Schneier on Security

OCTOBER 31, 2023

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million. […] A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating

Wireless 318

Wireless Engineering Government 318

Krebs on Security

NOVEMBER 2, 2023

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service , which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

Cybercrime 312

Cybercrime Marketing Scams Retail 312

The Last Watchdog

OCTOBER 30, 2023

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transitio

Engineering 311

Engineering Mobile Internet Internet 311

Troy Hunt

NOVEMBER 2, 2023

Yes, the Lenovo is Chinese. No, I'm not worried about Superfish. Yes, I'm running windows. No, I don't want a Framework laptop. Seemed to be a lot of time this week gone on talking all things laptops, and there are clearly some very differing views on the topic. Some good suggestions, some neat alternatives and some ideas that, well, just seem a little crazy.

Threat Detection 286

Threat Detection Mobile 286

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

NOVEMBER 3, 2023

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security program has “sufficient resources” to function.

Cybersecurity 305

Cybersecurity Government Risk Banking 305

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains as among the most prevalent in phishing attacks over the past year.

Phishing 309

Phishing Telecommunications Malware Scams 309

Lohrman on Security

OCTOBER 29, 2023

At the InCyber Forum North America, held this past week in Montréal, Canada, the importance of maintaining meaningful global partners in cybersecurity was never more evident.

Cybersecurity 182

Cybersecurity 182

Schneier on Security

NOVEMBER 2, 2023

Apple has warned leaders of the opposition government in India that their phones are being spied on: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….” AccessNow puts this in context : For India to uphold fundamental rights, authorities must initiate an immedi

Spyware 292

Spyware Surveillance Government 292

Joseph Steinberg

NOVEMBER 1, 2023

While many people seem to be discussing the dangers of Artificial Intelligence (AI) – many of these discussions seem to focus on, what I believe, are the wrong issues. I began my formal work with AI while a graduate student at NYU in the mid-1990s; the world of AI has obviously advanced quite a bit since that time period, but, many of the fundamental issues that those of us in the field began recognizing almost 3 decades ago not only remain un-addressed, but continue to pose increasingly l

Artificial Intelligence 169

Artificial Intelligence Social Engineering Engineering Phishing 169

Tech Republic Security

NOVEMBER 1, 2023

The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe's stringent data laws.

Big data 190

Big data 190

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Anton on Security

NOVEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (

Engineering 147

Engineering Architecture Cyber threats Threat Detection 147

Schneier on Security

OCTOBER 30, 2023

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the notoriously high alcohol taxes: Åland is a member of the EU and its currency is the euro, but Åland’s relationship with the EU is regulated by way of a special protocol.

Hacking 282

Hacking 282

Jane Frankland

OCTOBER 31, 2023

C-suites across all industries, from traditional finance to the latest “unicorns” emerging in the fintech industry, are facing a formidable challenge: how to protect their business and customer data against growing cyber threats. However, new research from e2e-assure has revealed that few organisations are taking full advantage of security technologies available today.

CISO 147

CISO Threat Detection Cyber threats Cybercrime 147

Tech Republic Security

NOVEMBER 1, 2023

Research has found 91% of CEOs view IT security as a technical function that's the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.

Cyber Risk 190

Cyber Risk CISO Risk Data breaches 190

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

NOVEMBER 3, 2023

Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy. These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts 2 million users.

Spyware 145

Spyware Advertising Software Cybersecurity 145

Hack the Box

NOVEMBER 2, 2023

Our Head of Security, Ben Rollin, calls on more than a decade of experience in cybersecurity to break down the practical steps to a career in ethical hacking.

Hacking 145

Hacking Cybersecurity 145

Security Affairs

NOVEMBER 3, 2023

The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure.

Media 144

Media Hacking Information Security 144

Tech Republic Security

NOVEMBER 2, 2023

The code of conduct provides guidelines for AI regulation across G7 countries and includes cybersecurity considerations and international standards.

Cybersecurity 184

Cybersecurity Artificial Intelligence 184

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

NOVEMBER 2, 2023

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.

Firmware 145

Firmware 145

WIRED Threat Level

NOVEMBER 2, 2023

CulturePulse's AI model promises to create a realistic virtual simulation of every Israeli and Palestinian citizen. But don't roll your eyes: It's already been put to the test in other conflict zones.

Artificial Intelligence 144

Artificial Intelligence 144

Security Affairs

NOVEMBER 3, 2023

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. According to the company, the threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers.

Data breaches 144

Data breaches Social Engineering Accountability Authentication 144

Tech Republic Security

OCTOBER 30, 2023

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. Protect your company from Octo Tempest with these tips.

Encryption 184

Encryption Social Engineering Engineering Software 184

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 2, 2023

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.

Software 145

Software 145

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started. Once you’ve stored your tens or even hundreds of passwords, a password manager is relatively convenient to use and keep updated.

Passwords 144

Passwords Password Management Data breaches Authentication 144

Security Affairs

OCTOBER 28, 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel ( @vcslab ) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed to the vendors, the ZDI gives them 90 days to address these flaws.

Hacking 145

Hacking Information Security 145

Tech Republic Security

NOVEMBER 2, 2023

Global leaders from 28 nations have gathered in the U.K. for an influential summit dedicated to AI regulation and safety. Here’s what you need to know.

Artificial Intelligence 183

Artificial Intelligence 183

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

OCTOBER 29, 2023

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score: 8.

145

145

SecureList

NOVEMBER 2, 2023

It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some of these mods contain malware alongside legitimate enhancements. A case in point occurred last year when we discovered the Triada Trojan inside a WhatsApp mod.

Malware 143

Malware Spyware Mobile VPN 143

Security Affairs

NOVEMBER 3, 2023

Researchers disclosed four zero-day flaws in Microsoft Exchange that can be remotely exploited to execute arbitrary code or disclose sensitive information on vulnerable installs. Trend Micro’s Zero Day Initiative (ZDI) disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on vulnerable installs.

Authentication 144

Authentication Hacking Information Security 144

Tech Republic Security

NOVEMBER 3, 2023

A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.

VPN 179

VPN Encryption Internet Internet 179

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity