The Last Watchdog

OCTOBER 10, 2023

As tragic as it is, we are in a space where video has become a crucial asset in wartime. Related: Apple tool used as warfare weapon Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

Metadata 130

Metadata Military Encryption Communications 130

The Last Watchdog

OCTOBER 9, 2023

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. Related: Setting IoT security standards At Black Hat 2023 , I had the chance to visit with Olivier Gaudin , founder and co-CEO, and Johannes Dahse , head of R&D, at SonarSource , a Geneva, Switzerland-based supplier of systems to achieve Clean Code.

IoT 231

IoT Security IT 231

Krebs on Security

OCTOBER 9, 2023

The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS, saying there was a problem with a package destined

Phishing 303

Phishing Analytics Passwords Government 303

Data Breach Today

OCTOBER 13, 2023

Researcher Published Proof-of-Concept Exploit Code 1 Day After Vendor Issued Patch Ransomware-wielding attackers are targeting unpatched versions of FTP software that is widely used by large enterprises, including government and educational organizations. A researcher released proof-of-concept exploit code for WS_FTP software just one day after Progress Software issued its patch.

Ransomware 336

Ransomware Education Government IT 336

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. The experts reported that at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide were shipped with the backdoored firmware.

e-Discovery 145

e-Discovery Retail Manufacturing Security 145

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks.

Libraries 245

Libraries Authentication Communications Cloud 245

Data Breach Today

OCTOBER 10, 2023

Threat Actor Likely Operates From A Region With A Strategic Interest In Taiwan A previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country's manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team says it likely operates "from a region with a strategic interest in Taiwan.

Manufacturing 341

Manufacturing Cybersecurity Government IT 341

Security Affairs

OCTOBER 12, 2023

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker , a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights.

Ransomware 144

Ransomware Personal data Access Cybersecurity 144

Schneier on Security

OCTOBER 11, 2023

There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Passwords 141

Passwords IT 141

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

The Last Watchdog

OCTOBER 11, 2023

Emmen, Switzerland, Oct. 11, 2023 — Recent research by the National Cyber Security Centre (NCSC) has found UK law firms are increasingly appealing targets for cybercriminals interested in stealing and exploiting client data. Hybrid working has been cited as a challenge for firms attempting to maintain secure working practices and protect client confidentiality, but as cyberattacks become more sophisticated, the data that law firms hold are targeted for ransomware and insider trading.

Cloud 113

Cloud Data breaches Cybersecurity Phishing 113

Data Breach Today

OCTOBER 11, 2023

Microsoft Says Campaign Exploiting Escalation Flaw Began in September A Chinese nation state hacking group is exploiting a zero day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say. The company attributes the campaign to a Chinese nation-state hacking group designates Storm-0062.

321

321

Security Affairs

OCTOBER 8, 2023

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder illegally gained funds.

Blockchain 140

Blockchain Analytics Risk Security 140

Jamf

OCTOBER 10, 2023

Jamf releases Jamf Pro 11.0! In this blog, learn more about the blending of modern design principles and the powerful management workflows our customers are accustomed to. Paired with new exciting features that ensure that MacAdmins of all experience levels feel right at home with the latest iteration of the best-in-breed, Apple-first, Apple-best MDM solution.

MDM 131

MDM 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Dark Reading

OCTOBER 10, 2023

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.

139

139

Data Breach Today

OCTOBER 13, 2023

Firm Seeks 60-Day Marketing, Sale Process to Test Value of Assets, Equity in Market A "cloud of uncertainty" strained IronNet's cash flows and negatively affected liquidity to the point where the cybersecurity vendor had to begin winding down operations. The firm once valued at $1.2 billion experienced financial and operating difficulties leading up to Thursday's Chapter 11 filing.

Sales 305

Sales Marketing Cloud Cybersecurity 305

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Ransomware 140

Ransomware Archiving Encryption Cybersecurity 140

Schneier on Security

OCTOBER 12, 2023

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge.

Passwords 126

Passwords IT 126

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

The Last Watchdog

OCTOBER 9, 2023

Atlanta, GA, Oct. 9, 2023 — Jonathan Shihao Ji, a computer science professor at Georgia State University, has received a $10 million grant from the Department of Defense (DoD) to address critical problems in artificial intelligence (AI) and robotics with a focus on human-robot interaction, 3D virtual environment reconstruction, edge computing and trustworthy AI In recent years, AI has become more and more prevalent in our world, powering search engines, voice assistants and self-driving c

Artificial Intelligence 100

Artificial Intelligence Cloud Communications Privacy 100

Data Breach Today

OCTOBER 7, 2023

Brand-New Android Smartphones, Tablets and Connected TVs Harboring Trojan Backdoor Tens of thousands of knockoff Android products manufactured in China including TV streaming boxes reached consumers infected with malware, say cybersecurity researchers. Human Security says it uncovered a related operation that earned millions per month in an online advertising fraud scheme.

Manufacturing 290

Manufacturing Cybersecurity Security IT 290

Security Affairs

OCTOBER 11, 2023

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai -based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from multiple vendors, including D-Link, Zyxel, TP-Link, and TOTOLINK.

IoT 135

IoT Risk Security IT 135

Hunton Privacy

OCTOBER 9, 2023

On September 29, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) released a new paper on its Ten Recommendations for Global AI Regulation. The paper is part of CIPL’s Accountable AI project and follows several earlier contributions including Artificial Intelligence and Data Protection in Tension (October 2018), Hard Issues and Practical Solutions (February 2020), and Artificial Intelligence and Data Protection: How the GDPR Regulates AI (March 2020).

Paper 123

Paper Artificial Intelligence GDPR Risk 123

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

WIRED Threat Level

OCTOBER 13, 2023

The rapid spread of violent videos and photos, combined with a toxic stew of mis- and disinformation, now threatens to spill over into real-world violence.

Security 131

Security 131

Data Breach Today

OCTOBER 10, 2023

Parliamentary Committee Heads Says In-Person Appearance Would be "Beneficial" The head TikTok has been summoned by European lawmakers from different parliamentary committees for an inquiry into its privacy practices. In a letter sent to the TikTok CEO Shou Zi Chew on Thursday, the heads of five European Parliament committees requested that Chew appear for an in-person probe.

Privacy 308

Privacy IT 308

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user. “Ado

IT 138

IT Encryption Cybersecurity Risk 138

eSecurity Planet

OCTOBER 13, 2023

Penetration testing is a critically important cybersecurity practice, but one that many organizations lack the on-staff skills to do themselves. Fortunately, there are many pentesting services out there that can do the job for them across a range of budgets and needs. And many organizations that do have on-staff pentesting expertise want the objective view of an outsider to better discover vulnerabilities and weaknesses that hackers might otherwise find first, and so even the most advanced organ

Cloud 120

Cloud Cybersecurity Compliance Security 120

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

WIRED Threat Level

OCTOBER 7, 2023

A “friendlier” front for racist extremism has spread rapidly across the US in recent months, as active club channels network on Telegram's encrypted messaging app.

Encryption 126

Encryption Security 126

Data Breach Today

OCTOBER 12, 2023

Web Servers Need Patching; Google, Amazon, Cloudflare See Massive DDoS Attacks Attackers have been actively exploiting vulnerabilities in the HTTP/2 protocol via so-called rapid request attacks, which Amazon Web Services, Cloudflare and Google report have led to record-breaking distributed-denial-of-service attacks. Experts recommend immediate patching or mitigation.

297

297

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) provides known IOCs, TTPs, and detection methods associated with the AvosLocker ransomware variant employed in recent attacks.

Ransomware 131

Ransomware Systems administration Cybersecurity Encryption 131