Trending Articles

article thumbnail

AIs Discovering Vulnerabilities

Schneier on Security

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better. Here’s some anecdotal data from this summer: Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for valid

Software 278
article thumbnail

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Change Healthcare Breach Hits 100M Americans

Krebs on Security

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s c

article thumbnail

Software Makers Encouraged to Stop Using C/C++ by 2026

Tech Republic Security

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software 202
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PoC Exploit Releases for Critical Symlink Flaw in Apple’s iOS – CVE-2024-44258

Penetration Testing

In a recent analysis, cybersecurity researchers Hichem Maloufi and Christian Mina detailed CVE-2024-44258, a symlink vulnerability affecting Apple’s ManagedConfiguration framework and the profiled daemon. This vulnerability allows attackers to manipulate... The post PoC Exploit Releases for Critical Symlink Flaw in Apple’s iOS – CVE-2024-44258 appeared first on Cybersecurity News.

article thumbnail

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID.

More Trending

article thumbnail

How to Become a Chief Information Officer: CIO Cheat Sheet

Tech Republic Security

If you want to pursue a path toward becoming a CIO, here's your guide to salaries, job markets, skills and common interview questions.

Marketing 165
article thumbnail

CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras

Penetration Testing

In a recent discovery, GreyNoise Labs identified two critical vulnerabilities in popular pan-tilt-zoom (PTZ) cameras, which could allow unauthorized access and remote code execution (RCE) on devices used globally. These... The post CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras appeared first on Cybersecurity News.

article thumbnail

Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data

WIRED Threat Level

A bug that WIRED discovered in True the Vote’s VoteAlert app revealed user information—and an election worker who wrote about carrying out an illegal voter-suppression scheme.

122
122
article thumbnail

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Booking.com Phishers May Leave You With Reservations

Krebs on Security

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Phishing 211
article thumbnail

How AI Is Changing the Cloud Security and Risk Equation

Tech Republic Security

Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenable’s Liat Hayun on managing data sensitivity, misconfigurations, and over-privileged access.

Risk 120
article thumbnail

CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts

Penetration Testing

Guardio Labs has unveiled a critical security flaw in the Opera browser, dubbed “CrossBarking,” which allows malicious extensions to bypass security protocols and exploit Private APIs. This vulnerability grants attackers... The post CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts appeared first on Cybersecurity News.

article thumbnail

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

The Hacker News

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.

Hacking 119
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

IoT Devices in Password-Spraying Botnet

Schneier on Security

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to mul

Passwords 209
article thumbnail

How Cybersecurity Training Must Adapt to a New Era of Threats

Security Boulevard

We have entered a new era of cyberthreats, and employees must be equipped to defend the company from more cunning and effective attacks than ever. The post How Cybersecurity Training Must Adapt to a New Era of Threats appeared first on Security Boulevard.

article thumbnail

Best Antivirus Software for Small Businesses in 2024

Tech Republic Security

Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.

article thumbnail

SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide

Penetration Testing

In a world increasingly dependent on online advertising, cybercriminals have seized an opportunity to exploit Meta’s vast advertising ecosystem. Bitdefender Labs has released an alarming report detailing the “SYS01 Infostealer”... The post SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide appeared first on Cybersecurity News.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

The Hacker News

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.

article thumbnail

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.

article thumbnail

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

WIRED Threat Level

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

article thumbnail

Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

Tech Republic Security

Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.

Malware 134
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

FBI Warning: “Remember Me” Cookies Put Your Email at Risk

Penetration Testing

The Federal Bureau of Investigation (FBI) Atlanta Division has issued an urgent warning to the public about a surge in cybercriminals exploiting “Remember-Me” cookies to gain unauthorized access to email... The post FBI Warning: “Remember Me” Cookies Put Your Email at Risk appeared first on Cybersecurity News.

Risk 121
article thumbnail

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities.

article thumbnail

Sophos Versus the Chinese Hackers

Schneier on Security

Really interesting story of Sophos’s five-year war against Chinese hackers.

Hacking 224
article thumbnail

Three ‘Must Solve” Challenges Hindering Cloud-Native Detection and Response

Security Boulevard

As security teams level up to support the cloud-native transition, three major issues keep impeding detection and response in the cloud. The post Three ‘Must Solve” Challenges Hindering Cloud-Native Detection and Response appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

VMware Explore Barcelona 2024: Tanzu Platform 10 Enters General Availability

Tech Republic Security

About a year after Broadcom’s acquisition of VMware, the company released VMware Tanzu Data Services to make connections to some third-party data engines easier.

article thumbnail

ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)

Penetration Testing

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 140
article thumbnail

New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers

The Hacker News

Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions.

Banking 111
article thumbnail

One third of consumers would prefer working with AI agents for faster service

Zero Day

Many consumers are happy to communicate with an AI agent but also want to know when that conversation is happening.

144
144
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.