Schneier on Security

JUNE 28, 2024

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

Surveillance 178

Surveillance 178

Malwarebytes

JUNE 28, 2024

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer’s mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.” Temu quickly denied the allegations.

Malware 130

Malware Manufacturing Spyware Mobile 130

Security Boulevard

JUNE 28, 2024

Chinese fast-fashion-cum-junk retailer “is a data-theft business.” The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Malware 125

Malware Retail Social Engineering Data privacy 125

Bleeping Computer

JUNE 28, 2024

RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. [.

Software 114

Software Hacking 114

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

JUNE 28, 2024

The rate of cyberattacks is rising as the threat level continues to evolve, according to BlackBerry Limited’s latest Global Threat Intelligence Report. The post Cyberattack Rate Surges as Novel Malware Growth Accelerates appeared first on Security Boulevard.

Malware 120

Malware Social Engineering Engineering Security Awareness 120

Bleeping Computer

JUNE 28, 2024

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. [.

99

99

The Hacker News

JUNE 28, 2024

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.

Internet 104

Internet Internet Technology 104

Security Boulevard

JUNE 28, 2024

Let’s examine why so many applications remain vulnerable despite high-severity warnings and how to minimize the threat to your organization. The post The Urgency to Uplevel AppSec: Securing Your Organization’s Vulnerable Building Blocks appeared first on Security Boulevard.

Security Awareness 114

Security Awareness Software Cybersecurity 114

WIRED Threat Level

JUNE 28, 2024

WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes.

103

103

The Hacker News

JUNE 28, 2024

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort.

102

102

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JUNE 28, 2024

Crypto-Agility Required to Migrate to a New Certificate Authority (CA) Seamlessly and Highlights Need for Post-Quantum Cryptography (PQC) Readiness This week Google announced that the Google Chrome browser will no longer trust TLS certificates issued by the Entrust Certificate Authority (CA) starting November 1, 2024. Certificates issued by Entrust before October 31, 2024 will remain […] The post Attention: Google To Distrust Entrust TLS Certificates appeared first on Security Boulevard.

Authentication 98

Authentication 98

The Hacker News

JUNE 28, 2024

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5.

99

99

Bleeping Computer

JUNE 28, 2024

Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. [.

Data breaches 96

Data breaches 96

The Hacker News

JUNE 28, 2024

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server.

Cryptocurrency 98

Cryptocurrency Malware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JUNE 28, 2024

Insight #1 Most ransomware deploys a remote-access Trojan (RAT), which allows for secondary infections to occur and enables access to victims’ networks to be sold in Darkweb forums. Insight #2 Most ransomware is delivered initially through the exploitation of a vulnerability. Runtime Security can mitigate this: It’s a highly effective exploit prevention for zero days , unknown vulnerabilities and a broad array of exploit techniques.

Artificial Intelligence 96

Artificial Intelligence Cybersecurity Ransomware 96

The Hacker News

JUNE 28, 2024

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.

Technology 94

Technology 94

Security Affairs

JUNE 28, 2024

A cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber attack began targeting the University Hospital Centre Zagreb (KBC Zagreb), the largest Croatian hospital, on Wednesday night, according to a report by Croatian Radiotelevision. The hospital has shut down its IT infrastructure in response to the cyber attack.

Cyber Attacks 93

Cyber Attacks Banking DDOS Government 93

Heimadal Security

JUNE 28, 2024

We are excited to announce a special release, substantiating our key cross-platform product direction. New features and improvements are rolling out for Linux Ubuntu, macOS, and Windows. The updates are available in the Release Candidate and Production versions of the Heimdal dashboard (4.2.2 RC and 4.1.4 Production), and in the dedicated agent versions: Heimdal for […] The post Cross-Platform Product Release: Heimdal Integrates with HaloPSA appeared first on Heimdal Security Blog.

91

91

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

JUNE 28, 2024

There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog.

Ransomware 88

Ransomware Data breaches 88

Bleeping Computer

JUNE 28, 2024

Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. [.

Ransomware 85

Ransomware 85

Graham Cluley

JUNE 28, 2024

More of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. Read more in my article on the Hot for Security blog.

Data breaches 85

Data breaches 85

SecureBlitz

JUNE 28, 2024

Learn why small businesses should invest in managed IT. Running a small business is challenging enough without wrestling with tech issues. You're juggling countless tasks, from managing team members to keeping your customers happy. Amid all this, you can easily overlook your technological needs. But here's the thing: neglecting your Information Technology (IT) can cost […] The post Why Small Businesses Should Invest In Managed IT appeared first on SecureBlitz Cybersecurity.

Small Business 77

Small Business Technology Cybersecurity 77

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Graham Cluley

JUNE 28, 2024

Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack. The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct their everyday business, to down its IT systems and data centers. Read more in my article on the Exponential-e blog.

Ransomware 82

Ransomware Software Data breaches Malware 82

The Hacker News

JUNE 28, 2024

The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.

Accountability 76

Accountability Software 76

Bleeping Computer

JUNE 28, 2024

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. [.

Data breaches 78

Data breaches 78

WIRED Threat Level

JUNE 28, 2024

More than a dozen men threatened, assaulted, tortured, or kidnapped 11 victims in likely the worst-ever crypto-focused serial extortion case of its kind in the US.

Cryptocurrency 77

Cryptocurrency Hacking 77

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 28, 2024

For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and mitigating security vulnerabilities in web application security. While both aim to enhance application security, they differ significantly in their approach, execution, and outcomes. … DAST Vs.

Penetration Testing 67

Penetration Testing 67

Heimadal Security

JUNE 28, 2024

A new critical authentication bypass flaw in Progress MOVEit Transfer was disclosed, and threat actors are already trying their best to exploit it. The new security flaw, which goes by the number CVE-2024-5806, enables attackers to get around the Secure File Transfer Protocol (SFTP) module’s authentication procedure, which is in charge of handling file transfers […] The post New MOVEit Transfer Critical Vulnerability Targeted by Threat Actors appeared first on Heimdal Security Blog.

Authentication 63

Authentication Cybersecurity 63

Security Boulevard

JUNE 28, 2024

Navigating the landscape of customer interactions is a delicate balancing act that requires constant calibration between security and operability (or usability, if speaking from a customer’s perspective). The post How to Enhance Security Without Affecting the Customer Experience appeared first on Security Boulevard.

Security Awareness 65

Security Awareness Cybersecurity 65

eSecurity Planet

JUNE 28, 2024

Cloud workload security, or cloud workload protection (CWP), refers to the tools and policies used to protect apps, services, and resources that run on cloud infrastructure. It secures virtual machines, databases, containers, and applications against common threats. CWP platforms, now commonly included in cloud-native application protection platforms (CNAPPs), safeguard workloads in public, hybrid, and multi-cloud environments.

Data breaches 62

Data breaches Risk Threat Detection Software 62

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity