Sat.Sep 09, 2023 - Fri.Sep 15, 2023

article thumbnail

Cybersecurity the Biggest Challenge for Smaller Organizations

Security Boulevard

A survey identified cybersecurity as the biggest challenge small organizations face today, with 49% more concerned than they were six months ago. The post Cybersecurity the Biggest Challenge for Smaller Organizations appeared first on Security Boulevard.

article thumbnail

On Robots Killing People

Schneier on Security

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move things along. The one-ton robot continued to work silently, smashing into Williams’s head and instantly killing him.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

article thumbnail

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. Over the decades, it’s grown in a way that has left it with many inherent vulnerabilities. These vulnerabilities, not borne out of malice, were the result of choices made with limited information available at the time.

Internet 290
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 364

Troy Hunt

I'm in Spain! Alicante, to be specific, where we've spent the last few days doing family wedding things, and I reckon we scrubbed up pretty well: Getting fancy in Spain 😍 pic.twitter.com/iDFmBORnHa — Troy Hunt (@troyhunt) September 9, 2023 Next stop is Amsterdam and by the end of today, we'll be sipping cold beer canal side in the 31C heat 😎 Meanwhile, this week's video focuses mostly on the Dymocks breach and the noteworthiness of what appears to be ex

article thumbnail

Fake Signal and Telegram Apps in the Google Play Store

Schneier on Security

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org.

Malware 335

More Trending

article thumbnail

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

article thumbnail

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

Tech Republic Security

Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code.

article thumbnail

Zero-Click Exploit in iPhones

Schneier on Security

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Spyware 334
article thumbnail

Space Systems and IoT: What Are the Biggest Cyber Threats?

Lohrman on Security

In this interview with Dick Wilkinson, CTO at Proof Labs, we explore the cyber threats in space and on the Internet of Things, and how they impact each of us.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CyberSecurity and Artificial Intelligence Expert Joseph Steinberg To Discuss Building Trust in AI

Joseph Steinberg

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will speak as part of a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Tuesday, September 12, 2023 at 2 PM US Eastern time. Steinberg’s session, entitled Building Trust in AI: Addressing Security Fears in AI Adoption , will feature a discussion with three other notable figures from the world of AI: Yihua Liao, Ph.D.

article thumbnail

Check Point: Hackers Are Dropping USB Drives at Watering Holes

Tech Republic Security

Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives.

CISO 212
article thumbnail

Cars Have Terrible Data Privacy

Schneier on Security

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post.

article thumbnail

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

The Last Watchdog

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

China-Linked Hackers Breached a Power Grid—Again

WIRED Threat Level

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

Hacking 145
article thumbnail

New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

Tech Republic Security

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware.

Malware 201
article thumbnail

On Technologies for Automatic Facial Recognition

Schneier on Security

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

article thumbnail

Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family

The Hacker News

A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deliver LockBit (attributed to Bitwise Spider or Syrphid) in the target network.

Malware 145
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

We Live Security

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor.

145
145
article thumbnail

Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool

Tech Republic Security

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page.

261
261
article thumbnail

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

The Hacker News

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Free Download Manager backdoored – a possible supply chain attack on Linux

SecureList

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

Software 145
article thumbnail

Want a New Job? Explore Opportunities at the 10 Top US Startup Ecosystems

Tech Republic Security

Written by: Kirstie McDermott Silicon Valley is just one of a number of key US startup ecosystems fueling startups, all of which drive investment and job creation: check where new opportunities are in the US right now.

article thumbnail

LLM Summary of My Book Beyond Fear

Schneier on Security

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book. Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World :

article thumbnail

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

The Hacker News

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts.

Phishing 145
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open. LastPass's own assessment was that "it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best pr

Phishing 145
article thumbnail

Dreamforce 2023: Salesforce Expands Einstein AI and Data Cloud Platform

Tech Republic Security

The Einstein 1 platform links Salesforce CRM data and generative AI. Plus, Trust Layer allows organizations to have control over their own data.

article thumbnail

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings , which are located in multiple states, including California, Tex

Hacking 145
article thumbnail

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

The Hacker News

Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.

145
145
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!