The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption IoT Authentication Security 311

Data Breach Today

DECEMBER 12, 2023

Parliamentary Committee Says UK Must Be More Aggressive A U.K. parliamentary committee investigating ransomware threats recommended a more aggressive stance against threat actors and said the government should consider making incident reporting mandatory and provide government support for public sector victims "to the point of full recovery.

Ransomware 321

Ransomware IT Government 321

Krebs on Security

DECEMBER 12, 2023

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete c

IT 254

IT Security 254

WIRED Threat Level

DECEMBER 14, 2023

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.

IT 145

IT Security 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Related: Adopting an assume-breach mindset With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on two questions that all company leaders should have top of mind: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at

Cybersecurity 258

Cybersecurity Phishing Authentication Analytics 258

Security Affairs

DECEMBER 10, 2023

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Cybersecurity 145

Cybersecurity Security IT Information Security 145

WIRED Threat Level

DECEMBER 11, 2023

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

Privacy 138

Privacy Security 138

The Last Watchdog

DECEMBER 14, 2023

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? •What should I be most concerned about – and focus on – in 2024?

Cybersecurity 234

Cybersecurity Encryption Marketing Risk 234

Data Breach Today

DECEMBER 11, 2023

Alphv/BlackCat Claimed Responsibility for May Attack A Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.

Ransomware 320

Ransomware IT 320

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

DECEMBER 10, 2023

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

Access 145

Access IT Security Information Security 145

WIRED Threat Level

DECEMBER 11, 2023

With its war against Russia raging on, Ukraine has begun raising funds to rebuild homes and structures one by one using its own crowdfunding platform.

IT 137

IT Security 137

The Last Watchdog

DECEMBER 10, 2023

Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.

Cybersecurity 203

Cybersecurity Security Marketing Risk 203

Data Breach Today

DECEMBER 13, 2023

'Oxygen of Publicity' Helps Intimidate Victims and Recruit Affiliates, Experts Warn Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative. Experts are warning security researchers and journalists to beware being co-opted.

Ransomware 316

Ransomware Marketing Security 316

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

DECEMBER 12, 2023

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over 197K app users and nearly 23K drivers were exposed.

Encryption 144

Encryption Passwords Marketing Risk 144

WIRED Threat Level

DECEMBER 14, 2023

Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

IT 136

IT Security 136

Schneier on Security

DECEMBER 12, 2023

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.

Manufacturing 135

Manufacturing Libraries Security IT 135

Data Breach Today

DECEMBER 15, 2023

Alan Turing Institute Calls for 'Shift in Mindset' to Tackle National Security Risk The U.K. national institute for artificial intelligence urged the government to establish red lines against the use of generative AI in scenarios in which the technology could take an irreversible action without direct human oversight. The U.K. government has sought to cultivate responsible AI.

Artificial Intelligence 306

Artificial Intelligence Government Risk Security 306

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange between peers.

Blockchain 143

Blockchain Communications Ransomware IT 143

WIRED Threat Level

DECEMBER 13, 2023

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

Military 135

Military IT Security 135

KnowBe4

DECEMBER 11, 2023

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian government.

Phishing 132

Phishing Government Security 132

Data Breach Today

DECEMBER 12, 2023

Ukrainian President Volodymyr Zelenskyy Is in Washington Ukrainian telecom operator Kyivstar was the target of a cyberattack that knocked internet access and mobile communications offline on the same day Ukrainian President Volodymyr Zelenskyy is in Washington to boost the case for additional military aid.

Military 306

Military Communications Access 306

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

DECEMBER 11, 2023

The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.

Security 144

Security Information Security IT 144

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).

IoT 128

IoT Cloud IT Government 128

KnowBe4

DECEMBER 12, 2023

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.

Security awareness 130

Security awareness Security 130

Data Breach Today

DECEMBER 14, 2023

Gambling and Retail Firms Top Targets of 'GambleForce' Group, Researchers Warn A recently spotted hacking group with a penchant for using open source tools has been using a less-than-novel tactic: exploiting SQL injection flaws. So warn researchers who recently detected attacks by the group, codenamed GambleForce, which appears to focus on gambling and retail firms.

Retail 305

Retail 305

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

DECEMBER 15, 2023

Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE ( CVE-2023-42325 , CVE-2023-42327 , CVE-2023-42326 ).

Phishing 143

Phishing Authentication Access Security 143

Data Matters

DECEMBER 13, 2023

On 8 December 2023 — following three days of lengthy and intensive negotiations — EU legislators reached political agreement on the world’s first stand-alone law regulating AI: the EU’s AI Act. The EU considers the AI Act as one of its key pieces of legislation and fundamental to ensuring the EU becomes the world’s leading digital economy. The EU aims for the AI Act to have the same ‘Brussels effect’ as the GDPR — in other words, to have a significant impact on global markets and practices.

GDPR 128

GDPR Marketing Privacy IT 128

KnowBe4

DECEMBER 13, 2023

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.

Phishing 126

Phishing Security 126