App Developers Increasingly Targeted via Slack, DevOps Tools
Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.
23-09-2022 20:19

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play
The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.
23-09-2022 20:04

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
23-09-2022 18:11

How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000
For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.
23-09-2022 18:04

Starlink is getting a lot slower as more people use it, speed tests show
Starlink capacity limits hit users—SpaceX says more satellites will make it faster.
23-09-2022 17:57

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps
Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.
23-09-2022 15:22

How Europe Is Using Regulations to Harden Medical Devices Against Attack
Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack.
23-09-2022 15:05

Neglecting Open Source Developers Puts the Internet at Risk
From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.
23-09-2022 14:00

Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11
With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.
23-09-2022 13:00

Mitigating Risk and Communicating Value in Multicloud Environments
Protecting against risk is a shared responsibility that only gets more complex as you mix the different approaches of common cloud services.
23-09-2022 13:00

Android Banking Users Targeted With Fake Rewards Phishing Scam
Earlier today reports of an SMS-based phishing campaign were announced, targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. According to the Microsoft 365 Defender Research Team, the messages c
23-09-2022 10:23

Twitter Password Reset Bug Uncovered User Accounts
Yesterday Twitter announced that they had remediated an issue that allowed accounts to stay logged in across multiple devices even after a voluntary password reset. In an update earlier this week, the social media company explained that the bug meant use
23-09-2022 09:55

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group
Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.
23-09-2022 00:00

Artist receives first known US copyright registration for latent diffusion AI art
Registration of AI-assisted comic comes amid fierce online debate about AI art ethics.
22-09-2022 21:38

Developer Leaks LockBit 3.0 Ransomware-Builder Code
Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.
22-09-2022 20:48

CircleCI, GitHub Users Targeted in Phishing Campaign
Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.
22-09-2022 20:27

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.
22-09-2022 19:49

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups
NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.
22-09-2022 19:38

Malicious npm Package Poses as Tailwind Tool
Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.
22-09-2022 18:31

AI model from OpenAI automatically recognizes speech and translates it to English
"Whisper" open source model may become a building block in future speech-to-text apps.
22-09-2022 16:48

Allurity Acquires Spanish Multinational Aiuken Cybersecurity
22-09-2022 14:15

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses
Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.
22-09-2022 14:00

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.
22-09-2022 13:50

Palo Alto Networks 5G-Native Security Now Available on Microsoft Azure Private Multi-Access Edge Compute
22-09-2022 13:44

Synopsys Finds Significant Increase in Practices to Bolster Software Supply Chain Security
Analysing the software security practices of 130 organisations including Adobe, PayPal and Lenovo, Synopsys’s Building Security in Maturity Model (BSIMM) report has found a nearly 50% surge in activities to secure open source software components an
22-09-2022 11:23

Fearing copyright issues, Getty Images bans AI-generated artwork
Getty sidesteps potential legal problems from unresolved rights and ethics issues.
21-09-2022 22:32

Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist
The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector.
21-09-2022 22:12

Quantify Risk, Calculate ROI
SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack.
21-09-2022 21:51

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards
The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.
21-09-2022 20:30

The record-setting DDoSes keep coming, with no end in sight
As DDoSes continue to innovate, their attacks grow ever bigger.
21-09-2022 19:15

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance
At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.
21-09-2022 18:36

Hackers Paralyze 911 Operations in Suffolk County, NY
Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls.
21-09-2022 18:09

Data Scientists Dial Back Use of Open Source Code Due to Security Worries
Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows.
21-09-2022 18:00

Don't Wait for a Mobile WannaCry
Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon.
21-09-2022 17:00

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.
21-09-2022 16:18

Artist finds private medical record photos in popular AI training data set
LAION scraped medical photos for AI research use. Who's responsible for taking them down?
21-09-2022 15:43

15-Year-Old Python Flaw Slithers into Software Worldwide
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.
21-09-2022 15:28

Ransomware: The Latest Chapter
As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.
21-09-2022 14:00

The CVE Program Recognizes Dragos as a Numbering Authority for Common Vulnerabilities and Exposures
Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). As a CNA, Dragos is authorized t
21-09-2022 10:34

Net Consulting’s UK sovereign SOC achieves Palo Alto Networks XMDR certification
Net Consulting Ltd., a specialised digital consultancy and managed-services provider for the public and private sectors, has announced it has become a Palo Alto Networks Cortex® XMDR Specialization partner, joining a select group of channel partners who
21-09-2022 08:56

Experts Weigh in on Rockstar GTA Leak
Rockstar Games, the publishers behind the popular Grand Theft Auto (GTA) franchise, announced earlier this week that data from the latest instalment of the GTA series has been leaked online. The leak is being described as one of gaming’s biggest se
21-09-2022 08:55

Microsoft Brings Zero Trust to Hardware in Windows 11
A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.
21-09-2022 03:33

$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned
"Astonishing failures" over a 5-year span.
20-09-2022 21:22

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat
Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.
20-09-2022 20:33

Comcast promises huge boost to cable upload speeds by end of 2023
Full Duplex DOCSIS expected in 2023 but won't be available to everyone at first.
20-09-2022 19:20

2-Step Email Attack Uses Powtoon Video to Execute Payload
The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.
20-09-2022 19:14

Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info
The airline and the fintech giant both fell to successful phishing attacks against employees.
20-09-2022 19:00

Cast AI Introduces Cloud Security Insights for Kubernetes
The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability.
20-09-2022 18:20

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.
20-09-2022 17:37

Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks
Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals.
20-09-2022 17:16

How to Dodge New Ransomware Tactics
The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves.
20-09-2022 17:00

No Motivation for Quantum Without Regulatory Push
What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.
20-09-2022 16:44

No Enterprise Push for Quantum Without Regulatory Push
What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.
20-09-2022 16:44

Nvidia’s powerful H100 GPU will ship in October
Nvidia's "Hopper" AI chip is in full production, eight major vendors shipping products soon.
20-09-2022 16:22

New Kaspersky EDR Optimum Further Simplifies Protection Against Evasive Threats
20-09-2022 14:59

Deepfake audio has a tell and researchers can spot it
With deepfake audio, that familiar voice on the other end of the line might not even be human.
20-09-2022 14:52

ThreatQuotient Enhances Data-Driven Automation Capabilities With New ThreatQ TDR Orchestrator Features
Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.
20-09-2022 14:52

SASE Bucks Economic Uncertainty With Over 30% Growth in 2Q 2022, According to Dell'Oro Group
Overall SASE Spend on Pace to Top $6 Billion in 2022.
20-09-2022 14:46

Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code
The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.
20-09-2022 14:34

Byos Releases Free Assessment Tool to Provide Companies With Tailored Network Security Recommendations
Assessment tool instantly generates a detailed report breaking down a company’s current network security maturity and recommended next steps.
20-09-2022 14:24

Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure
A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward.
20-09-2022 14:00

CrowdStrike ups the ante with investment in API security leader, Salt Security
CrowdStrike (Nasdaq: CRWD), the cloud-delivered protection of endpoints, cloud workloads, identity and data organisation, has announced that its strategic investment arm, Falcon Fund, has invested in Salt Security, the leader in Application Programming I
20-09-2022 10:54

American Airlines Announce Data Breach Exposing Customer and Staff Information
Earlier today, American Airlines became the latest big-name brand to announce a data breach, after an unauthorized actor compromised employee inboxes. A statement released from the aerospace giant confirmed that the source of the incident was a phishing
20-09-2022 10:48

CrowdStrike Investment Spotlights API Security
The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.
20-09-2022 00:00

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack
The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.
19-09-2022 21:24

Rockstar Games Confirms 'Grand Theft Auto 6' Breach
The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.
19-09-2022 21:01

AI software helps bust image fraud in academic papers
Proofig and ImageTwin software help detect fudged "Western blot" image data in academic papers.
19-09-2022 19:32

Cyberattackers Make Waves in Hotel Swimming Pool Controls
Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more.
19-09-2022 18:12

Kiwi Farms has been breached; assume passwords and emails have been leaked
Harassment site is down for now after hacker gains access to admin account.
19-09-2022 17:18

5 Ways to Improve Fraud Detection and User Experience
If we know a user is legitimate, then why would we want to make their user experience more challenging?
19-09-2022 16:59

TPx Introduces Penetration Scanning, Expands Security Advisory Services
TPx, a leading nationwide managed services provider (MSP) delivering cybersecurity, managed networks, and cloud communications, today announced the addition of penetration scanning to its Security Advisory Services portfolio.
19-09-2022 16:58

5 Steps to Strengthening Cyber Resilience
Organizations are thinking about their cyber resilience. Here are five steps security teams should take.
19-09-2022 16:00

Cyberattack Costs for US Businesses up by 80%
Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge.
19-09-2022 14:00

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
16-09-2022 20:37

Artists begin selling AI-generated artwork on stock photography websites
Using software that creates art on demand, some artists attempt to cash in on AI-generated content.
16-09-2022 20:16

Tackling Financial Fraud With Machine Learning
Financial services firms need to learn how — and when — to put machine learning to use.
16-09-2022 20:00

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.
16-09-2022 18:30

Keep Today's Encrypted Data From Becoming Tomorrow's Treasure
Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure.
16-09-2022 18:00

Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack
By telling AI bot to ignore its previous instructions, vulnerabilities emerge.
16-09-2022 17:38

Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known
“I announce I am a hacker and Uber has suffered a data breach,” intruder says on Slack.
16-09-2022 17:29

DDoS Attack Against Eastern Europe Target Sets New Record
The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.
16-09-2022 17:24

Hacker Pwns Uber Via Compromised VPN Account
A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.
16-09-2022 14:21

Highlights of the 2022 Pwnie Awards
Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.
16-09-2022 14:08

Business Application Compromise & the Evolving Art of Social Engineering
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.
16-09-2022 14:00

Cost of Living Crisis Impact on Online Activity
A new survey conducted amongst 600 parents across the UK by Censuswide on behalf of International Cyber Expo found that 40% of parents believe children will turn to cyber crime during the cost of living crisis. The survey also revealed that 40% of parent
16-09-2022 11:03

Zoom Systems Crash Left Users Helpless
Earlier this week, it was reported that the Zoom video conference platform was down and experienced an outage preventing users from logging in or joining meetings. An incident posted on Zoom’s service status page, revealed that the company confirme
16-09-2022 10:30

MIRACL Trust ID Branded ‘an authentication solution that lives up to its name’ by financial services industry analysts Celent
 MIRACL, a single-step, multi-factor authentication provider have been given a gowing review in a CELENT Solution Report into their offering. Compiled by Zil Bareisis in July of this year, the report opens with the admission that ‘over the years, industr
16-09-2022 10:29

Crypto Scams Skyrocket as Domains Surge 335%
It has been predicted that cryptocurrency scams are set to explode after researchers reported a triple-digit increase in registered domains in the first half of 2022, compared to the whole of last year. Cyber security service provider, Group-IB said that
16-09-2022 09:30

Trojanized versions of PuTTY utility being used to spread backdoor
Threat actor has connections to hackers backed by North Korean government.
16-09-2022 00:37

Have AI image generators assimilated your art? New tool lets you check
New search engine combs through harvested images used to train Stable Diffusion, others.
15-09-2022 21:04

Note to Security Vendors: Companies Are Picking Favorites
A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition among cybersecurity vendors.
15-09-2022 20:31

Malware on Pirated Content Sites a Major WFH Risk for Enterprises
Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.
15-09-2022 19:37

Will the Cloud End the Endpoint?
When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.
15-09-2022 19:00

Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.
15-09-2022 19:00

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched
Electron-based Teams apps can be easily mined for tokens and used for phishing.
15-09-2022 17:27

New AI assistant can browse, search, and use web apps like a human
Adept's ACT-1 has learned how to automate complex UI tasks in web apps using an AI model.
15-09-2022 16:52

Ukraine’s cyberwar chief sounds like he’s winning
Yurii Shchyhol gives a rare interview about the state of the online conflict with Russia.
15-09-2022 16:34

5 Steps to Strengthening Cyber Resilience
Organizations are thinking about their cyber resilience. Here are five steps security teams should take.
15-09-2022 16:00

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.
15-09-2022 14:40

Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security
Solution addresses compliance challenges in complex landscapes
15-09-2022 14:22

source : arstechnica, darkreading, itsecurityguru