Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 220

Malware Cryptocurrency Internet Internet 220

Lohrman on Security

OCTOBER 13, 2024

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 206

Scams 206

The Last Watchdog

OCTOBER 10, 2024

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 285

Risk Cybercrime Identity Theft Phishing 285

Schneier on Security

OCTOBER 8, 2024

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This

Hacking 297

Hacking Government 297

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

OCTOBER 13, 2024

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any att

Artificial Intelligence 176

Artificial Intelligence Data breaches DDOS Internet 176

Krebs on Security

OCTOBER 8, 2024

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools.

Engineering 202

Engineering Internet Internet System Administration 202

Schneier on Security

OCTOBER 10, 2024

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Artificial Intelligence 281

Artificial Intelligence Data privacy Internet Internet 281

Security Boulevard

OCTOBER 14, 2024

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential. The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

Phishing 122

Phishing Cybersecurity 122

The Hacker News

OCTOBER 14, 2024

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.

Software 118

Software Risk Cybersecurity 118

Penetration Testing

OCTOBER 9, 2024

The Japan Aerospace Exploration Agency (JAXA) has become the target of a series of sophisticated cyberattacks, resulting in the hijacking of accounts belonging to high-ranking officials, including President Hiroshi Yamakawa... The post JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data appeared first on Cybersecurity News.

Accountability 145

Accountability Cybersecurity 145

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Tech Republic Security

OCTOBER 11, 2024

The Internet Archive, a non-profit digital library best known for its Wayback Machine, has disclosed a major data breach affecting over 31 million users.

Internet 161

Internet Internet Accountability Data breaches 161

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

Authentication 132

Authentication Retail Healthcare Manufacturing 132

The Hacker News

OCTOBER 13, 2024

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.

126

126

Security Boulevard

OCTOBER 11, 2024

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training. The post Generative AI Fueling More Sophisticated Cyberattacks: Survey appeared first on Security Boulevard.

Encryption 127

Encryption Data privacy Security Awareness Risk 127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 10, 2024

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

Data breaches 174

Data breaches Accountability Financial Services Big data 174

Schneier on Security

OCTOBER 11, 2024

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship The Thinking State: How AI Can Improve Democracy Better Run: How AI Can Make our Politics, Government, Citizenship More Efficient, Effective and Fair AI a

Government 222

Government Hacking Artificial Intelligence 222

Thales Cloud Protection & Licensing

OCTOBER 9, 2024

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in creating a safer digital landscape, aligning perfectly with the mission to secure our world.

Phishing 132

Phishing Authentication Passwords Identity Theft 132

The Hacker News

OCTOBER 9, 2024

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.

137

137

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 12, 2024

U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. and U.K. cyber agencies warned.

Data collection 111

Data collection Authentication Government Hacking 111

Tech Republic Security

OCTOBER 10, 2024

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

Cybersecurity 137

Cybersecurity 137

Schneier on Security

OCTOBER 11, 2024

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.

Technology 221

Technology Cybersecurity 221

Security Boulevard

OCTOBER 11, 2024

FMR FAIL: Huge investment firm won’t say how it was hacked. The post (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost appeared first on Security Boulevard.

Data breaches 125

Data breaches Hacking Banking Data privacy 125

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

OCTOBER 14, 2024

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.

Ransomware 103

Ransomware VPN Backups Accountability 103

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Malware 115

Malware Social Engineering Engineering Hacking 115

Tech Republic Security

OCTOBER 10, 2024

Patch Tuesday brings patches for hundreds of vulnerabilities. Plus, Apple makes sure Sequoia plays nice with third-party security tools.

Internet 156

Internet Internet Software 156

Schneier on Security

OCTOBER 9, 2024

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article.

205

205

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

OCTOBER 10, 2024

Qualys this week added a risk operations center (ROC) to its portfolio to make it simpler to identify potential threats to the business and centrally manage remediation efforts. The post Qualys Unfurls Risk Operations Center Platform appeared first on Security Boulevard.

Risk 118

Risk Security Awareness Cybersecurity 118

The Hacker News

OCTOBER 11, 2024

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S.

Marketing 115

Marketing Cryptocurrency 115

WIRED Threat Level

OCTOBER 9, 2024

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Internet 124

Internet Internet Hacking 124

Tech Republic Security

OCTOBER 11, 2024

Investigation of the use-after-free flaw is ongoing, but organizations and individual users can update Firefox now for a fix.

Cybersecurity 137

Cybersecurity 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity