cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

How to Check If Someone Else Accessed Your Google Account

The system will show you information about the last 10 times your Gmail account has been accessed, along with the access type (browser, POP, mobile), location (IP address), and the date and time of access.

This can help you identify if any of this access is from an unexpected device, place or time.

Note: If you use a virtual private network (VPN) or a hosted desktop, the location data may reflect information related to your service provider, instead of your physical address.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Ransomware, From a Different Perspective

There may be confidence that ransom demands can be spurned, organizations secure in the knowledge there is a good set of data accessible from a backup location, but who has the last laugh if the attacker has managed to infiltrate this data as well? For this very reason, a part of a ransomware attack can be focused on seeking out and disabling backup data to remove an organization’s ability to combat the attack.

Backup data, therefore, needs equivalent focus and protection to that of operational data. It is very dangerous to assume anything else and failure to extend cybersecurity strategy in this way exposes a vital defense.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Breach Exposes Personal Information of 612K Medicare Recipients

Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said.

No CMS or Department of Health and Human Services systems were impacted, the agency added.

CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

Collide+Power is a generic software-based attack that works against devices powered by Intel, AMD or Arm processors and it’s applicable to any application and any type of data.

The chipmakers are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.

However, the researchers pointed out that Collide+Power is not an actual processor vulnerability — it abuses the fact that some CPU components are designed to share data from different security domains.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

DARPA Program Aims to Strengthen Cybersecurity Via Automation

DARPA says that the INGOTS program will last three years and have two phases: Phase 1 will focus on exploring, designing, developing, and demonstrating tools and techniques;

While Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves

Data has never been more valuable or more vulnerable than it is today.

Ransomware has evolved from taking data hostage to new and malicious ways of monetizing and exploiting businesses and personal data.

But whatever the motivation of an attacker — hackers showing their prowess, hostile governments attacking perceived enemies, criminal greed — the key to being a guardian of one's data is recognizing that security must be built into a data system, not bolted on.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites

Most of the recently named victims are from Canada and include Air Canada, Altus, Amdocs, Constellation Software, EY-Continental Transition, Laurentian Bank of Canada, LendLease, Sierra Wireless, SSC Fraud Risk Assessment, St. Mary's General Hospital Surgical Services Review, Staples Canada, Sun Life Assurance of Canada, United Parcel Service Canada Ltd. and more.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales

The first on the Dark Reading list is so fresh that it hasn't even been released yet.

You'll be able to rent it starting Aug. 15, so it'll be perfect for when you're unpacking or otherwise recovering back home.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Case from Mid- July: Apple fixes critical zero-day hole in iPhones, iPads and Macs

That’s because Apple doesn’t want users to be able to downgrade on purpose to reintroduce old bugs that they now know can be used for jailbreaking devices or installing an alternative operating system, even on devices that Apple itself it no longer supports.

Even if you completely wipe and reinstall your iDevice from scratch via a USB cable, using the built-in DFU (direct firmware update) utility, Apple’s servers know what version you were using before the reinstall, and won’t let you activate an old firmware image onto a device that’s already been upgraded past that point.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

How to Enable or Disable Bitlocker Encryption in Windows

Just as when you encrypted the drive, this process will take a while to complete, but you can keep using your computer as normal with the possibility of slightly worse performance.

Most modern computers should have no noticeable performance differences with BitLocker switched on, so there’s little downside to using the feature unless you lose your recovery key, but then your most important data should always be backed up in more than one location, such as cloud storage.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Case Study: Spain. New Regulation on Commercial Calls

It establishes a set of prohibitions and a series of conditions to be able to make such commercial phone calls in compliance with the General Data Protection Regulation (GDPR).

The rules are more oriented towards B2C (“business to consumers”) commercial campaigns, the circular also regulates the processing of personal data of professionals involved in B2B (“business to business”) commercial phone calls.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Analysts: Cybersecurity Funding Set for Rebound

"While the theme of conservatism and expectations for continued headwinds have remained throughout the first half of the year, we do expect to see strategic activity slowly begin to rebound in the second half of 2023 and into 2024," says Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber.

Financing and M&A activity will both eventually pick up as companies that were able to make do financially so far begin to feel the need for fresh capital to fuel their business, he says.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Breach of Android Tracking App “LetMeSpy” Exposes Contact Information, Messages

The tracking app has been available for about 10 years now, and the company boasts of monitoring over 230,000 devices and logging over 100 million calls and text messages during that time.

Security researchers that have pored through the dumped database believe that the data breach contains information from at least 13,000 devices that the app has been installed on, along with contact information for about 26,000 of its customers and location data points for about 13,400 people.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Serious Security: Rowhammer Returns to Gaslight Your Computer

The giveaway to his criminality is that, in his nightly visits, he not only makes noises that can be heard downstairs, but also needs to turn on the gas lights to see what he’s doing.

Because the entire building is connected to the same gas supply (the play is set in 1880s London, before household electricity replaced gas for lighting), opening and igniting a gas burner in any room causes a temporary pressure drop in the whole system, so that the murderer’s wife notices a brief but telltale dimming of her own lights every time he’s upstairs.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Demystifying Cyber Threats: A Deep Dive Into Lesser-Known Dangers

Trojans, ransomware, phishing, spear phishing, whaling, and social engineering have become household terms. However, there are many more cyber threats – equally potent, if not more – that often go unnoticed.

Form jacking Attacks,IoT Attacks,Deepfake Technology,Side-Channel Attacks,Cloud Jacking,AI-Powered Cyberattacks are some of these threats .

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Truist prepares to use IBM's quantum computers for cybersecurity and AI

The Charlotte-based bank announced Wednesday that it will join the IBM Quantum Accelerator program and welcome IBM to the bank's Innovator in Residence program.

Truist's Innovator in Residence program brings in outside subject matter experts to help the bank innovate. IBM is the newest member; Amazon Web Services and Verizon are existing partners.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Contrast Responsible AI Policy Project | Keeping your business safe in the AI era | Contrast Security

AI is no longer just a concept. It is embedded in our everyday lives, powering a vast array of systems and services, from personal assistants to financial analytics.

The Contrast Responsible AI Policy Project is a testament to our belief in transparency, cooperation and shared growth. As AI continues to evolve, we need to ensure that its potential is harnessed in a responsible and ethical manner.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

What is Data Anonymization? Importance, Tools and Use Cases

The surge in the adoption of advanced technologies such as artificial intelligence, large language models, and growing adoption of cloud-based services, especially by different scale enterprises and mitigating the risk of data breaching, can be considered as attributable factors to the growth of the data masking market.

Data anonymization is critical in many industries where sensitive information is collected and analyzed to gain business insights and comply with regulations

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers

Several ransomware collectives, including new kid on the block Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, REvil, and others have all made the move to Linux and locking up ESXi machines.

Stoking the trend is the release of the VMware-focused Babuk source code, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.

Ransomware hunter Michael Gillespie told BleepingComputer that Abyss Locker's Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as the Cyberpunk 2077 gaming attack two+ years ago.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

A New Era of Transatlantic Data Privacy: Implications for Emerging Markets Within Europe

The adoption of the adequacy decision for the EU-US Data Privacy Framework by the European Commission signals that the US data protection standards meet the rigorous requirements of the EU General Data Protection Regulation (GDPR).

This allows for a seamless flow of data between the EU and the US, providing a high level of protection for European citizens’ data being transferred across the Atlantic.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

SEC Demands Four-Day Disclosure Limit for Cybersecurity !reaches

Simply put, if you’re running a company that offers shares to the public, you need to comply with the rules and regulations of the SEC, which are supposed to give your investors some sort of protection against unsubstantiated claims that disingenuously talk up a proposal, or that sneakily misrepresent the level of risk involved.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Best Practices for Enterprise Private 5G Security

It's clear there is a shared responsibility in 5G networks, and this isn't going to be the same for every organization. 5G networks are likely to be deployed in different ways, as depicted in the figure below.

No matter the deployment model, the enterprise will likely be working with service providers and system integrators at some point throughout their journey, whether that be planning, deployment, or operation.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

'ScarletEel' Hackers Worm Into AWS Cloud

ScarletEel also continues to refine its tactics, according to the latest analysis from the firm — evading cloud security detection mechanisms and reaching into the little-touched AWS Fargate compute engine.

And it has expanded its arsenal by adding DDoS-as-a-service to its list of exploitation techniques.

"So, compared to their prior activity, we see that they're more aware of the victim environment, and they enhanced their abilities in terms of where to go, how to exploit it, and how to evade the defensive security measures that the customers have already begun to implement," says Alessandro Brucato, threat research engineer for Sysdig.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Choice Hotels: Radisson Guest Info Breached in MOVEit Attacks

“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.

While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Ten years on, Snowden Has Had Tremendous Impact – Good and Bad – on Corporate Security

Snowden’s leaks also made us more aware of the lack of data privacy, and it took many years before states began to formulate better laws to protect our privacy.

Some circumstances, such as fighting malware attacks, haven’t changed much, although they have gotten more sophisticated.

We have gotten better tools to defend ourselves and our privacy, and the pace of development was hastened by what Snowden did and how he did it.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Guardz Identifies New 'ShadowVault' macOS Stealer Malware

Guardz's research team first identified the 'ShadowVault' info-stealer in the underground XSS forum in June 2023.

The malicious software is designed to secretly collect sensitive information from compromised systems – like login credentials, financial information, personal identification details, cryptocurrency wallet seed phrases, and more, with the potential to wreak havoc on systems and disrupt operations.

The Guardz team of experts has long maintained anonymous avatars on the dark web to fuel its research in protecting SMEs from rising cyber threats such as this. In doing so, Guardz was able to obtain access to the exclusive forum and identify the new macOS stealer, originally available for rent at $500/month.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Amazon Prime Day Draws Out Cyber Scammers

Currently Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

“The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted".

HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients” - the company says.

The information was extracted from “an external storage location exclusively used to automate the formatting of email messages”.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Razer Data Breach: Alleged Database and Backend Access Sold for $100k

In exchange for the stolen data, ‘Nationalist’ requested a payment of US$100,000 in Monero (XMR) cryptocurrency, but also indicated a willingness to negotiate offers below the asking price.

Monero, unlike Bitcoin, Ethereum or other cryptocurrencies, prioritizes privacy and anonymity, making it challenging to track the movement of funds and identify those involved.

“I have stolen the source code, encryption keys, database, backend access logins etc for razer.com & its products. I do not waste my time with non-serious buyers.

I will be selling this one time. I am looking for $100K in XMR for the entire set of data, including access. MM only. I am looking for offers, not just $100k, can be less,” said the threat actor.

@Cyber_Security_Channel

Читать полностью…
Subscribe to a channel