Schneier on Security

JUNE 27, 2024

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet.

196

196

Tech Republic Security

JUNE 27, 2024

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

Ransomware 163

Ransomware Phishing Software Cybersecurity 163

Bleeping Computer

JUNE 27, 2024

The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. [.

Hacking 144

Hacking Software Cybersecurity 144

The Hacker News

JUNE 27, 2024

TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement.

125

125

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Bleeping Computer

JUNE 27, 2024

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. [.

DDOS 120

DDOS Malware 120

WIRED Threat Level

JUNE 27, 2024

AWS hosted a server linked to the Bezos family- and Nvidia-backed search startup that appears to have been used to scrape the sites of major outlets, prompting an inquiry into potential rules violations.

Artificial Intelligence 111

Artificial Intelligence 111

Security Boulevard

JUNE 27, 2024

Researchers have identified three distinct nation-state campaigns leveraging advanced highly evasive and adaptive threat (HEAT) tactics. The post Three Nation-State Campaigns Targeting Healthcare, Banking Discovered appeared first on Security Boulevard.

Healthcare 106

Healthcare Banking Social Engineering Security Awareness 106

Bleeping Computer

JUNE 27, 2024

Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. [.

Healthcare 107

Healthcare Data breaches 107

Security Boulevard

JUNE 27, 2024

Waltham, Mass., June 27, 2024, CyberNewsWire — Infinidat , a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks.… (more…) The post News Alert: Infinidat introduces advanced cyber resiliency and recovery solution for enterprises first appeared on The Last Watchdog.

Ransomware 106

Ransomware Malware 106

Google Security

JUNE 27, 2024

Posted by Chrome Root Program, Chrome Security Team The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

Authentication 110

Authentication Risk Internet Internet 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 27, 2024

Microsoft pulled the June Windows 11 KB5039302 update after finding that it causes some devices to restart repeatedly. [.

123

123

The Hacker News

JUNE 27, 2024

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation.

Ransomware 100

Ransomware Cryptocurrency Malware 100

Bleeping Computer

JUNE 27, 2024

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." [.

Media 96

Media 96

The Hacker News

JUNE 27, 2024

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022.

Cyber Attacks 97

Cyber Attacks 97

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 27, 2024

A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. [.

Malware 90

Malware 90

The Hacker News

JUNE 27, 2024

Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now.

95

95

Security Boulevard

JUNE 27, 2024

Most organizations are uncertain about the effectiveness of their cybersecurity investments, despite increasing budgets and rampant cyber incidents, according to Optiv’s 2024 Threat and Risk Management Report. The post Security Budgets Grow, but Inefficiencies Persist appeared first on Security Boulevard.

Risk 91

Risk Cybersecurity CISO Security Awareness 91

The Hacker News

JUNE 27, 2024

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.

Cybersecurity 94

Cybersecurity 94

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

JUNE 27, 2024

In a recent cybersecurity advisory, Juniper Networks disclosed a critical vulnerability identified as CVE-2024-2973, which has earned a severity rating of 10 on the CVSS scale. This vulnerability affects the Session Smart Router (SSR),... The post CVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass Vulnerability appeared first on Cybersecurity News.

Authentication 95

Authentication Cybersecurity 95

Security Affairs

JUNE 27, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability CVE-2020-13965 Roundcube Webmail

Hacking 92

Hacking Cybersecurity Risk Information Security 92

Security Boulevard

JUNE 27, 2024

Cloud security has become a major focus for organizations worldwide as they battle with a growing number of data breaches and application sprawl that makes defense more complicated. The post Cloud Security Tops Priority List for Organizations Globally appeared first on Security Boulevard.

Data breaches 90

Data breaches Security Awareness Cybersecurity 90

Security Affairs

JUNE 27, 2024

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank. The LockBit ransomware group hasn’t hacked the Federal Reserve as it has recently claimed, the real victim is the Evolve Bank. Last week, the LockBit gang announced that it had breached the systems of the Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.

Hacking 92

Hacking Banking Retail Ransomware 92

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

ZoneAlarm

JUNE 27, 2024

Cryptocurrency has revolutionized the financial landscape, offering decentralized and secure transactions. However, this innovation has also attracted a myriad of scams, with fraudsters continuously devising new ways to exploit unsuspecting victims. Recently, the FBI issued a warning about a disturbing new trend: fake law firms targeting individuals who have already fallen victim to cryptocurrency scams. … The post FBI Warns Public About Fake Law Firms Preying on Crypto Scam Victims appear

Scams 90

Scams Cryptocurrency Mobile Cybersecurity 90

Bleeping Computer

JUNE 27, 2024

The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. [.

Government 84

Government 84

Malwarebytes

JUNE 27, 2024

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows RAT , also via Google ads. The macOS stealer being dropped in this latest campaign is actively being developed as an Atomic Stealer competitor, with a large part of its code base being the same as its pr

VPN 87

VPN Malware Advertising Password Management 87

We Live Security

JUNE 27, 2024

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.

Threat Reports 93

Threat Reports Threat Detection 93

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureWorld News

JUNE 27, 2024

Luxury department store chain Neiman Marcus Group has become the latest victim in a series of cyberattacks targeting users of the Snowflake data warehousing platform. The breach affected nearly 65,000 shoppers and exposed sensitive personal information. In a letter to affected customers , Neiman Marcus stated: "We are writing to notify you of an issue that involves certain of your personal information.

Retail 79

Retail Accountability Authentication Cyber threats 79

Webroot

JUNE 27, 2024

If you’re using cyber security software from Kaspersky Lab, Inc, you will need to find an alternative solution soon. On June 20, 2024, the U.S. Department of Commerce banned software from the Russian-owned company , saying it posed an unacceptable risk to national security. Citing the Russian government’s offensive cyber capabilities and its capacity to influence Kaspersky’s operations, Commerce Department regulators are strongly encouraging individuals and businesses that use Kaspersky products

Software 79

Software Antivirus Malware Risk 79

Graham Cluley

JUNE 27, 2024

Four alleged members of the FIN9 cybercrime gang have been charged in relation to a series of hacks that caused over US $71 million of losses for companies across the United States. Read more in my article on the Hot for Security blog.

Cybercrime 77

Cybercrime Hacking Phishing 77

Bleeping Computer

JUNE 27, 2024

The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. [.

Ransomware 79

Ransomware 79

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity