Trending Articles

article thumbnail

AIs Discovering Vulnerabilities

Schneier on Security

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better. Here’s some anecdotal data from this summer: Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for valid

Software 278
article thumbnail

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Software Makers Encouraged to Stop Using C/C++ by 2026

Tech Republic Security

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software 202
article thumbnail

CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras

Penetration Testing

In a recent discovery, GreyNoise Labs identified two critical vulnerabilities in popular pan-tilt-zoom (PTZ) cameras, which could allow unauthorized access and remote code execution (RCE) on devices used globally. These... The post CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID.

article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

More Trending

article thumbnail

How to Become a Chief Information Officer: CIO Cheat Sheet

Tech Republic Security

If you want to pursue a path toward becoming a CIO, here's your guide to salaries, job markets, skills and common interview questions.

Marketing 165
article thumbnail

Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data

WIRED Threat Level

A bug that WIRED discovered in True the Vote’s VoteAlert app revealed user information—and an election worker who wrote about carrying out an illegal voter-suppression scheme.

122
122
article thumbnail

CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts

Penetration Testing

Guardio Labs has unveiled a critical security flaw in the Opera browser, dubbed “CrossBarking,” which allows malicious extensions to bypass security protocols and exploit Private APIs. This vulnerability grants attackers... The post CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts appeared first on Cybersecurity News.

article thumbnail

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Booking.com Phishers May Leave You With Reservations

Krebs on Security

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Phishing 211
article thumbnail

How AI Is Changing the Cloud Security and Risk Equation

Tech Republic Security

Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenable’s Liat Hayun on managing data sensitivity, misconfigurations, and over-privileged access.

Risk 120
article thumbnail

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

The Hacker News

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.

Hacking 119
article thumbnail

SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide

Penetration Testing

In a world increasingly dependent on online advertising, cybercriminals have seized an opportunity to exploit Meta’s vast advertising ecosystem. Bitdefender Labs has released an alarming report detailing the “SYS01 Infostealer”... The post SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide appeared first on Cybersecurity News.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.

article thumbnail

How Cybersecurity Training Must Adapt to a New Era of Threats

Security Boulevard

We have entered a new era of cyberthreats, and employees must be equipped to defend the company from more cunning and effective attacks than ever. The post How Cybersecurity Training Must Adapt to a New Era of Threats appeared first on Security Boulevard.

article thumbnail

VMware Explore Barcelona 2024: Tanzu Platform 10 Enters General Availability

Tech Republic Security

About a year after Broadcom’s acquisition of VMware, the company released VMware Tanzu Data Services to make connections to some third-party data engines easier.

article thumbnail

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

FBI Warning: “Remember Me” Cookies Put Your Email at Risk

Penetration Testing

The Federal Bureau of Investigation (FBI) Atlanta Division has issued an urgent warning to the public about a surge in cybercriminals exploiting “Remember-Me” cookies to gain unauthorized access to email... The post FBI Warning: “Remember Me” Cookies Put Your Email at Risk appeared first on Cybersecurity News.

Risk 121
article thumbnail

Sophos Versus the Chinese Hackers

Schneier on Security

Really interesting story of Sophos’s five-year war against Chinese hackers.

Hacking 224
article thumbnail

Three ‘Must Solve” Challenges Hindering Cloud-Native Detection and Response

Security Boulevard

As security teams level up to support the cloud-native transition, three major issues keep impeding detection and response in the cloud. The post Three ‘Must Solve” Challenges Hindering Cloud-Native Detection and Response appeared first on Security Boulevard.

article thumbnail

Best Antivirus Software for Small Businesses in 2024

Tech Republic Security

Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

The Hacker News

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.

article thumbnail

ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)

Penetration Testing

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 140
article thumbnail

One third of consumers would prefer working with AI agents for faster service

Zero Day

Many consumers are happy to communicate with an AI agent but also want to know when that conversation is happening.

144
144
article thumbnail

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

WIRED Threat Level

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

Tech Republic Security

Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.

Malware 134
article thumbnail

New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers

The Hacker News

Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions.

Banking 111
article thumbnail

Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage

Penetration Testing

In a newly released report titled “Pacific Rim,” Sophos X-Ops uncovers a five-year campaign by China-based threat groups targeting high-value infrastructure and government organizations across the Indo-Pacific. These operations involve... The post Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage appeared first on Cybersecurity News.

article thumbnail

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

Security Boulevard

GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover. The post GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices appeared first on Security Boulevard.

IoT 127
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!