AI promises considerable benefits however there’s still a lot of confusion surrounding the topic, particularly around the terms generative AI and predictive AI.

The post Generative AI vs. Predictive AI: A Cybersecurity Perspective appeared first on Security Boulevard.

For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and mitigating security vulnerabilities in web application security. While both aim to enhance application security, they differ significantly in their approach, execution, and outcomes. …

DAST Vs. Penetration Testing: Comprehensive Guide to Application Security Testing Read More »

The post DAST Vs. Penetration Testing: Comprehensive Guide to Application Security Testing appeared first on Security Boulevard.

A threat group dubbed Unfurling Hemlock infects targeted campaign with a single compressed file that, once executed, launches a 'cluster bomb' of as many as 10 pieces of malware that include loaders, stealers, and backdoors.

The post Unfurling Hemlock Tossing ‘Cluster Bombs’ of Malware appeared first on Security Boulevard.

Chinese fast-fashion-cum-junk retailer “is a data-theft business.”

The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Microsoft details Skeleton Key, a new jailbreak technique in which a threat actor can convince an AI model to ignore its built-in safeguards and respond to requests for harmful, illegal, or offensive requests that might otherwise have been refused.

The post Skeleton Key the Latest Jailbreak Threat to AI Models: Microsoft appeared first on Security Boulevard.

A convincing live stream featuring a seemingly-legitimate Donald Trump YouTube channel quickly gained massive traction before the U.S. Presidential debate Thursday, reaching nearly half the number of subscribers as the official Donald Trump YouTube channel before it was taken down. The channel and Trump deepfake urged viewers to donate in cryptocurrency, with promises of substantial rewards in exchange. The video was titled with keywords related to the official Presidential debate between Trump and Biden while sharing a fake promotional website and QR code for donations through Bitcoin, Ethereum, Doge and Tether cryptocurrencies.

Fake Trump Cryptocurrency Promotion Scam Streamed Ahead of Presidential Debate

The timing of the fake live stream coincided with the scheduled debate this week between current U.S. President Joe Biden and former President and challenger Donald J. Trump. Scammers behind the campaign appeared to be taking advantage of actual statements made by Trump supporting cryptocurrency in the past, coupled with a repeated AI-generated video where he sits alongside popular YouTuber Logan Paul to speak about promoting cryptocurrency within the United States if elected. [caption id="attachment_79454" align="alignnone" width="1351"] Screenshot taken from the livestream.[/caption] The fake video appears to stem from an edit of a podcast video where Trump joined the YouTuber to speak on various issues, including the election, U.S. politics, his personal life and his opponent. The edited fake video shared a QR code and website (donaldtrump[.]gives) where viewers could be tricked into making donations. The website incorporates official Trump campaign branding for the 2024 presidential election, sharing instructions for participation in the "unique event," a multiplier to lure visitors with calculations on how much cryptocurrency they would receive in return for their donation, and a "live" feed of ongoing donations made to the shared cryptocurrency addresses. [caption id="attachment_79477" align="alignnone" width="690"] Cryptocurrency addresses involved with the scam[/caption] "During this unique event, you have the opportunity to take a share of 2,000 BTC & 50,000 ETH & 500,000,000 DOGE & 50,000,000 USDT. Have a look at the rules and don't miss out on this. You can only participate once!" the scam website stated. According to details from a WhoIs lookup, the website appears to have been registered on June 27th, the same day as the Presidential debate, using a Russian registrant.

YouTube Channel Connected To Scam Taken Down

The YouTube channel behind this promotion was taken down shortly after a report to YouTube, but the website promoted during the stream still appears to be up and running. The channel was noted to have about 1.38 million subscribers before its takedown, nearly half the subscriber count (2.9 million) for the official Donald J Trump YouTube channel. [caption id="attachment_79462" align="alignnone" width="606"] Email confirmation of Channel takedown[/caption] It is unknown if the live transaction feed featured on the scam website reflects actual real-time transactions. The full extent and the victim count from this cryptocurrency scam is unknown; details of the campaign have been sent to CRIL (Cyble Research and Intelligence Labs) researchers for further investigation. [caption id="attachment_79474" align="alignnone" width="2604"] Screenshot of alleged transactions[/caption] The campaign highlights the threat of Artificial Intelligence content to election-related processes, legitimate campaign donations and impersonation of candidates or well-known figures. In a recent incident, crypto scammers had taken over the YouTube channel of Channel 7 News Australia to use a deepfake Elon Musk to promote dubious crypto investments.

💾

Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.

The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek.

Navigating the landscape of customer interactions is a delicate balancing act that requires constant calibration between security and operability (or usability, if speaking from a customer’s perspective).

The post How to Enhance Security Without Affecting the Customer Experience appeared first on Security Boulevard.

Let’s examine why so many applications remain vulnerable despite high-severity warnings and how to minimize the threat to your organization.

The post The Urgency to Uplevel AppSec: Securing Your Organization’s Vulnerable Building Blocks appeared first on Security Boulevard.

The rate of cyberattacks is rising as the threat level continues to evolve, according to BlackBerry Limited’s latest Global Threat Intelligence Report.

The post Cyberattack Rate Surges as Novel Malware Growth Accelerates appeared first on Security Boulevard.

2 min read Sticky note security now plagues application and service connections, necessitating a shift to more mature workload access safeguards.

The post How to Advance Breach Protection Against Non-Human Identity Threats in Workloads appeared first on Aembit.

The post How to Advance Breach Protection Against Non-Human Identity Threats in Workloads appeared first on Security Boulevard.

A data security officer from the Manila Bulletin has admitted to hacking 93 websites, including government and private company sites, as well as servers abroad. The hacker, known by the alias "Kangkong," was arrested along with two others by the National Bureau of Investigation (NBI) Cybercrime Division on June 19 following reports of multiple unauthorized access attempts and breaches. Kangkong issued a public apology to President Marcos, the general public, and especially the military community for his actions.

Implications for Philippines National Security

Kangkong's hacking spree exposed significant vulnerabilities in the cybersecurity measures of various organizations. Among the high-profile targets were the peacekeeping operations center website of the Armed Forces of the Philippines, the mail server of the National Security Council, and the Join the PH Army website. The hacker along with two others individuals were arrested by the National Bureau of Investigation (NBI) Cybercrime Division on June 19 after reports of multiple unauthorized access attempts and breaches on websites. [caption id="attachment_79338" align="alignnone" width="1200"] Arrested data officer Kangkong (Source: www.onenews.ph)[/caption] The hacker acknowledged the serious consequences of his actions, including the potential exposure of sensitive data of soldiers to foreign entities. "That's when I realized that we have many enemies and we should not be going against each other," Kangkong stated. The officer revealed in an interview with ABS-CBN that he had left specific pictures on compromised websites as proof of his involvement.

Senior Technology Officer May Be Implicated

In his extrajudicial confession, Kangkong initially implicated Art Samaniego, Manila Bulletin's senior technology officer, as the person who ordered the hacking of several websites. However, he later expressed regret for this claim. Samaniego has denied allegations that he ordered the hacking to boost his social media reach. The NBI Cybercrime Division has issued a subpoena for Samaniego to explain his side to the authorities. Meanwhile, the Manila Bulletin has suspended Samaniego pending an internal investigation. Kangkong also highlighted the inadequate cybersecurity measures in place for government and private companies' websites, stating that this was a key factor in his ability to hack them. He urged organizations to invest in security measures to prevent similar breaches in the future. Kangkong's confession highlights the urgent need for improved cybersecurity measures in the Philippines. He emphasized that inadequate security was a key factor in his ability to breach these websites. "Cybersecurity is not really a priority in the Philippines," he stated, urging organizations to invest in better security measures despite the associated costs.

A newly disclosed vulnerability in Progress MOVEit Transfer has sparked concern among cybersecurity experts due to the lingering memory of high-profile attacks by ransomware gangs using a different vulnerability last year that hit organizations such as the BBC and FBI. The new authentication bypass flaw, officially designated CVE-2024-5806, could potentially allow unauthorized access to sensitive data. MOVEit Transfer, designed for large-scale enterprise use, boasts features compliant with regulations like PCI and HIPAA. It offers various file transfer methods, including SFTP and HTTPS, making it a critical component in many organizations' data management infrastructure. Progress initially kept details of CVE-2024-5806 under wraps, advising customers to patch systems before its disclosure. On June 25th, 2024, Progress officially un-embargoed the vulnerability, revealing that it affects both MOVEit Transfer version 2023.0 and newer, as well as MOVEit Gateway version 2024.0 and newer.

Progress MOVEit Vulnerability Details

WatchTowr Labs was sent details of the vulnerability by a user who identified as 'dav1d_bl41ne' on its IRC channel, an unusual method of vulnerability sharing, the researchers noted. The researchers decided to investigate further, setting up a test environment to replicate the vulnerability. [caption id="attachment_79318" align="alignnone" width="471"] Source: labs.watchtowr.com[/caption] The debugger output from the test environment showed that the server was throwing exceptions and attempting to access files in unexpected ways. Upon further investigation, the researchers discovered that the vulnerability could be exploited by providing a valid file path instead of the SSH public key during authentication. This led to the server attempting to access the file, giving the attacker unauthorized access to the system. The researchers shared the following steps on exploiting the vulnerability:

• Upload a public key to the File Transfer server.
• Rather than supplying a legitimate public key, send a file path to the public key, signing the authentication request with the same public key.
• The key will be accepted by the server with successful login, allowing for the access of target files.

The flaw affects MOVEit Transfer versions 2023.0 and newer, as well as MOVEit Gateway 2024.0 and later. Progress describes it as an "Improper Authentication vulnerability" in the SFTP module that could lead to "Authentication Bypass in limited scenarios." In limited scenarios, CVE-2024-5806 allows for authentication bypass, potentially giving attackers unauthorized access to sensitive files. The vulnerability is particularly concerning because the software is widely used among enterprises, making it a prime target for APT groups, ransomware gangs, and other malicious actors. Progress has shared the following recommendations to prevent exploitation of the flaw:

• Block public inbound RDP access to MOVEit Transfer server(s).
• Limit outbound access on MOVEit Transfer server(s) to only trusted endpoints.

According to a post on X from The Shadowserver Foundation, the foundation has already observed active exploitation attempts using the vulnerability soon after its disclosure. [caption id="attachment_79326" align="alignnone" width="1170"] Source: X.com[/caption]

Implications of the MOVEit Vulnerability

The discovery of this vulnerability soon after major exploitation last year has reignited discussions about the security of file transfer solutions in enterprise environments. The potential for unauthorized access to sensitive files could have far-reaching consequences for the large number of enterprises that rely on MOVEit Transfer. While the full extent of the vulnerability's impact is still being assessed, the incident has sparked more debate about responsible disclosure practices in the cybersecurity community. Some argue that early, private notifications to affected parties are crucial, while others advocate for more transparent, public disclosures to ensure widespread awareness and prompt action. As the situation develops, IT administrators and security professionals are advised to stay vigilant, monitor for any signs of exploitation, and implement recommended security measures to protect their MOVEit Transfer deployments.  

By now, you’ve likely seen the LinkedIn posts, the media stories, and even some formerly-known-as “Tweets”: The latest exploit to hit front pages is the malicious use of polyfill.io, a popular library used to power a large number of web browsers. As per usual, there’s a ton of speculation about what’s happening. Is this the […]

The post Third-Party Trust Issues: AppSec Learns from Polyfill appeared first on OX Security.

The post Third-Party Trust Issues: AppSec Learns from Polyfill appeared first on Security Boulevard.

Meta Description: Discover how data-centric security supports the hybrid cloud strategy of Cloudera Data Platform users. Learn about the benefits of hybrid cloud, data management, and secure data sharing.

The post Boost Hybrid Cloud Strategy with Cloudera and comforte’s Data-Centric Security appeared first on Security Boulevard.

Ensuring the security of your customers’ and partners’ data is paramount in today’s digital environment. That’s why Service Organization Control 2 (SOC 2®) compliance has emerged as a widely recognized cybersecurity audit framework. SOC 2® reporting has been adopted by more businesses to demonstrate their commitment to strong cybersecurity practices. Let’s explore what a SOC 2® report...

The post A Step-by-Step Guide to Getting a SOC 2® Report appeared first on Hyperproof.

The post A Step-by-Step Guide to Getting a SOC 2® Report appeared first on Security Boulevard.

Scammers are exploiting the buzz around the 2024 Paris Olympics to lure victims into investing in initial coin offerings (ICOs). These scams tend to promise big returns on "Olympic" tokens. The campaigns manufacture hype around such offerings through the use of use fake websites, AI-generated images, and social media campaigns to entice investors.

 Olympics Initial Coin Offerings (ICO) Fraud

Researchers from Trend Micro uncovered a recent scheme that claimed to offer an official "Olympics Games Token" for sale. The Olympic Games Token ICO website, theolympictoken[.]com, was registered on March 30, 2024, and its website went live a day later.  The website also links to a legitimate Olympics 2024 logo and a countdown to the event, making it seem like a legitimate project. [caption id="attachment_79264" align="alignnone" width="395"] Source: trendmicro.com[/caption] It linked to a "whitepaper" – a document explaining the project's tech and goals. But that link led nowhere useful. Instead of details, it dumped visitors on the official Olympics website. Red flag number one. A Twitter account and Telegram channel pushed followers to buy tokens ASAP. When the original site got shut down, a near-identical one (olympictokensolana[.]com) popped up under a new name. The researchers spotted at least ten other websites using 2024 Olympics-associated branding to lure victims into ICO scams; some of them were shut down shortly after their discovery.

Use of AI-Generated Images Olympics in ICO Scams

[caption id="attachment_79257" align="alignnone" width="1263"] Source: trendmicro.com[/caption] The researchers remarked that AI-generated images are becoming increasingly common in such ICO scams, as they offer a cost-effective and time-efficient way to create convincing lures. Cybercriminals can use AI to generate text, correct spelling and grammatical errors, and even create sentences in languages they do not speak. [caption id="attachment_79256" align="alignnone" width="384"] Source: trendmicro.com[/caption] The researchers spotted at least three other ICO Olympics scam websites employing the usage of AI-generated imagery for promotion.

Spotting Fake ICO Campaigns

ICOs have gained significant attention as cryptocurrency continues to be adopted in various industries. While most new tokens lack utility and are simply memecoins, it does not always mean they are scams. Investors should be vigilant and look out for potential scams and rug-pulls. A legitimate ICO should have a proper website and social media presence, a transparent team, an active community, a comprehensive whitepaper, legitimacy of claims, token distribution, smart contract audit, and liquidity management. The researchers have shared the following guidelines to help identify such scams:

• Proper website and social media presence: The researchers stated that scam sites are often poorly designed or lack active presence on social media.
• Transparent team: Cross-check the identities and credentials of the teams behind the offering. Anonymity is a red flag.
• Active community: Genuine projects have engaged followers on platforms like Discord, Twitter or Telegram, which suggests genuine interest and support.
• Comprehensive whitepaper: A whitepaper that outlines the project's goals, utility, and technical aspects, which demonstrates a thorough understanding of the project's concept and planning.
• Legitimacy of claims: Claims backed by verifiable evidence, such as partnerships, use cases, and endorsements.
• Token distribution: Avoid projects with highly concentrated token ownership which might increase the chances of exit scams.
• Smart contract audit: Audit by reputable third-parties, which identify vulnerabilities.
• Liquidity management: Liquidity is locked to prevent premature withdrawals and is decentralized among the community, which secures investors' funds.

In the case of the Olympic Games Token, the website raised several red flags such as a very low number of token holders and an invalid whitepaper link. Investors and those interested in cryptocurrency should follow adequate precautions to avoid falling victim to such scams. Experts have been monitoring Olympics-related search engine results and social media activity to counter fraudulent ticketing scams and coordinated disinformation campaigns.

Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn.

The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek.

Researchers have identified three distinct nation-state campaigns leveraging advanced highly evasive and adaptive threat (HEAT) tactics.

The post Three Nation-State Campaigns Targeting Healthcare, Banking Discovered appeared first on Security Boulevard.

Aqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets.

The post ‘Phantom’ Source Code Secrets Haunt Major Organizations appeared first on SecurityWeek.

Cloud security has become a major focus for organizations worldwide as they battle with a growing number of data breaches and application sprawl that makes defense more complicated.

The post Cloud Security Tops Priority List for Organizations Globally appeared first on Security Boulevard.

Most organizations are uncertain about the effectiveness of their cybersecurity investments, despite increasing budgets and rampant cyber incidents, according to Optiv’s 2024 Threat and Risk Management Report.

The post Security Budgets Grow, but Inefficiencies Persist appeared first on Security Boulevard.

The document emphasizes the importance of legally qualifying actors in the processing of personal data, particularly in the context of public affairs professionals. It mentions that data processing by public affairs professionals can be justified based on legitimate interest. The need for comprehensive information to be provided to data subjects in accordance with the GDPR […]

La entrada GUÍA PRÁCTICA DEL GDPR se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team.

La entrada Guia de Resposta a Incidentes de Segurança para LGPD se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team.

La entrada FIREWALL Audit CHECKLIST se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

South Korean telecommunications giant KT is under investigation for allegedly hacking the systems of customers who used torrent services such as web hard drives (Webhard), a popular file-sharing service in the country. The scandal, which has been ongoing for nearly five months, has affected an estimated 600,000 customers, with the police investigation revealing that KT may have operated a dedicated malware team.

Malware Infiltrated Systems of Torrenting Subscribers

The incident came to light in May 2020 when numerous web hard drives suddenly stopped working. Users flooded company forums with complaints about unexplained errors. An investigation revealed that malware had infiltrated the "Grid Program," software that enables direct data exchange between users. [caption id="attachment_79121" align="alignnone" width="2800"] Source: mnews.jtbc.co.kr[/caption] The malware, which was designed to interfere with BitTorrent traffic, was allegedly used to monitor and control the internet activities of KT subscribers. The police believe that the motive behind this hacking was to reduce network-related costs, as torrent transfers can be costly for internet service providers. KT, however, claims that it was merely trying to manage traffic on its network to ensure a smooth user experience. KT instead stated that the Webhard services were malicious, however after the the Gyeonggi Southern District Office conducted raids on KT facilities, they believe the ISP may have violated communications and network laws. A police follow-up investigation stated that KT operated a dedicated team responsible for developing, distributing, and operating the malware program. The hacking was traced to  KT's Bundang IDC Center, one of its data centers. Over five months, an estimated 20,000 PCs were infected daily. The malware reportedly created strange folders, made files invisible, and disabled web hard programs.

Legal and Ethical Implications

KT and Webhard companies have a history of conflict, including lawsuits. While a previous court ruled in KT's favor regarding traffic blocking of grid services, the current situation differs significantly. KT was alleged to have planted malicious code on individual users' PCs without consent or explanation. South Korean legal experts question KT's methods, suggesting the company could have pursued formal procedures through its legal team instead of resorting to hacking. The incident raises serious concerns about privacy, corporate responsibility, and the extent to which internet service providers can control network traffic. The scandal has also raised concerns about the security of KT's customers' data, with many wondering what other sensitive information may have been compromised. The company's CEO has since resigned, and the company's reputation has taken a significant hit. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A widespread supply chain attack has hit more than 100,000 websites, including notable platforms like JSTOR, Intuit, and the World Economic Forum. The attack stems from a fake domain impersonating the popular open-source library Polyfill.js, which supports older browsers. In February, the Chinese company Funnull had acquired the domain and GitHub account associated with the project, leading to the injection of malware into sites that embed cdn.polyfill.io. The malicious code is designed to redirect mobile users to sports betting sites or pornographic sites using a fake Google Analytics domain.

Malicious Polyfill Injection and Its Impact

Researchers stated that the injected malware is dynamically generated based on HTTP headers, making it difficult to detect. The Polyfill injection attack is a classic example of a supply chain attack against a widely used library. [caption id="attachment_79097" align="alignnone" width="2454"] At least 104183 websites might be affected. (Source: publicwww.com)[/caption] The compromised Polyfill code dynamically generates malware based on HTTP headers, potentially utilizing multiple attack vectors. Researchers from Sansec decoded one variant that redirects mobile users to a sports betting site using a fake Google Analytics domain. The malware employs sophisticated techniques and defenses against reverse engineering to evade detection, including:

•  Activating only on specific mobile devices at certain hours
•  Avoiding execution when an admin user is detected
•  Delaying activation when web analytics services are present

The attack's scope is significant, with Google already blocking Google Ads for e-commerce sites using polyfill.io. Researchers later reported that their infrastructure had been subjected to DDoS attacks after reporting on the campaign.

Mitigation and Recommendations

Andrew Betts, the original Polyfill author, took to X to advise against the usage of Polyfill altogether, stating that modern browsers no longer require it. He added that he had no influence over the sale of the project and was never in possession of the new domain, and cautioned that websites that serve third-party scripts are a huge security concern. [caption id="attachment_79101" align="alignnone" width="623"] Source: X.com(@triblondon)[/caption] [caption id="attachment_79102" align="alignnone" width="634"] Source: X.com(@triblondon)[/caption] Experts have set up a domain (polykill.io) to warn against the compromise of the project and have recommend the following steps for website owners:

• Immediately and remove usage of cdn.polyfill.io from websites and projects.
• Replace with a secure alternative such as those being offered by Fastly and CloudFlare. Fastly has saved and hosted an earlier version(https://polyfill-fastly.io/) of the project's codebase before its sale to Funnull.

The website cautioned of the risks associated with the takeover of the project:

"There are many risks associated with allowing an unknown foreign entity to manage and serve JavaScript within your web application. They can quietly observe user traffic, and if malicious intent were taken, they can potentially steal usernames, passwords and credit card information directly as users enter the information in the web browser."

CloudFlare had also published its findings and recommendations in response to concerns over the compromise of domains. The company stated in a blog article:

The concerns are that any website embedding a link to the original polyfill.io domain, will now be relying on Funnull to maintain and secure the underlying project to avoid the risk of a supply chain attack. Such an attack would occur if the underlying third party is compromised or alters the code being served to end users in nefarious ways, causing, by consequence, all websites using the tool to be compromised."

This incident serves as a stark reminder of the security implications of relying on external code libraries/third-party scripts and the importance of vigilance in maintaining website integrity, plus the potential malicious takeover of massively deployed projects. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

IT security teams are tasked with protecting an increasingly mobile work environment—managing a myriad of devices efficiently and securely. Addressing this need, NinjaOne has launched its new Mobile Device Management (MDM) capabilities, marking a significant milestone in their mission to […]

The post How NinjaOne’s New MDM Capabilities Transform IT Management appeared first on TechSpective.

The post How NinjaOne’s New MDM Capabilities Transform IT Management appeared first on Security Boulevard.

Threat actors can cover up their espionage activity by deploying ransomware or simply get some financial gain in the process.

The post Chinese APT Groups Use Ransomware to Hide Spying Activities appeared first on Security Boulevard.

Google has announced new Chrome Enterprise Core features that should be very useful to IT and security teams.

The post Google Unveils New Chrome Enterprise Core Features for IT, Security Teams appeared first on SecurityWeek.

It’s easy to confuse CSPM and SSPM (Cloud Security Posture Management and SaaS Security Posture Management). They both secure assets on the cloud, automatically identify misconfigurations, and detect identity-based threats. The difference between the two lies in the areas that they protect. SSPMs secure SaaS applications, while CSPMs secure cloud services, such as AWS or […]

The post A WIN for Cloud Security with Adaptive Shield and Wiz appeared first on Adaptive Shield.

The post A WIN for Cloud Security with Adaptive Shield and Wiz appeared first on Security Boulevard.

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.

The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.

The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.

More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.

The post Polyfill Supply Chain Attack Hits Over 100k Websites  appeared first on SecurityWeek.

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.

The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices.

The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.

Snowflakes has become the latest corporate victim in a cyberattack but how it is playing out is a little different than many breaches.

The post Snowflake Breach appeared first on Security Boulevard.

Neiman Marcus has issued a notification to its customers regarding a massive data breach that occurred in May 2024, potentially exposing sensitive personal information. The Neiman Marcus data breach, affecting approximately 64,472 customers, involved unauthorized access to a cloud database platform used by the luxury retailer, which is operated by Snowflake, a third-party provider. In a conversation with The Cyber Express, a Neiman Marcus spokesperson confirmed the breach, stating, "Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake." Prompt action was taken, with the spokesperson adding, "Promptly after discovering the incident, NMG took steps to contain it, including by disabling access to the platform."

Neiman Marcus Data Breach Confirmed

The Neiman Marcus data breach compromised a range of personal data, including customer names, contact details, dates of birth, and Neiman Marcus gift card numbers. "Based on our investigation, the unauthorized party obtained certain personal information stored in the platform," the spokesperson continued, clarifying that "The types of personal information affected varied by individual, and included information such as name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (but without gift card PINs)." Neiman Marcus has acted swiftly, launching an investigation with leading cybersecurity experts and notifying law enforcement authorities. In compliance with regulatory requirements, the company has begun notifying affected customers, including reaching out to the Maine Attorney General's office. The retailer has advised customers to monitor their financial statements for any suspicious activity and has provided resources for individuals concerned about identity theft.

Mitigation Against the Neiman Marcus Data Leak

"We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities," the spokesperson emphasized. Customers are encouraged to request free credit reports, report any suspected fraud to law enforcement and the Federal Trade Commission, and consider placing a security freeze on their credit files as precautionary measures. Neiman Marcus Group, Inc., based in Dallas, Texas, is a popular luxury retailer that oversees brands such as Neiman Marcus, Bergdorf Goodman, Horchow, and Last Call. Since September 2021, it has been under the ownership of a consortium of investment firms led by Davidson Kempner Capital Management, Sixth Street Partners, and Pacific Investment Management. Following this Neiman Marcus data leak, the firm has established a dedicated toll-free hotline (1-885-889-2743) for affected customers seeking further information or assistance related to the data breach incident. 

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team.

La entrada Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Let’s explore some of the details behind this escalating threat to SaaS applications, what may be driving it, and what you can do to better protect your SaaS footprint from these types of threats.

The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on RevealSecurity.

The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on Security Boulevard.

Year after year, the cyber talent gap is increasing — currently estimated to have 3,5 million open positions worldwide — presenting all sorts of headaches for leaders and the organizations they aim to protect. Moreover, organizations have a short window to identify, foster and hopefully retain a pipeline of emerging cybersecurity leaders to ensure the […]

La entrada Recommended Skills for a Cyber Security Career se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..

The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.

Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The analysts with Google’s Project Zero – a group founded a decade ago whose job it is to find zero-day vulnerabilities – have been..

The post Google’s Project Naptime Aims for AI-Based Vulnerability Research appeared first on Security Boulevard.

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.

The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

Effective April 30, 2024 Airbnb, the global vacation rental giant, announced a significant policy change: the prohibition of all indoor security cameras in its listings worldwide. This decision, aims to bolster the privacy of guests and address longstanding concerns about hidden cameras. While the majority of Airbnb’s over 7 million listings did not report having […]

The post Airbnb’s Ban on Indoor Security Cameras: What It Means for Your Personal Cybersecurity appeared first on BlackCloak | Protect Your Digital Life™.

The post Airbnb’s Ban on Indoor Security Cameras: What It Means for Your Personal Cybersecurity appeared first on Security Boulevard.

Stefan Dumitrascu Brings Expertise to AMTSO Board We are delighted to announce that our Chief Technology Officer, Stefan Dumitrascu, has been elected as a Board Member of the Anti-Malware Testing Standards Organisation (AMTSO). What is AMTSO? AMTSO is an international non-profit association dedicated to improving the objectivity, quality, and relevance of anti-malware testing methodologies worldwide. […]

The post Our CTO joins AMTSO Board appeared first on SE Labs Blog.

The post Our CTO joins AMTSO Board appeared first on Security Boulevard.

Designing software from the ground up to be secure, as recommended by the Secure by Design initiative from the Cybersecurity and Infrastructure Security Agency (CISA), has its challenges, especially if it's done at scale. .

The post How platform engineering helps you get a good start on Secure by Design appeared first on Security Boulevard.

Five WordPress plugins were injected with malicious code that creates a new administrative account.

The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek.