Trending Articles

article thumbnail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

article thumbnail

Short-Lived Certificates Coming to Let’s Encrypt

Schneier on Security

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 430

Troy Hunt

I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowing and there's not a supercar in sight. Back on business, this week I'm talking about the challenge of loading breaches and managing costs. A breach load immediately takes us from a very high percentage cache hit ratio on Cloudflare to zero.

article thumbnail

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Penetration Testing

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 120
article thumbnail

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Hacking 149

More Trending

article thumbnail

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi.

Spyware 104
article thumbnail

LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Part four of our four-part series From cybersecurity skills shortages to the pressures of hybrid work, the challenges facing organizations are at an all-time high. Experts here explore the importance of fostering a resilient workforce, backed by AI-enhanced training and layered security strategies.

Risk 130
article thumbnail

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

The Hacker News

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.

Malware 134
article thumbnail

The Top 25 Security Predictions for 2025 (Part 1)

Lohrman on Security

As we end the first quarter of the 21st century, cybersecurity threats seem more daunting than ever. So what cyber trends, forecasts, themes, insights and predictions are on offer for the new year? Heres your annual security industry prediction roundup for 2025.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Advances in the Understanding of Prime Numbers

Schneier on Security

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.

193
193
article thumbnail

How Data Classification Reduces Insider Threats 

Security Boulevard

Companies can significantly reduce insider threat risks with a suitable data classification strategy that adequately manages and protects sensitive information. The post How Data Classification Reduces Insider Threats appeared first on Security Boulevard.

Risk 107
article thumbnail

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

Today, part three of Last Watchdog s year-end roundtable zeroes in on the regulatory and compliance landscape. Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. From the push for quantum-resilient cryptography to Software Bill of Material (SBOM ) requirements aimed at bolstering supply chain security, this installment examines the regulatory

article thumbnail

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

The Hacker News

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv.

124
124
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Blackhat and BSides to Wind Down the Year

Javvad Malik

The days are shorter, the heating is turned on more frequently, and the final big conference week of the year for me ends with Blackhat Europe and BSides London. Blackhat was held at the ExCeL and featured all the usual suspects. I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing.

article thumbnail

Mailbox Insecurity

Schneier on Security

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.

176
176
article thumbnail

Intel Officials Warned Police That US Cities Aren’t Ready for Hostile Drones

WIRED Threat Level

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

119
119
article thumbnail

Ransomware to Cause ‘Bumpy’ Security Ride in 2025

Tech Republic Security

Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

The Hacker News

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.

article thumbnail

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated attacker to read sensitive files.” reads the advisory published by the vendor.

article thumbnail

Upcoming Speaking Events

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom.

article thumbnail

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets

WIRED Threat Level

Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Unwrapping Cybersecurity: A Festive “Die Hard” Guide

Javvad Malik

It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than Bruce Willis can say, Yippee ki yay. In the festive spirit of Die Hard,” lets see how we can make our holidays less like Nakatomi Plaza and a bit more secure. Jingle Bells, Phishing Smells, Educate All the Way Phishing does not take a holiday.

article thumbnail

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

The Hacker News

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

article thumbnail

Shielding Your Storefront: How SASE Protects Retailers in a Digital Age

Security Boulevard

SASE offers a comprehensive and scalable security solution that protects your data, safeguards your customers and empowers you to thrive in the digital age. The post Shielding Your Storefront: How SASE Protects Retailers in a Digital Age appeared first on Security Boulevard.

Retail 105
article thumbnail

The open-source tools that could disrupt the entire IT incident management market

Zero Day

Open-source tools like Grafana Labs and AI-driven AIOps are shaking up incident management, challenging PagerDuty and streamlining IT problem-solving and code fixes. Here's why it matters.

Marketing 102
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

5 million payment card details stolen in painful reminder to monitor Christmas spending

Malwarebytes

Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more.

article thumbnail

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

WIRED Threat Level

A free VPN app called Big Mama is selling access to peoples home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

VPN 92
article thumbnail

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

The Hacker News

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.

Malware 120
article thumbnail

Technical Analysis of RiseLoader

Security Boulevard

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePros communication protocol, we named this new malware family RiseLoader.

Malware 87
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.