2 Lenses for Examining the Safety of Open Source Software
Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.
26-05-2023 21:03

130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach
26-05-2023 19:47

Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia.
26-05-2023 19:32

Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
26-05-2023 17:32

Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.
26-05-2023 16:45

Green hills forever: Windows XP activation algorithm cracked after 21 years
Please, please, please do not actually install XP and use it. But if you must…
26-05-2023 14:45

How Safe Is Your Wearable Device?
To mitigate risk, both developers and users must include security principles and technologies as core foundations in new devices.
26-05-2023 14:00

Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes
Ukraine head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism."
26-05-2023 00:15

Among AI dangers, deepfakes worry Microsoft president most
Brad Smith urges steps to curtail deepfakes "with an intent to deceive or defraud."
25-05-2023 22:10

'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns
This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.
25-05-2023 21:53

Red Hat Tackles Software Supply Chain Security
The new Red Hat Trusted Software Supply Chain services help developers take a secure-by-design approach to build, deploy, and monitor software.
25-05-2023 21:50

Unearthed: CosmicEnergy, malware for causing Kremlin-style power disruptions
Researchers say never-before-seen malware may be used in Russian training exercises.
25-05-2023 21:38

CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown
Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security.
25-05-2023 21:30

Lazarus Group Striking Vulnerable Windows IIS Web Servers
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
25-05-2023 21:18

Netflix's Password-Sharing Ban Offers Security Upsides
The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.
25-05-2023 20:52

Perception Point Report Finds That Advanced Phishing Attacks Grew by 356% in 2022
Perception Point's 2023 Annual Report: Cybersecurity Trends & Insights' analyzes the most prevalent cyberattack trends amidst today's complex threat landscape, identifying an overall increase of 87% in the total number of attacks over the course of last
25-05-2023 19:48

Memcyco Delivers Real-Time Brandjacking Detection and Protection Solution
25-05-2023 19:24

OpenAI CEO raises $115M for crypto company that scans people’s eyeballs
Worldcoin investor insists "Orb" iris scanner is not a "dystopian nightmare."
25-05-2023 19:18

Bank of Ghana Opens SOC to Enable Threat Intelligence Sharing
Bank of Ghana's security operations center will boost visibility into threats and enable threat intelligence sharing, it says.
25-05-2023 17:24

Minnesota enacts right-to-repair law that covers more devices than any other state
Just one state demanding free repair manuals could benefit all fixers.
25-05-2023 16:35

'Operation Magalenha' Attacks Give a Window Into Brazil's Cybercrime Ecosystem
A campaign against customers of Portuguese banks uses a capable financial malware strain dubbed PeepingTitle, written in the Delphi programming language.
25-05-2023 14:56

Google Cloud Bug Allows Server Takeover From CloudSQL Service
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.
25-05-2023 14:18

Dangerous Regions: Isolating Branch Offices in High-Risk Countries
Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape.
25-05-2023 14:00

CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams
In the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears.
25-05-2023 13:00

Tips to Protect Against Holiday and Airline Scams
Summer holidays are fast approaching, and many of us are eagerly planning our vacations. Whether it’s a long-awaited reunion with loved ones, a leisurely exploration of a new destination, or simply an adventure in the making, booking a holiday is a
25-05-2023 11:24

New security model launched to eliminate 95% of cyber breaches
A new security model has been launched this week, dubbed Access Segmentation and Encryption Management (ASEM), which is being touted as the most comprehensive cybersecurity protection available today. The model, which is currently only available through
25-05-2023 11:20

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool
KnowBe4 has launched its new and complementary QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organisations in identifying users that are most susceptible to scanning malicious QR codes. Many organisations are aware of the
25-05-2023 07:08

The lightning onset of AI—what suddenly changed? An Ars Frontiers 2023 recap
Google and Microsoft managers discussed tech's hottest topic during Ars Frontiers.
24-05-2023 23:31

Chinese state hackers infect critical infrastructure throughout the US and Guam
Group uses living-off-the-land attack and infected routers to remain undetected.
24-05-2023 23:11

'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.
24-05-2023 22:09

Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities
The new software-led solution enables organizations to defend against cybersecurity threats in their operational technology (OT) environments.
24-05-2023 21:52

Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident
24-05-2023 21:29

Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers
DryRun security seeks to bridge the gap between developers and security professionals by automating security analysis in code reviews before deployment.
24-05-2023 21:27

Appdome Launches Build-to-Test, Automated Testing Option for Protected Mobile Apps
New capability streamlines automated testing of cybersecurity and anti-fraud features in android and iOS apps in virtual and cloud testing suites.
24-05-2023 21:20

Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations
Attackers primarily target on-premises IT infrastructures.
24-05-2023 20:50

Threat Actors Compromise Barracuda Email Security Appliances
The company's ESG appliances were breached, but their other services remain unaffected by the compromise.
24-05-2023 19:54

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.
24-05-2023 18:15

Legit app in Google Play turns malicious and sends mic recordings every 15 minutes
The malicious iRecorder app has come to light, but its purpose remains shrouded.
24-05-2023 17:49

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps
A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.
24-05-2023 17:45

How Universities Can Bridge Cybersecurity's Gender Gap
It's time to invest in initiatives that engage young women in cybersecurity early and often.
24-05-2023 17:00

Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.
24-05-2023 16:30

How AI Can Help Organizations Adapt and Recover From Cyberattacks
Incident response playbooks and frameworks are leaving defenders ill-equipped to recover from the increasing number of successful cyberattacks. Developments in AI offer a new way for stretched teams to manage security incidents and heal swiftly.
24-05-2023 16:00

5 Questions to Ask When Evaluating a New Cybersecurity Technology
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.
24-05-2023 14:00

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated
Today, Salt Security released new threat research from Salt Labs that details several critical security flaws in the Expo framework. The flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilised by Expo
24-05-2023 13:14

Gartner Names Synopsys Leader in Application Security Testing for Seventh Consecutive Year
Synopsys, Inc. (Nasdaq: SNPS) today announced it has been named by Gartner, Inc. as a Leader in the “Magic Quadrant™ for Application Security Testing” for the seventh consecutive year.1 In the report, Gartner evaluated 12 application security testing ven
24-05-2023 12:34

How to Streamline Communication with Microsoft Teams Operator Connect
In today’s modern workplace, clear and efficient communication is essential for teams to work collaboratively and achieve their goals. As remote work becomes increasingly common, it’s more important than ever to have tools that streamline com
24-05-2023 09:08

How Your Business Could Protect Its Cybersecurity in a Surprisingly Cost-Effective Fashion
Cybersecurity is critical to any company. It helps to protect your organisation, workforce and clients from cyber-attacks. By doing this, you are reducing the chance of identity theft, data breaches, ransomware, and many other types of cyber threats.  Yo
24-05-2023 09:05

Google Adds Guardrails to Keep AI in Check
Companies are starting to address the misuse of artificial intelligence (AI). At Google I/O, for example, executives promised its AI has safety measures.
24-05-2023 01:52

SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.
23-05-2023 21:25

Fake Pentagon “explosion” photo sows confusion on Twitter
Incident shows weakness of Twitter's verification system, speed of misinformation.
23-05-2023 21:01

What Security Professionals Need to Know About Aggregate Cyber-Risk
Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe.
23-05-2023 19:56

FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes
Victims of the cybercrime schemes are coerced to participate through violence and having their belongings taken away.
23-05-2023 19:38

Adobe Photoshop’s new “Generative Fill” AI tool lets you manipulate photos with text
Firefly-powered AI generations match image perspective, lighting, and style.
23-05-2023 19:07

A New Look for Risk in Awareness Training
Changes in the way risk is viewed are leading to changes in the way training is conducted.
23-05-2023 17:00

Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.
23-05-2023 14:52

Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
A February 2022 attack knocked the giant tire maker's North American operations offline for several days.
23-05-2023 14:00

Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.
23-05-2023 14:00

Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones
BrutePrint requires just $15 of equipment and a little amount of time with a phone.
22-05-2023 22:31

Improving Cybersecurity Requires Building Better Public-Private Cooperation
Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.
22-05-2023 21:42

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.
22-05-2023 20:52

Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.
22-05-2023 19:29

IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area
The purchase gives IBM access to a new category of products called "data security posture management" for security data in cloud and SaaS repositories.
22-05-2023 15:21

Cyber Warfare Lessons From the Russia-Ukraine Conflict
Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.
22-05-2023 14:00

Using Tech For Good: Introducing The Zensory
“We know that there’s a problem within the cybersecurity industry when it comes to burnout – and it’s a problem that’s only getting worse.” That’s what Yvonne Eskenzi, Co-Founder of wellbeing and productivity app The Zensory, has noticed over the p
22-05-2023 11:03

CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine
19-05-2023 21:55

It took 48 hours, but the mystery of the mass Asus router outage is solved
Asus finally responds after being castigated by users.
19-05-2023 20:26

Apple Patches 3 Zero-Days Possibly Already Exploited
In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.
19-05-2023 20:04

Data Siloes: Overcoming the Greatest Challenge in SecOps
It's not lack of data that's the problem, but the inability to piece it together to truly understand and reduce risk.
19-05-2023 19:38

3 Common Initial Attack Vectors Account for Most Ransomware Campaigns
The data shows how most cyberattacks start, so basic steps can help organizations avoid becoming the latest statistic.
19-05-2023 19:00

Fearing leaks, Apple restricts ChatGPT use among employees
Cloud AI tools could leak confidential Apple company data; Apple works on its own LLM.
19-05-2023 16:16

How to prevent against the 5 main types of insider threats
Over one in ten data breaches originate from a malicious insider, and they cost companies $4.18 million dollars per incident. And that’s only the malicious ones.   According to the 2023 Insider Threat Report by Cybersecurity Insiders, nearly three-fourth
19-05-2023 14:23

Keep Your Friends Close and Your Identity Closer
As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.
19-05-2023 14:00

Toyota Japan confirms decade-long security breach affecting more than 2M customers
Japanese auto firm, Toyota, recently announced that a decade-long data breach in its online service has compromised information on more than 2 million vehicles at risk. Customers affected included those who signed up for the T-Connect network service bet
19-05-2023 13:25

Google Debuts Quality Ratings for Security Bug Disclosures
New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.
19-05-2023 13:05

Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App
Kiddoware is the world’s leading parental control solutions company with a wide range of products and  serving over 5 million families worldwide. Kiddoware is committed in helping you to protect your kids while providing you intelligence to be proactive
19-05-2023 12:35

AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap
85% of AppSec pros say ability to differentiate between real risks and noise is critical, yet only 38% can do so today; mature DevOps organizations cite widespread impact due to lack of cloud-native tools
19-05-2023 09:12

Potentially millions of Android TVs and phones come with malware preinstalled
The bane of low-cost Android devices is showing no signs of going away.
19-05-2023 00:36

Enterprises Rely on Multicloud Security to Protect Cloud Workloads
As enterprises adopt multicloud, the security picture has gotten foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.
18-05-2023 23:29

Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
Will new TLDs undo decades of work to stop malicious links?
18-05-2023 21:47

KeePass Vulnerability Imperils Master Passwords
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.
18-05-2023 21:33

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.
18-05-2023 20:37

CEO: Raspberry Pi is “where we said we’d be” for 2023, recovery to follow
Following "lousy first quarter," Upton expects "hundreds of thousands" by Q3.
18-05-2023 20:15

10 Types of AI Attacks CISOs Should Track
Risk from artificial intelligence vectors presents a growing concern among security professionals in 2023.
18-05-2023 18:05

Microsoft Azure VMs Hijacked in Cloud Cyberattack
Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.
18-05-2023 17:50

AI in your pocket: ChatGPT officially comes to iPhone with new app
App brings popular AI assistant to an official mobile client app for the first time.
18-05-2023 17:48

Embedding Security by Design: A Shared Responsibility
Security by design can't be just a best practice — it has to become a fundamental part of software development.
18-05-2023 17:00

OX Security Launches OX-GPT, AppSec's First ChatGPT Integration
Customized fix recommendations and cut and paste code fixes dramatically reduce remediation times.
18-05-2023 15:49

Satori Augments Its Data Security Platform With Posture Management and Data Store Discovery Capabilities
With the new additions to Satori's Data Security Platform, companies gain unprecedented visibility to answer "Where is all my data?" and "Who has access to it?"
18-05-2023 15:45

Once Again, Malware Discovered Hidden in npm
Turkorat-poisoned packages sat in the npm development library for months, researchers say.
18-05-2023 15:27

LexisNexis Risk Solutions Cybercrime Report Reveals 20% Annual Increase in Global Digital Attack Rate
Elevated attack rate expected to remain during 2023 as cybercrime becomes more sophisticated and widespread.
18-05-2023 14:51

WithSecure Launches New Range of Incident Response and Readiness Services
New retainer provides expert support starting in the first 72 hours of the incident response process to contain the attack and improve preparedness for the future.
18-05-2023 14:21

3 Ways Hackers Use ChatGPT to Cause Security Headaches
As ChatGPT adoption grows, the industry needs to proceed with caution. Here's why.
18-05-2023 14:00

ActZero Teams Up With UScellular to Secure Mobile Devices From Ransomware Attacks
AI-powered cyber defense service protects against phishing attacks for businesses on unlimited handset plans.
18-05-2023 13:49

LayerZero Labs Launches $15M Bug Bounty; Largest in the World
Launched in partnership with Immunefi, bounty to promote Web3 security.
18-05-2023 13:41

Eagle Eye Networks and Brivo Announce $192M Investment — One of the Largest Ever in Cloud Physical Security
SECOM CO., LTD, a $15B enterprise and one of the largest security integration companies in the world, invests in the two global cloud physical security leaders, accelerating the use of AI and improving safety and security.
18-05-2023 13:29

Time Taken For Hackers to Crack Passwords Revealed
New Specops Software research has unearthed the length of time it takes modern attackers to brute force user passwords. Plain text password storage is rare in these modern times, requiring attackers to adopt password cracking methods to make use of the m
18-05-2023 09:34

Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise
Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say.
17-05-2023 22:00

5 Ways Security Testing Can Aid Incident Response
Organizations can focus on these key considerations to develop their cybersecurity testing programs sustainably.
17-05-2023 20:52

BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA
CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks.
17-05-2023 20:33

Verizon abandons its confusing mess of six “unlimited” wireless plans
Verizon simplifies its data plans: Do you want the fast one or the slow one?
17-05-2023 20:16

source : arstechnica, darkreading, itsecurityguru