Schneier on Security

NOVEMBER 19, 2024

Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b

Spyware 210

Spyware Marketing Hacking 210

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

Data breaches 222

Data breaches Banking Cybercrime Advertising 222

Schneier on Security

NOVEMBER 14, 2024

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

Cybersecurity 270

Cybersecurity 270

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches. 11 years and 14 billion breached records later, I'm still surp

Data breaches 271

Data breaches Passwords B2B Technology 271

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

NOVEMBER 17, 2024

In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of.safepay as the... The post SafePay Ransomware: A New Threat with Sophisticated Techniques appeared first on Cybersecurity News.

Ransomware 134

Ransomware Cybersecurity Malware 134

The Hacker News

NOVEMBER 18, 2024

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets.

Mobile 127

Mobile 127

Tech Republic Security

NOVEMBER 19, 2024

Security-conscious Mac users may need more protection than their built-in tools provide. Learn about the extra features and functionality offered by the best free antivirus software providers for Mac in 2024.

Antivirus 107

Antivirus Software 107

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel , who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Retail 208

Retail Advertising Cryptocurrency Marketing 208

Penetration Testing

NOVEMBER 18, 2024

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.

Risk 123

Risk Cybersecurity 123

The Hacker News

NOVEMBER 18, 2024

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts.

Phishing 123

Phishing 123

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

NetSpi Technical

NOVEMBER 14, 2024

Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.

Passwords 145

Passwords Risk Data collection Backups 145

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.

Data privacy 128

Data privacy Risk Surveillance Government 128

Tech Republic Security

NOVEMBER 14, 2024

Security researchers from AppOmni have uncovered millions of business records that are accessible to anyone through low-code website builder Microsoft Power Pages.

Data breaches 143

Data breaches Cybersecurity 143

The Hacker News

NOVEMBER 17, 2024

Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.

Spyware 128

Spyware Surveillance 128

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

NOVEMBER 13, 2024

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.

Mobile 248

Mobile Surveillance 248

Google Security

NOVEMBER 15, 2024

Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities , which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.

Risk 136

Risk Software 136

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024.

Ransomware 122

Ransomware Insurance Encryption Healthcare 122

Tech Republic Security

NOVEMBER 15, 2024

ANZ government CIOs face budget constraints while prioritizing AI, cybersecurity, and data analytics for productivity gains and digital transformation in 2025.

Digital transformation 140

Digital transformation Cybersecurity Government Artificial Intelligence 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 17, 2024

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin.

Authentication 127

Authentication 127

Schneier on Security

NOVEMBER 18, 2024

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo

Cybersecurity 195

Cybersecurity 195

Penetration Testing

NOVEMBER 17, 2024

The PostgreSQL Global Development Group has issued an important update addressing four security vulnerabilities across all supported versions of the popular open-source database system. This includes versions 17.1, 16.5, 15.9,... The post PostgreSQL Releases Security Update Addressing Multiple Vulnerabilities appeared first on Cybersecurity News.

Cybersecurity 115

Cybersecurity 115

Security Boulevard

NOVEMBER 15, 2024

A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 when less than half of the top vulnerabilities were zero-day exploits. The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

Cybersecurity 129

Cybersecurity Cyber threats 129

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 19, 2024

Microsoft Ignite 2024 unveils groundbreaking AI, security, and Teams innovations, shaping the future of enterprise tech and digital transformation.

Digital transformation 108

Digital transformation Artificial Intelligence Big data Software 108

The Hacker News

NOVEMBER 18, 2024

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.

114

114

Zero Day

NOVEMBER 19, 2024

OpenAI's GPT-4o model makes it harder to determine who'll find free ChatGPT adequate and when ChatGPT Plus is worth it. We break down your options to help you decide.

111

111

Penetration Testing

NOVEMBER 15, 2024

Icinga releases urgent security updates to address a critical TLS certificate validation bypass vulnerability affecting all versions since 2.4.0. A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.

Cybersecurity 125

Cybersecurity 125

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN 115

VPN Malware Spyware Authentication 115

Tech Republic Security

NOVEMBER 19, 2024

Protect your business from VoIP fraud. Learn how to recognize the most common types and harden your phone system security.

Software 115

Software Network Security 115

The Hacker News

NOVEMBER 19, 2024

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News.

Ransomware 114

Ransomware Cybersecurity 114

WIRED Threat Level

NOVEMBER 19, 2024

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

131

131

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity