Krebs on Security
NOVEMBER 19, 2024
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
Schneier on Security
NOVEMBER 19, 2024
Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 14, 2024
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
Troy Hunt
NOVEMBER 13, 2024
Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches. 11 years and 14 billion breached records later, I'm still surp
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
NOVEMBER 19, 2024
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
WIRED Threat Level
NOVEMBER 19, 2024
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
NOVEMBER 15, 2024
Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.
Zero Day
NOVEMBER 20, 2024
William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.
The Hacker News
NOVEMBER 18, 2024
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets.
NetSpi Technical
NOVEMBER 14, 2024
Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
NOVEMBER 17, 2024
In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of.safepay as the... The post SafePay Ransomware: A New Threat with Sophisticated Techniques appeared first on Cybersecurity News.
Tech Republic Security
NOVEMBER 14, 2024
Security researchers from AppOmni have uncovered millions of business records that are accessible to anyone through low-code website builder Microsoft Power Pages.
The Hacker News
NOVEMBER 18, 2024
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts.
Security Affairs
NOVEMBER 18, 2024
GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
NOVEMBER 18, 2024
A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.
Schneier on Security
NOVEMBER 13, 2024
DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.
Tech Republic Security
NOVEMBER 15, 2024
ANZ government CIOs face budget constraints while prioritizing AI, cybersecurity, and data analytics for productivity gains and digital transformation in 2025.
The Hacker News
NOVEMBER 17, 2024
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Google Security
NOVEMBER 15, 2024
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities , which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.
Zero Day
NOVEMBER 20, 2024
Your boss has read about the power of generative AI and wants you to stop dithering about potential risks and start delivering results.
Schneier on Security
NOVEMBER 18, 2024
Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo
Security Affairs
NOVEMBER 19, 2024
Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
NOVEMBER 17, 2024
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.
Penetration Testing
NOVEMBER 17, 2024
The PostgreSQL Global Development Group has issued an important update addressing four security vulnerabilities across all supported versions of the popular open-source database system. This includes versions 17.1, 16.5, 15.9,... The post PostgreSQL Releases Security Update Addressing Multiple Vulnerabilities appeared first on Cybersecurity News.
Security Boulevard
NOVEMBER 15, 2024
A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 when less than half of the top vulnerabilities were zero-day exploits. The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.
NSTIC
NOVEMBER 13, 2024
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
NOVEMBER 18, 2024
A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024.
The Hacker News
NOVEMBER 18, 2024
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.
Penetration Testing
NOVEMBER 15, 2024
Icinga releases urgent security updates to address a critical TLS certificate validation bypass vulnerability affecting all versions since 2.4.0. A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.
Security Boulevard
NOVEMBER 20, 2024
The software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
222 
Let's personalize your content