30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.

The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.

The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.

The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices.

The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..

The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.

Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The analysts with Google’s Project Zero – a group founded a decade ago whose job it is to find zero-day vulnerabilities – have been..

The post Google’s Project Naptime Aims for AI-Based Vulnerability Research appeared first on Security Boulevard.

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.

The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting files to espionage and ransomware. Rafel RAT is an open-source remote administration tool that is spread through phishing campaigns aimed at convincing targets..

The post Rafel RAT Used in 120 Campaigns Targeting Android Device Users appeared first on Security Boulevard.

Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers. In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of..

The post U.S. Bans Sale of Kaspersky Cybersecurity Software appeared first on Security Boulevard.

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again).

The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.

Modern chief information security officers (CISOs) are navigating tough circumstances due to complex challenges and heightened regulatory pressures.

The post It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever. appeared first on Security Boulevard.

An analysis of ransomware attacks claimed to have been perpetrated by cybercriminal syndicates that was published today by NCC Group, a provider of managed security services, finds LockBit 3.0 has reemerged to claim the top spot amongst the most prominent threat actors. Previously dormant following the groups’ takedown by law enforcement officials earlier this year,..

The post Report Details Reemergence of Lockbit 3.0 Ransomware Syndicate appeared first on Security Boulevard.

Facebook and Instagram users are increasingly turning to small claims courts to regain access to their accounts or seek damages from Meta, amid frustrations with the company's customer support. In several cases across multiple states, Engadget reports, plaintiffs have successfully restored account access or won financial compensation. Meta often responds by contacting litigants before court dates, attempting to resolve issues out of court. The trend, popularized on social media forums, highlights ongoing customer service issues at the tech giant. Some users report significant financial losses due to inaccessible business-related accounts. While small claims court offers a more accessible legal avenue, Meta typically deploys legal resources to respond to these claims.

Read more of this story at Slashdot.

Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.

The post EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped appeared first on Security Boulevard.

Cato Networks today launched a framework for IT services partners that promises to make it simple to integrate its secure access service edge (SASE) service with third-party services.

The post Cato Networks Launches SASE Platform for Partners appeared first on Security Boulevard.

CHOROLOGY.ai today emerged from stealth to apply generative artificial intelligence (AI) to data governance.

The post CHOROLOGY Emerges to Apply Generative AI to Data Governance appeared first on Security Boulevard.

While many businesses invest heavily in frontline defense tools to keep out bad actors, they spend far less time and money preparing for what happens when the criminals eventually get in.

The post Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack appeared first on Security Boulevard.

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour.

The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.

The constant vigilance required to protect against evolving threats, and the sheer volume of routine tasks that demand attention contribute significantly to burnout.

The post Cybersecurity Worker Burnout Costing Businesses Big appeared first on Security Boulevard.

The variety of tactics, from fake lotteries to impersonating officials, demonstrates the broad scope of threats targeting the Paris 2024 Olympic Games.

The post Cybercrime Targeting Paris 2024 Olympic Games Gains Steam appeared first on Security Boulevard.

The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology.

The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.

The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure.

The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.

Donald Trump’s presidential campaign is known for aggressively trying to raise money, even sending emails to donors hoping to cash in on setbacks like his conviction late last month on 34 felony counts for illegally influencing the 2016 campaign. Bad actors now are trying to do the same, running donation scams by impersonating the campaign..

The post Cybercriminals Target Trump Supporters with Donation Scams appeared first on Security Boulevard.

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.

The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto.

The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

By centralizing, enriching and correlating identities to events, the suggestion is that security and platform teams can break silos and readily share findings to expedite investigations.

The post Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers appeared first on Security Boulevard.

Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face.

The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.

Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the best.

The post Runtime Enforcement: Software Security After the Supply Chain Ends appeared first on Security Boulevard.

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica. As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups." On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

Read more of this story at Slashdot.

Read 28 remaining paragraphs | Comments

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management.

The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies

The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.

Read 8 remaining paragraphs | Comments

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same..

The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

Companies are achieving revenue growth by addressing the needs of mid-market enterprises, offering tailored solutions that provide high value at a competitive price point.

The post SASE Market Growth Continues, Led by Cisco, Zscaler  appeared first on Security Boulevard.

PTaaS involves outsourcing penetration testing activities to a trusted third-party service provider, saving busy internal teams valuable time and offering an objective outsider’s perspective of their systems.

The post Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit appeared first on Security Boulevard.

Whether it be purely text-based social engineering, or advanced, image-based attacks, one thing's for certain — generative AI is fueling a whole new age of advanced phishing.

The post The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe appeared first on Security Boulevard.

The MGM Resorts breach is just one example demonstrating the crippling financial, legal and operational consequences of ransomware incidents.

The post A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors appeared first on Security Boulevard.

At the RSA Conference last month, Netcraft introduced a generative AI-powered platform designed to interact with cybercriminals to gain insights into the operations of the conversational scams they’re running and disrupt their attacks. At the time, Ryan Woodley, CEO of the London-based company that offers a range of services from phishing detection to brand, domain,..

The post Netcraft Uses Its AI Platform to Trick and Track Online Scammers appeared first on Security Boulevard.

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.

The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

It’s no secret that hospitals and other health care organizations are among the top targets for cybercriminals. The ransomware attacks this year on UnitedHealth Group’s Change Healthcare subsidiary, nonprofit organization Ascension, and most recently the National Health Service in England illustrate not only the damage to these organizations’ infrastructure and the personal health data that’s..

The post Connecticut Has Highest Rate of Health Care Data Breaches: Study appeared first on Security Boulevard.

In the rapidly evolving landscape of software as a service (SaaS), the security of applications has never been more critical.

The post Elevating SaaS App Security in an AI-Driven Era appeared first on Security Boulevard.

The best-case scenario for mitigating cloud security risks is when CSPs and customers are transparent and aligned on their responsibilities from the beginning.

The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.

If your organization hasn’t taken these steps to prevent a ransomware attack, it’s time to act now to protect your company, its data, employees and most importantly, customers.

The post 5 Ways to Thwart Ransomware With an Identity-First Zero Trust Model appeared first on Security Boulevard.

A long-running ransomware campaign that has been targeting Windows and Linux systems since 2019 is the latest example of how closely threat groups track public disclosures of vulnerabilities and proofs-of-concept (PoCs) and how quickly they move in to exploit them. The PHP Group last week disclosed a high-severity flaw – tracked as CVE-2024-4577 and with..

The post Ransomware Group Jumps on PHP Vulnerability appeared first on Security Boulevard.

IT systems – and this year networking equipment in particular – continue to pose the most security risk for organizations, but it is the vulnerable Internet of Things (IoT) devices that are quickly moving up the ladder, according to researchers with Forescout’s Verdere Labs researchers. In this year’s Riskiest Connected Devices report released this week,..

The post Network Equipment, IoT Devices are Big Security Risks: Forescout appeared first on Security Boulevard.