CSO Magazine

JUNE 7, 2023

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139

Adware Malware Banking Mobile 139

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

Firmware 334

Firmware Malware Software Ransomware 334

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

Surveillance 329

Surveillance Computers and Electronics Government Encryption 329

Joseph Steinberg

JUNE 8, 2023

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available in French. Like its first edition counterparts published in several languages, and like the new English-language Second Edition released several months ago, the new French book, La Cybersécurité Pour Les Nuls 2e Édition , is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.

Cybersecurity 243

Cybersecurity Artificial Intelligence Retail Backups 243

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JUNE 6, 2023

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 180

Risk Big data Software Ransomware 180

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.

Accountability 223

Accountability Scams Cryptocurrency Advertising 223

Bleeping Computer

JUNE 6, 2023

The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks. [.

Media 144

Media 144

Tech Republic Security

JUNE 9, 2023

A new study polling software buyers at businesses worldwide finds strong intention to increase budget, with special interest in AI. It also looks at how vendors can engage buyers. The post Firm study predicts big spends on generative AI appeared first on TechRepublic.

Software 179

Software Artificial Intelligence 179

CSO Magazine

JUNE 6, 2023

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145

Malware Cybersecurity 145

Schneier on Security

JUNE 8, 2023

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval: American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite.

Spyware 257

Spyware 257

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JUNE 5, 2023

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145

Malware Social Engineering Engineering Security Awareness 145

Tech Republic Security

JUNE 9, 2023

Get the details about the ransomware group Clop's ultimatum to companies they recently hit with a supply-chain attack. Also, learn cybersecurity mitigation best practices for any organization. The post BBC, British Airways, Boots hit with hackers’ ultimatum after suffering MOVEit supply-chain attack appeared first on TechRepublic.

Ransomware 174

Ransomware Cybersecurity Big data Software 174

Bleeping Computer

JUNE 8, 2023

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [.

141

141

Schneier on Security

JUNE 9, 2023

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Malware 231

Malware Backups Mobile 231

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JUNE 6, 2023

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 135

Hacking 135

Tech Republic Security

JUNE 8, 2023

At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO. The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic.

Artificial Intelligence 164

Artificial Intelligence Firewall Cybersecurity 164

Bleeping Computer

JUNE 8, 2023

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [.

DDOS 139

DDOS 139

Schneier on Security

JUNE 7, 2023

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

Cyber Insurance 221

Cyber Insurance Insurance Cybersecurity 221

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

JUNE 4, 2023

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal.

Banking 136

Banking Accountability Cybercrime 136

Tech Republic Security

JUNE 6, 2023

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 158

Software Mobile 158

Bleeping Computer

JUNE 7, 2023

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 134

Hacking Network Security 134

Duo's Security Blog

JUNE 8, 2023

I love where I work, and between that and my general lack of fashion sense, I wear Duo t-shirts all the time. This means that, on a somewhat regular basis, I get unsolicited feedback from Duo users in grocery store check-out aisles, coffee shops, and on the sidewalk. Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best.

Authentication 132

Authentication VPN System Administration Engineering 132

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

JUNE 8, 2023

If you, or your kids, are fans of Minecraft - you might be wise to not download any new mods of plugins for a while. Read more in my article on the Tripwire State of Security blog.

Malware 126

Malware Cryptocurrency 126

Tech Republic Security

JUNE 7, 2023

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Big data 156

Big data Spyware Mobile Software 156

Bleeping Computer

JUNE 7, 2023

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 132

Mobile Accountability Software 132

Identity IQ

JUNE 6, 2023

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate IdentityIQ To buy a home , you need to apply for a mortgage. But before you do that, you should know how important your credit score is in the mortgage application process since it can significantly impact the mortgage rate you’ll be offered. In this blog, we break down the relationship between credit scores and mortgage rates to help you understand what to expect and how to prepare to buy a home.

Insurance 128

Insurance Identity Theft Risk Marketing 128

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

JUNE 7, 2023

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’. Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

Cyber Attacks 127

Cyber Attacks DDOS Mobile Hacking 127

Tech Republic Security

JUNE 6, 2023

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.

DDOS 145

DDOS Social Engineering Data breaches Engineering 145

Bleeping Computer

JUNE 9, 2023

A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. [.

Banking 140

Banking 140

CSO Magazine

JUNE 5, 2023

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125

CISO Phishing 125

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity