The Last Watchdog

OCTOBER 10, 2023

As tragic as it is, we are in a space where video has become a crucial asset in wartime. Related: Apple tool used as warfare weapon Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

Metadata 130

Metadata Military Encryption Communications 130

The Last Watchdog

OCTOBER 9, 2023

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. Related: Setting IoT security standards At Black Hat 2023 , I had the chance to visit with Olivier Gaudin , founder and co-CEO, and Johannes Dahse , head of R&D, at SonarSource , a Geneva, Switzerland-based supplier of systems to achieve Clean Code.

IoT 231

IoT Security IT 231

Krebs on Security

OCTOBER 9, 2023

The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS, saying there was a problem with a package destined

Phishing 318

Phishing Analytics Passwords Government 318

Data Breach Today

OCTOBER 10, 2023

Threat Actor Likely Operates From A Region With A Strategic Interest In Taiwan A previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country's manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team says it likely operates "from a region with a strategic interest in Taiwan.

Manufacturing 344

Manufacturing Cybersecurity Government IT 344

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

OCTOBER 13, 2023

The rapid spread of violent videos and photos, combined with a toxic stew of mis- and disinformation, now threatens to spill over into real-world violence.

Security 145

Security 145

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks.

Libraries 262

Libraries Authentication Communications Cloud 262

Data Breach Today

OCTOBER 13, 2023

Researcher Published Proof-of-Concept Exploit Code 1 Day After Vendor Issued Patch Ransomware-wielding attackers are targeting unpatched versions of FTP software that is widely used by large enterprises, including government and educational organizations. A researcher released proof-of-concept exploit code for WS_FTP software just one day after Progress Software issued its patch.

Ransomware 336

Ransomware Education Government IT 336

WIRED Threat Level

OCTOBER 7, 2023

A “friendlier” front for racist extremism has spread rapidly across the US in recent months, as active club channels network on Telegram's encrypted messaging app.

Encryption 144

Encryption Security 144

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. The experts reported that at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide were shipped with the backdoored firmware.

e-Discovery 145

e-Discovery Retail Manufacturing Security 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Schneier on Security

OCTOBER 11, 2023

There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Passwords 143

Passwords IT 143

Data Breach Today

OCTOBER 11, 2023

Microsoft Says Campaign Exploiting Escalation Flaw Began in September A Chinese nation state hacking group is exploiting a zero day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say. The company attributes the campaign to a Chinese nation-state hacking group designates Storm-0062.

321

321

WIRED Threat Level

OCTOBER 10, 2023

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.

Passwords 143

Passwords IT Security 143

Security Affairs

OCTOBER 12, 2023

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family that has been active since 2017.

CMS 143

CMS Security IT Information Security 143

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

eSecurity Planet

OCTOBER 12, 2023

Cyber attackers frequently use legacy technology as part of their attack strategies, targeting organizations that have yet to implement mitigations or upgrade obsolete components. In an Active Directory environment, one such component is legacy protocols, which attackers can use to gain access to Active Directory. While patching (or even virtual patching ) might help address obsolete components, most legacy components have been thoroughly evaluated by adversaries to determine whether they should

Risk 140

Risk Security Authentication Encryption 140

Data Breach Today

OCTOBER 10, 2023

Parliamentary Committee Heads Says In-Person Appearance Would be "Beneficial" The head TikTok has been summoned by European lawmakers from different parliamentary committees for an inquiry into its privacy practices. In a letter sent to the TikTok CEO Shou Zi Chew on Thursday, the heads of five European Parliament committees requested that Chew appear for an in-person probe.

Privacy 314

Privacy IT 314

Dark Reading

OCTOBER 10, 2023

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.

139

139

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Ransomware 143

Ransomware Archiving Encryption Cybersecurity 143

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

OCTOBER 9, 2023

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

IT 139

IT Blockchain Security 139

Data Breach Today

OCTOBER 13, 2023

Firm Seeks 60-Day Marketing, Sale Process to Test Value of Assets, Equity in Market A "cloud of uncertainty" strained IronNet's cash flows and negatively affected liquidity to the point where the cybersecurity vendor had to begin winding down operations. The firm once valued at $1.2 billion experienced financial and operating difficulties leading up to Thursday's Chapter 11 filing.

Sales 306

Sales Marketing Cloud Cybersecurity 306

Schneier on Security

OCTOBER 12, 2023

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge.

Passwords 133

Passwords IT 133

Security Affairs

OCTOBER 8, 2023

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder illegally gained funds.

Blockchain 143

Blockchain Analytics Risk Security 143

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

WIRED Threat Level

OCTOBER 12, 2023

Whoever looted FTX on the day of its bankruptcy has now moved the stolen money through a long string of intermediaries—including a service owned by FTX itself.

IT 135

IT Blockchain Security 135

Data Breach Today

OCTOBER 9, 2023

Emergency Responder Among Several Recent Cisco Product Vulnerability Advisories Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.

Communications 303

Communications 303

Jamf

OCTOBER 10, 2023

Jamf releases Jamf Pro 11.0! In this blog, learn more about the blending of modern design principles and the powerful management workflows our customers are accustomed to. Paired with new exciting features that ensure that MacAdmins of all experience levels feel right at home with the latest iteration of the best-in-breed, Apple-first, Apple-best MDM solution.

MDM 131

MDM 131

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user. “Ado

IT 141

IT Encryption Cybersecurity Risk 141

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

WIRED Threat Level

OCTOBER 13, 2023

Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated.

Security 135

Security 135

Data Breach Today

OCTOBER 11, 2023

Social Media Account Used to Spread Links to Commercial Spyware Malware Amnesty International says the Vietnamese government is likely behind a wave of attempted Predator spyware infections against targets including members of the U.S. Congress and European officials. Central to the campaign was an account on social media network X (formerly Twitter).

Government 302

Government 302

Dark Reading

OCTOBER 10, 2023

An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.

Libraries 131

Libraries Risk 131