Senator Ron Wyden wants the FTC and SEC to investigate the ransomware attack on UnitedHealth's Change subsidiary to see if there was criminal negligence by the CEO or board.

The post Senator Calls for FTC, SEC Probe Into UnitedHealth’s ‘Negligence’ in Breach appeared first on Security Boulevard.

In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.

The post A Major Industrial Cybersecurity Threat: Living off the Land Attacks appeared first on Security Boulevard.

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.

Altman spent part of his virtual appearance fending off thorny questions about governance, an AI voice controversy and criticism from ousted board members.

The post OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit appeared first on SecurityWeek.

What we know so far: A Ticketmaster AWS instance was penetrated by unknown perpetrators; “ShinyHunters” is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom.

The post Ticketmaster Hack Ticks Off 560M Customers in 1.3TB Breach appeared first on Security Boulevard.

The group behind the RedTail malware is exploiting a new vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining campaign that is likely backed by North Korea.

The post RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign appeared first on Security Boulevard.

We are in an age when cybercriminals routinely steal credentials, and with so few organizations limiting privileges cloud security issues are rife.

The post Analysis Uncovers Raft of Identity Issues in the Cloud appeared first on Security Boulevard.

The US announced that the 911 S5 (Cloud Router) botnet, likely the world’s largest, has been dismantled and its administrator arrested.

The post Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested appeared first on SecurityWeek.

The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.

The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.

Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer.

The post Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution appeared first on Security Boulevard.

The funding cutbacks announced in February have continued to hobble NIST’s ability to keep the government’s National Vulnerabilities Database (NVD) up to date, with one cybersecurity company finding that more than 93% of the flaws added have not been analyzed or enhanced, a problem that will make organizations less safe. “With the recent slowdown of..

The post NIST Struggles with NVD Backlog as 93% of Flaws Remain Unanalyzed appeared first on Security Boulevard.

Ticket to Hide: A threat group hacked 1.3 terabytes of Ticketmaster customer data, including payment information. It’s threatening to release the personal data unless a ransom is paid.

The post Ticketmaster Hacked, Personal Data of 560 Million Customers Leaked, ShinyHunters Claim appeared first on Security Boulevard.

People who fall for the scheme are told to pay the shipping fee before the piano is sent. If they do, that's the last they hear from the bad actors.

The post Scammers Build Fraud Campaigns Around Free Piano Offers appeared first on Security Boulevard.

A hacker group claims to have stolen sensitive data from at least 500,000 Christie's customers. Now they are threatening to publish it.

The post Christie’s Auction House Hacked, Sensitive Data from 500,000 Customers Stolen appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Steve Winterfeld Security experts have many fun arguments about our field. For example, while I believe War Games is the best hacker movie, opinions vary based on age and generation. Other never-ending debates include what the best hack is, the best operating system (though this is more of a religious debate), […]

La entrada Using Scary but Fun Stories to Aid Cybersecurity Training – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Sonatype has discovered 'pytoileur', a malicious PyPI package hiding code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft. Our discovery of the malware led us to probe into similar packages that are part of a wider, months-long "Cool package" campaign.

The post PyPI crypto-stealer targets Windows users, revives malware campaign appeared first on Security Boulevard.

Netflix has paid out more than $1 million for vulnerabilities found in its products since the launch of its bug bounty program in 2016.

The post Netflix Paid Out Over $1 Million via Bug Bounty Program appeared first on SecurityWeek.

Need to get your audience’s attention so they listen to your cybersecurity lessons? Share these true stories to engage their attention and, perhaps, make them laugh.

The post Using Scary but Fun Stories to Aid Cybersecurity Training appeared first on Security Boulevard.

OpenAI has a new Safety and Security Committee in place fewer than two weeks after disbanding its “superalignment” team, a year-old unit that was tasked with focusing on the long-term effects of AI.

The post OpenAI Launches Security Committee Amid Ongoing Criticism appeared first on Security Boulevard.

Scammers impersonating Microsoft, Publishers Clearing House, Amazon and Apple are at the top of the FTC’s “who’s who” list. Based on consumer reports and complaints to the agency, hundreds of millions of dollars were stolen by bad actors pretending to be brands.

The post ‘Microsoft’ Scammers Steal the Most, the FTC Says appeared first on Security Boulevard.

Cyber attack tactics are evolving, according to a new report, from advanced campaigns to exploiting weaknesses, and cybersecurity teams should be optimally employed.

The post HP Report Surfaces Shifts in Cyber Attack Tactics appeared first on Security Boulevard.

OpenAI is setting up a new safety and security committee and has begun training a new artificial intelligence model to supplant the GPT-4 system that underpins its ChatGPT chatbot.

The post OpenAI Forms Safety Committee as It Starts Training Latest Artificial Intelligence Model appeared first on SecurityWeek.

Auction house Christie’s has confirmed suffering a data breach following a ransomware attack launched earlier this month.

The post Christie’s Confirms Data Breach After Ransomware Group Claims Attack appeared first on SecurityWeek.

Views: 0Source: www.securityweek.com – Author: Ionut Arghire Google on Thursday rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser, the fourth zero-day to be patched in two weeks. Tracked as CVE-2024-5274, the high-severity flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine. “Google […]

La entrada Google Patches Fourth Chrome Zero-Day in Two Weeks – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Threat actors compromised a popular audio-visual software package used in courtrooms, prisons, government, and lecture rooms around the world by injecting a loader malware that gives the hackers remote access to infected systems, collecting data about the host computer and downloading more malicious payloads along the way. The software supply chain attack targeted Justice AV..

The post Courtroom Recording Software Compromised in Supply Chain Attack appeared first on Security Boulevard.

The ransomware resizes system partitions to create a new boot partition, ensuring the encrypted files are loaded during system startup, which locks out the user.

The post ShrinkLocker Ransomware Leverages BitLocker for File Encryption appeared first on Security Boulevard.

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk.

The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Human error is responsible for most cybersecurity risks, with nearly three-quarters (74%) of chief information security officers (CISOs) identifying it as their most significant vulnerability. In response, 87% of CISOs are adopting AI-powered technology to protect against human error and to block advanced human-centric cyber threats. These were among […]

La entrada CISO Cite Human Error as Top IT Security Risk – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

It’s the wetware. It’s always the wetware.

But that’s not the only takeaway from this year’s Voice of the CISO report.

The post CISO Cite Human Error as Top IT Security Risk appeared first on Security Boulevard.

Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.

The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek.

“All tested LLMs remain highly vulnerable to basic jailbreaks, and some will provide harmful outputs even without dedicated attempts to circumvent their safeguards,” the report noted.

The post Leading LLMs Insecure, Highly Vulnerable to Basic Jailbreaks appeared first on Security Boulevard.

Privacy FAIL: Apple location service returns far more data than it should, to people who have no business knowing it, without your permission.

The post Apple API Allows Wi-Fi AP Location Tracking appeared first on Security Boulevard.

The vulnerability affects all GHES versions prior to 3.13.0 and achieves the highest possible CVSS score of 10. Instances with SAML SSO authentication are at risk.

The post GitHub Issues Patch for Critical Exploit in Enterprise Server appeared first on Security Boulevard.

88% of participants in the Immersive “Prompt Injection Challenge” successfully tricked a GenAI bot into divulging sensitive information.

The post Prompt Injection Threats Highlight GenAI Risks appeared first on Security Boulevard.

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost.

The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.

According to a global Arctic Wolf survey of over 1,000 senior IT and cybersecurity decision-makers, seven in 10 organizations were targeted by BEC attacks in the past year.

The post Ransomware, BEC, GenAI Raise Security Challenges appeared first on Security Boulevard.

The custom policy wizard helps prevent data leaks in GenAI tools by using CDP, requires no coding, and offers adaptive, intuitive policies.

“The real threat is in unstructured data, the kind of problem that requires data scientists and developers to solve.”

The post Lasso Security Data Protection Tool Aimed at GenAI Applications appeared first on Security Boulevard.

As chatbots become more adventurous, the dangers will increase.

The post Beware – Your Customer Chatbot is Almost Certainly Insecure: Report appeared first on SecurityWeek.

Reverse-engineering tools, rising jailbreaking activities, and the surging use of AI and ML to enhance malware development were among the worrying trends in a recent report.

AI and ML are making life easier for developers. They’re also making life easier for threat actors.

The post Hackers Leverage AI as Application Security Threats Mount appeared first on Security Boulevard.

Malicious actors are using AI to perpetrate phishing scams centered around website impersonation, a threat few businesses are prepared to combat.

The post Digital Impersonation Fraud: a Growing Challenge for Brands appeared first on Security Boulevard.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.

The post Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft appeared first on SecurityWeek.

It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.

The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It's opt-in by default.

The post User Outcry as Slack Scrapes Customer Data for AI Model Training appeared first on SecurityWeek.

Overall ransomware frequency grew by 64% in 2023, with increases in both direct and indirect ransomware. Victims paid $282,000 in ransom on average, a 77% drop in price, and half the companies avoided paying a ransom completely.

The post Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million appeared first on Security Boulevard.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.

Hackers can find templates for DocuSign and other companies for their phishing campaigns on dark web marketplaces for as little as $10.

The post Hackers Use Fake DocuSign Templates to Scam Organizations appeared first on Security Boulevard.

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.