Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Cryptocurrency 202

Cryptocurrency Cybercrime Retail Government 202

Schneier on Security

SEPTEMBER 25, 2024

Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.

Malware 187

Malware 187

Krebs on Security

SEPTEMBER 25, 2024

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Scams 237

Scams DNS Consumer Protection Data collection 237

Schneier on Security

SEPTEMBER 23, 2024

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

Hacking 259

Hacking Manufacturing Scams 259

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Last Watchdog

SEPTEMBER 24, 2024

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

Authentication 215

Authentication Identity Theft Banking Data breaches 215

Tech Republic Security

SEPTEMBER 20, 2024

The Hacker-Powered Security Report showed mixed feelings toward AI in the security community, with many seeing leaked training data as a threat.

Artificial Intelligence 184

Artificial Intelligence Software 184

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

Social Engineering 256

Social Engineering Engineering Phishing Malware 256

Penetration Testing

SEPTEMBER 25, 2024

The Hewlett Packard Enterprise (HPE) Product Security Response Team has issued a critical advisory concerning multiple command injection vulnerabilities (CVE-2024-42505, CVE-2024-42506, CVE-2024-42507) affecting Aruba Access Points running Instant AOS-8 and... The post CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action appeared first on Cybersecurity News.

Cybersecurity 136

Cybersecurity 136

The Hacker News

SEPTEMBER 26, 2024

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.

Cybersecurity 134

Cybersecurity 134

Tech Republic Security

SEPTEMBER 25, 2024

U.K. IT pros are adopting a “Titanic mindset,” a study has found, as they are blind to the upcoming iceberg of their data recovery solution.

Data breaches 143

Data breaches 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 26, 2024

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

Energy and Utilities 117

Energy and Utilities Manufacturing Hacking Information Security 117

Penetration Testing

SEPTEMBER 25, 2024

A severe security flaw has been identified in the popular WordPress plugin The Events Calendar, affecting all versions up to and including 6.6.4. Designated as CVE-2024-8275, the vulnerability has been... The post Critical SQL Injection Vulnerability Discovered in ‘The Events Calendar’ WordPress Plugin (CVE-2024-8275) appeared first on Cybersecurity News.

Cybersecurity 133

Cybersecurity 133

The Hacker News

SEPTEMBER 25, 2024

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.

Risk 136

Risk 136

Tech Republic Security

SEPTEMBER 26, 2024

Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.

Cybersecurity 135

Cybersecurity 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

SEPTEMBER 23, 2024

The IAM platform developed by PureID will allow ColorTokens to further extend the reach and scope of the company’s zero-trust IT portfolio. The post ColorTokens Acquires PureID to Advance Zero-Trust IT appeared first on Security Boulevard.

Security Awareness 128

Security Awareness Cybersecurity 128

Schneier on Security

SEPTEMBER 26, 2024

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

Cybersecurity 190

Cybersecurity 190

Penetration Testing

SEPTEMBER 22, 2024

In a concerning development for organizations relying on Keycloak for secure identity and access management, a high-severity vulnerability has been discovered in its SAML signature validation process. Tracked as CVE-2024-8698,... The post CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk appeared first on Cybersecurity News.

Authentication 143

Authentication Risk Cybersecurity 143

The Hacker News

SEPTEMBER 23, 2024

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.

138

138

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

SEPTEMBER 24, 2024

The Secure Future Initiative was created around the same time the U.S. Cyber Safety Review Board chided Redmond for having a poor security culture.

Engineering 139

Engineering Cybersecurity Data breaches 139

Security Affairs

SEPTEMBER 25, 2024

Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play store. The malware was hidden in popular applications and game mods. Kaspersky researchers first spotted the Necro Trojan in 2019, the malicious code was in the free version of the popular PDF creator application CamScanner app.

Architecture 117

Architecture Malware Mobile Advertising 117

Security Boulevard

SEPTEMBER 25, 2024

Baffle today announced it has developed an ability to automatically encrypt data before it is stored in the Amazon Simple Storage Service (Amazon S3) cloud service. The post Baffle Extends Reach to Ecrypt AWS S3 Data as Ingested appeared first on Security Boulevard.

Encryption 113

Encryption Cybersecurity 113

Penetration Testing

SEPTEMBER 23, 2024

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for unauthenticated remote code execution (RCE), has been... The post Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure appeared first on Cybersecurity News.

Cybersecurity 133

Cybersecurity 133

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

SEPTEMBER 25, 2024

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent.

Technology 126

Technology 126

Tech Republic Security

SEPTEMBER 24, 2024

Implementing multi-factor authentication, supplier risk-management frameworks, and staff security training could help to reduce data breaches.

Data breaches 122

Data breaches Authentication Risk Cyber Attacks 122

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Hacking 101

Hacking Accountability Mobile Internet 101

Security Boulevard

SEPTEMBER 24, 2024

The personal information of almost 3,200 Capitol Hill staffers, including passwords and IP addresses, were leaked on the dark web by an unidentified bad actor after some victims used their work email addresses to sign up for online services, according to reports. The post Congressional Staffers’ Data Leaked on Dark Web: Report appeared first on Security Boulevard.

Passwords 118

Passwords Data breaches Mobile Cybersecurity 118

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

SEPTEMBER 26, 2024

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other platforms like... The post Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks appeared first on Cybersecurity News.

Cybersecurity 110

Cybersecurity 110

The Hacker News

SEPTEMBER 25, 2024

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.

Internet 118

Internet Internet 118

Tech Republic Security

SEPTEMBER 20, 2024

Learn why managing your own VoIP server could be costly and risky. Explore the challenges of remote work, security, and feature limitations.

Software 128

Software Network Security 128

Security Affairs

SEPTEMBER 21, 2024

Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. [ Temporary Wallet Maintenance Notice] ■ Schedule: ~24 hours ■ When maintenance i

Cryptocurrency 121

Cryptocurrency Hacking Cybercrime Media 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity