotal: analyzes any snippet, file, or repository to detect possible security flaws

Penetration Testing

codetotal CodeTotal analyzes any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses. Scan repository Scan an entire repository Scan snippets Copy-paste a snippet in... The post codetotal: analyzes any snippet, file, or repository to detect possible security flaws appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

A week in security (November 06 – November 12)

Malwarebytes

Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes ThreatDown powered by Malwarebytes: A 15 Year Journey QNAP warns about critical vulnerabilities in NAS systems Using ChatGPT to cheat on assignments?

Scams 96
article thumbnail

10 Certified Benefits of Identity Theft Protection

SecureBlitz

Today, we will show you five certified benefits of identity theft protection. Interestingly, more than 65% of Americans suffer from identity theft. Of this figure, 41% had their credit card details stolen, while 16% had their emails hacked. What Is Identity Theft? Identity theft is simply the practice of using another person’s information to commit […] The post 10 Certified Benefits of Identity Theft Protection appeared first on SecureBlitz Cybersecurity.

article thumbnail

Intel Downfall Fallout: Processor Purchasers File Lawsuits Over Security Flaws

Penetration Testing

In August this year, Intel disclosed a security vulnerability named “Downfall,” tracked as “CVE-2022-40982.” This flaw leverages “Gather Data Sampling” to pilfer data and sensitive information from other users on computers, affecting numerous Core... The post Intel Downfall Fallout: Processor Purchasers File Lawsuits Over Security Flaws appeared first on Penetration Testing.

article thumbnail

Domain Control Validation (DCV) Methods & How to Choose

Security Boulevard

You can trust digital certificates issued by reputable Certificate Authorities (CAs) because they go through a domain control validation (DCV) process, which verifies the legitimacy of the entity requesting the SSL/TLS certificate and the domain ownership for which the certificate is issued. This article reviews what DCV is, the most common DCV methods, and how to choose an appropriate method- for your certificate application.

DNS 75
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

ScreenConnect Abuse: Hackers Leverage Remote Access Tool for Healthcare Intrusion

Penetration Testing

Huntress has uncovered a series of cyberattacks targeting several healthcare organizations in the United States. The attacks focus on the ScreenConnect remote access systems, widely used in the healthcare sector. The central element of... The post ScreenConnect Abuse: Hackers Leverage Remote Access Tool for Healthcare Intrusion appeared first on Penetration Testing.

article thumbnail

Threat stats: What they tell us about the state of cybersecurity

Security Boulevard

Cyberattacks are becoming increasingly sophisticated and common, and businesses and individuals of all sizes are at risk. By understanding the latest threat statistics, we can better protect ourselves from these attacks. Here are some of the key threat statistics from 2023: These statistics show that the threat landscape is constantly evolving and that businesses and […] The post Threat stats: What they tell us about the state of cybersecurity appeared first on Security Boulevard.

article thumbnail

North Korean Hacking Group Sapphire Sleet Employs Social Engineering to Steal Cryptocurrency

Penetration Testing

Microsoft has issued a warning about the North Korean hacking group Sapphire Sleet (BlueNoroff), which is deploying a new infrastructure for impending social engineering campaigns on LinkedIn. This financially motivated group is notorious for... The post North Korean Hacking Group Sapphire Sleet Employs Social Engineering to Steal Cryptocurrency appeared first on Penetration Testing.

article thumbnail

What is the threat landscape, and why should you care?

Security Boulevard

The threat landscape is the entirety of potential and identified cyber threats affecting a particular sector, group of users, time period, and so forth. It includes a wide range of threats, such as malware, phishing attacks, ransomware, and social engineering attacks. The threat landscape is constantly evolving, as attackers develop new methods and exploit new […] The post What is the threat landscape, and why should you care?

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Securing Your Web Applications and APIs with Veracode DAST Essentials

Veracode Security

Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon's 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization. Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their metho

article thumbnail

The Threat landscape: What it is and why it matters

Security Boulevard

The threat landscape is the ever-evolving landscape of cybersecurity threats, vulnerabilities, and attackers. It is constantly changing as new threats are discovered, new vulnerabilities are exploited, and new attackers emerge. The threat landscape can be a complex and daunting topic, but businesses and individuals need to be aware of the risks to take steps to […] The post The Threat landscape: What it is and why it matters appeared first on Security Boulevard.

Risk 69
article thumbnail

Securing Your Web Applications and APIs with DAST Essentials

Veracode Security

Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon's 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization. Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their metho

article thumbnail

Why Isn’t My ChatGPT Working?

Security Boulevard

“My ChatGPT isn‘t working properly.“ “I can’t log in, and it’s not responding at all.” Just as OpenAI released a series of new features recently, ChatGPT experienced prolonged service disruptions last Wednesday. Subsequently, OpenAI issued a statement revealing that they were facing periodic outages across ChatGPT and the API due to a reflective Distributed Denial […] The post Why Isn’t My ChatGPT Working?

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Securing Your Web Applications and APIs with Dynamic Analysis

Veracode Security

Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon's 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization. Staying Ahead of the Threat Attackers are constantly looking for new ways to exploit vulnerabilities and to breach web applications, which means that as their metho

article thumbnail

Provisioning Just-In-Time Access via ChatOps

Security Boulevard

A survey of 1,000 IT operations, DevOps, site reliability engineering (SRE) and platform engineering professionals in the U.S. conducted by Transposit, a provider of an incident management platform, found more than two-thirds (67%) have seen an increase in the frequency of service incidents that have affected their customers over the past 12 months.

article thumbnail

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

The State of Maine disclosed a data breach that impacted about 1.3 million people after an attack hit its MOVEit file transfer install. The State of Maine was the victim of the large-scale hacking campaign that targeted organizations using the MOVEit file transfer tool. The Government organization disclosed a data breach that impacted about 1.3 million individuals.

article thumbnail

The Cyber Threat Landscape Overview with An Example

Security Boulevard

The threat landscape is the ever-evolving landscape of cybersecurity threats, vulnerabilities, and attackers. As businesses move more of their operations online, the threat landscape has expanded to include new types of threats and attacks. Firewalls are a traditional security measure that can be used to protect internal resources from external threats.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.