Trending Articles

article thumbnail

Perfectl Malware

Schneier on Security

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 226
article thumbnail

Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

Tech Republic Security

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286
article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Misinformation, Online Scams Surging Following Historic Hurricanes

Lohrman on Security

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 256
article thumbnail

Weekly Update 421

Troy Hunt

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any att

More Trending

article thumbnail

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

WIRED Threat Level

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

article thumbnail

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The Hacker News

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

Malware 118
article thumbnail

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

article thumbnail

The Internet Archive Breach: Over 31 Million User Accounts Exposed

Tech Republic Security

The Internet Archive, a non-profit digital library best known for its Wayback Machine, has disclosed a major data breach affecting over 31 million users.

Internet 175
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio

Security Boulevard

Fortinet has made generally available a version of the CNAPP it gained that is now integrated with the Fortinet Security Fabric, an orchestration framework the company developed to centralize the management of its cybersecurity portfolio. The post Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio appeared first on Security Boulevard.

article thumbnail

More on My AI and Democracy Book

Schneier on Security

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship The Thinking State: How AI Can Improve Democracy Better Run: How AI Can Make our Politics, Government, Citizenship More Efficient, Effective and Fair AI a

article thumbnail

Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems

The Hacker News

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.

Software 127
article thumbnail

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Trend Micro

Trend Micro's Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Fidelity Data Breach Exposes Data of Over 77,000 Customers

Tech Republic Security

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

article thumbnail

IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals

Security Boulevard

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential. The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

Phishing 126
article thumbnail

IronNet Has Shut Down

Schneier on Security

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.

article thumbnail

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

The Hacker News

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S.

Hacking 117
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Gmail Scam Alert: Hackers Spoof Google to Steal Credentials

Penetration Testing

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for... The post Gmail Scam Alert: Hackers Spoof Google to Steal Credentials appeared first on Cybersecurity News.

Scams 113
article thumbnail

Generative AI in Security: Risks and Mitigation Strategies

Tech Republic Security

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 138
article thumbnail

Generative AI Fueling More Sophisticated Cyberattacks: Survey

Security Boulevard

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training. The post Generative AI Fueling More Sophisticated Cyberattacks: Survey appeared first on Security Boulevard.

article thumbnail

Indian Fishermen Are Catching Less Squid

Schneier on Security

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy.

223
223
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Hacker News

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.

132
132
article thumbnail

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Trend Micro

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Malware 122
article thumbnail

99% of UK Businesses Faced Cyber Attacks in the Last Year

Tech Republic Security

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

article thumbnail

Fidelity Investments suffered a second data breach this year

Security Affairs

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024. “Between August 17 and August 19, a third party accessed and obtained certain information

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Cheating at Conkers

Schneier on Security

The men’s world conkers champion is accused of cheating with a steel chestnut.

160
160
article thumbnail

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

The Hacker News

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.

119
119
article thumbnail

(In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost

Security Boulevard

FMR FAIL: Huge investment firm won’t say how it was hacked. The post (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost appeared first on Security Boulevard.

article thumbnail

Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem

Tech Republic Security

Patch Tuesday brings patches for hundreds of vulnerabilities. Plus, Apple makes sure Sequoia plays nice with third-party security tools.

Internet 165
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?