Tech Republic Security

OCTOBER 15, 2024

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 169

Risk Artificial Intelligence Software Cybersecurity 169

Tech Republic Security

OCTOBER 17, 2024

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

Ransomware 186

Ransomware Artificial Intelligence Software 186

Lohrman on Security

OCTOBER 13, 2024

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 271

Scams 271

Tech Republic Security

OCTOBER 17, 2024

The NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.

Cybersecurity 149

Cybersecurity 149

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

OCTOBER 16, 2024

CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators. The post Apple Enrages IT — 45-Day Cert Expiration Fury appeared first on Security Boulevard.

System Administration 131

System Administration Social Engineering Data privacy IoT 131

Schneier on Security

OCTOBER 18, 2024

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.

Government 217

Government 217

Troy Hunt

OCTOBER 13, 2024

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any att

Artificial Intelligence 194

Artificial Intelligence Data breaches DDOS Internet 194

Tech Republic Security

OCTOBER 16, 2024

Getting buy-in can be difficult. Safe-U founder and CEO Jorge Litvin explains how to create a common language between the CISO and the rest of the C-suite.

CISO 146

CISO Cybersecurity Digital transformation 146

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 228

Malware Cryptocurrency Internet Internet 228

Trend Micro

OCTOBER 14, 2024

Trend Micro's Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.

Cyber threats 143

Cyber threats 143

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

WIRED Threat Level

OCTOBER 15, 2024

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

Artificial Intelligence 135

Artificial Intelligence 135

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT 151

IoT Mobile Cyber threats Internet 151

eSecurity Planet

OCTOBER 18, 2024

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers. According to research by IBM Corp. and the Ponemon Institute, the average security breach cost reached $4.88 million in 2024 — 10% more than the previous year and the highest averag

Cybersecurity 122

Cybersecurity Artificial Intelligence Penetration Testing CISO 122

Security Boulevard

OCTOBER 18, 2024

There are growing concerns among chief information security officers (CISOs) about the evolving demands of their role, with 84% advocating for a split into separate technical and business-focused positions. The Trellix and Vanson Bourne survey of 5,000 CISOs and IT security leaders found that as cybersecurity threats grow more complex and regulatory frameworks expand, there.

CISO 124

CISO Information Security Cybersecurity Risk 124

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Trend Micro

OCTOBER 15, 2024

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Ransomware 129

Ransomware Accountability 129

Tech Republic Security

OCTOBER 17, 2024

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

Ransomware 142

Ransomware Cyber Attacks Cybersecurity 142

The Hacker News

OCTOBER 18, 2024

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.

Technology 121

Technology 121

eSecurity Planet

OCTOBER 15, 2024

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

Cybersecurity 128

Cybersecurity Penetration Testing Cyber threats Firewall 128

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

OCTOBER 18, 2024

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 118

Adware Spyware Mobile Technology 118

Tech Republic Security

OCTOBER 15, 2024

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

Cyber Attacks 165

Cyber Attacks Data breaches Cybersecurity 165

The Hacker News

OCTOBER 17, 2024

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133.

122

122

WIRED Threat Level

OCTOBER 16, 2024

The US has accused two brothers of being part of the hacker group Anonymous Sudan, which allegedly went on a wild cyberattack spree that hit hundreds of targets—and, for one of the two men, even put lives at risk.

Risk 123

Risk Hacking 123

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Trend Micro

OCTOBER 13, 2024

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Malware 128

Malware Security Defenses Phishing Banking 128

Tech Republic Security

OCTOBER 16, 2024

With its questionable privacy policy, slow VPN performance, and lack of independent audits, Urban VPN fails to offer a secure and quality VPN experience.

VPN 131

VPN 131

The Hacker News

OCTOBER 13, 2024

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.

130

130

Security Boulevard

OCTOBER 16, 2024

Fortinet has made generally available a version of the CNAPP it gained that is now integrated with the Fortinet Security Fabric, an orchestration framework the company developed to centralize the management of its cybersecurity portfolio. The post Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio appeared first on Security Boulevard.

Cybersecurity 121

Cybersecurity 121

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

OCTOBER 18, 2024

Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees. Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations. They offer a range of services, including primary care, dental care, behavioral health, and preventive services.

Data breaches 107

Data breaches Healthcare Insurance Engineering 107

Tech Republic Security

OCTOBER 15, 2024

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 132

CISO Software Cybersecurity 132

The Hacker News

OCTOBER 14, 2024

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.

Software 125

Software Risk Cybersecurity 125

Security Boulevard

OCTOBER 14, 2024

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential. The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

Phishing 126

Phishing Cybersecurity 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity