Schneier on Security
NOVEMBER 20, 2023
Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.
The Last Watchdog
NOVEMBER 19, 2023
A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
NOVEMBER 19, 2023
Don’t let the most wonderful time of the year turn into a holiday crisis. Here’s help to shop securely online this holiday season.
Tech Republic Security
NOVEMBER 22, 2023
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 22, 2023
Signal has had the ability to manually authenticate another account for years. iMessage is getting it : The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they are. (SMS conversations lack any reliable method for verification—sorry, green-bubble friends.
WIRED Threat Level
NOVEMBER 20, 2023
A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 20, 2023
New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky's security predictions. Get extensive APT mitigation tips, too.
Schneier on Security
NOVEMBER 21, 2023
Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github.
Thales Cloud Protection & Licensing
NOVEMBER 21, 2023
Thales and HPE GreenLake Expand Partnership to Offer Enhanced Data Protection sparsh Wed, 11/22/2023 - 06:41 In a significant stride towards bolstering data security and simplifying key management, Thales is thrilled to announce an expanded partnership with HPE GreenLake. This newfound collaboration paves the way for launching a Centralized Key Management complimentary product offering, an initiative poised to reshape the landscape of data protection and security for enterprises worldwide.
The Hacker News
NOVEMBER 22, 2023
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
NOVEMBER 22, 2023
It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options.
Schneier on Security
NOVEMBER 24, 2023
A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to.
Security Affairs
NOVEMBER 20, 2023
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is g
Bleeping Computer
NOVEMBER 22, 2023
Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
NOVEMBER 22, 2023
Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google's Chrome and Apple’s Safari.
Schneier on Security
NOVEMBER 24, 2023
It’s realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it?
Duo's Security Blog
NOVEMBER 20, 2023
“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined! Unsurprisingly, identity continues to be the 'new perimeter' and stolen credentials remain one of the most common attack vectors today.
Bleeping Computer
NOVEMBER 24, 2023
Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 21, 2023
This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.
Security Affairs
NOVEMBER 19, 2023
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads.
The Hacker News
NOVEMBER 21, 2023
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis.
Bleeping Computer
NOVEMBER 20, 2023
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
NOVEMBER 21, 2023
The partnership with Intel allows for hardware-enforced security and confidentiality on 4th Gen Xeon processors.
SecureList
NOVEMBER 21, 2023
At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict how these cyberthreats will evolve in the coming year to help individuals and businesses to be prepared to face them.
The Hacker News
NOVEMBER 21, 2023
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.
Graham Cluley
NOVEMBER 23, 2023
US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. Read more in my article on the Tripwire State of Security blog.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
NOVEMBER 20, 2023
The overall success of a business is often dependent on its ability to effectively share, transfer and process vast amounts of data. Much of this shared data is sensitive and must be protected wherever it travels on and outside the enterprise network. The best way to accomplish the important task of securing business data is.
Security Affairs
NOVEMBER 18, 2023
An Israeli hacker has been sentenced to 80 months in prison in the US for his role in a massive spear-phishing campaign. Aviram Azari (52) was sentenced to 80 months in prison for computer intrusion, wire fraud, and aggravated identity theft in connection with his involvement in a massive spear-phishing campaign targeting companies and individuals in the U.S. and around worldwide.
The Hacker News
NOVEMBER 20, 2023
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts.
Bleeping Computer
NOVEMBER 19, 2023
A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
289 
Let's personalize your content