Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 250

Phishing Scams Malware Passwords 250

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

Social Engineering 185

Social Engineering Engineering Phishing Malware 185

Troy Hunt

SEPTEMBER 17, 2024

I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn't really the right word, as, frankly, it was nerve-racking. This, with my obvious bias as her father, makes it all the more remarkable that Elle was able to do it at NDC Oslo when she was just 11 years old.

Technology 253

Technology 253

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

Telecommunications 236

Telecommunications Media Malware Internet 236

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 18, 2024

Security leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.

Artificial Intelligence 171

Artificial Intelligence 171

Penetration Testing

SEPTEMBER 16, 2024

Security researcher Pwndorei published a detailed analysis alongside a proof-of-concept (PoC) exploit code for a patched zero-day vulnerability in Windows Hyper-V, tracked as CVE-2024-38080. This critical flaw, already being actively... The post PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability CVE-2024-38080 appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Troy Hunt

SEPTEMBER 15, 2024

Today was all about this whole idea of how we index and track data breaches. Not as HIBP, but rather as an industry; we simply don't have a canonical reference of breaches and their associated attributes. When they happened, how many people were impacted, any press on the incident, the official disclosure messaging and so on and so forth. As someone in the video today said, "what about the Airtel data breach?

Data breaches 216

Data breaches Government 216

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 243

Malware Social Engineering Engineering Hacking 243

Tech Republic Security

SEPTEMBER 17, 2024

Cyber attackers are using malicious emails to infiltrate critical national infrastructure, like utilities, transport, telecommunications, and now data centres.

Telecommunications 178

Telecommunications Cyber Attacks Data breaches Cybersecurity 178

The Hacker News

SEPTEMBER 18, 2024

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).

IoT 125

IoT Cybersecurity 125

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Penetration Testing

SEPTEMBER 19, 2024

In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) by cybercriminals. The report highlights critical vulnerabilities,... The post CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS appeared first on Cybersecurity News.

Cybersecurity 118

Cybersecurity Ransomware Malware 118

WIRED Threat Level

SEPTEMBER 17, 2024

At least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.

Hacking 133

Hacking 133

Schneier on Security

SEPTEMBER 16, 2024

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Internet 228

Internet Internet Government 228

Tech Republic Security

SEPTEMBER 16, 2024

DuckDuckGo now has AI chat, emphasizing privacy and anonymity. Discover how this new offering aims to protect user data in conversations.

Artificial Intelligence 178

Artificial Intelligence 178

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 19, 2024

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.

Password Management 100

Password Management Encryption Passwords 100

Security Affairs

SEPTEMBER 18, 2024

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also called Ethereal Panda or RedJuliett).

IoT 120

IoT Wireless DDOS Architecture 120

Security Boulevard

SEPTEMBER 17, 2024

A new wave of all-in-one SOC platforms is consolidating the market, bringing enterprise-grade security solutions within reach of SMBs. The post The New Era of SOCs: Simplifying Cybersecurity for SMBs appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Marketing Security Awareness 126

Tech Republic Security

SEPTEMBER 17, 2024

Australia's IT spending is set to surge 8.7% in 2025, driven by cybersecurity needs, AI investments, and hardware upgrades as Windows 10 ends.

Cybersecurity 156

Cybersecurity Digital transformation Artificial Intelligence 156

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

SEPTEMBER 18, 2024

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.

Identity Theft 113

Identity Theft Engineering Phishing Software 113

Security Affairs

SEPTEMBER 19, 2024

An international law enforcement operation infiltrated the encrypted messaging app Ghost, which was widely used by criminals, resulting in the arrest of dozens of individuals. An international law enforcement operation infiltrated the encrypted communications app Ghost, designed for criminal use, leading to numerous arrests. The alleged administrator of the app, Jay Je Yoon Jung (32), was charged with supporting a criminal organization and profiting from illegal activities.

Encryption 111

Encryption Cryptocurrency Mobile Hacking 111

Security Boulevard

SEPTEMBER 20, 2024

Security issues stemming from the integration of information technology (IT) and operational technology (OT), could be addressed through artificial intelligence (AI), although the technology could also be leveraged by malicious actors, according to a Cisco study. The post AI Could Help Resolve IT/OT Integration Security Challenges appeared first on Security Boulevard.

Artificial Intelligence 108

Artificial Intelligence Technology Security Awareness Cybersecurity 108

Schneier on Security

SEPTEMBER 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D.C. on September 25, 2024. I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA.

196

196

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

SEPTEMBER 17, 2024

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

Password Management 163

Password Management Data breaches Passwords 163

The Hacker News

SEPTEMBER 15, 2024

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.

Phishing 117

Phishing Cybersecurity 117

Security Affairs

SEPTEMBER 19, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 111

Hacking Cybersecurity Risk Information Security 111

Security Boulevard

SEPTEMBER 18, 2024

The FBI and other U.S. and international law enforcement agencies disrupted a massive botnet created by China-linked threat group Flax Typhoon that had pulled in more than 200,000 IoT and other connected devices over the past for years. The post FBI Disrupts Another Massive Chinese-Linked Botnet appeared first on Security Boulevard.

IoT 119

IoT DDOS Mobile Malware 119

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Schneier on Security

SEPTEMBER 13, 2024

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.

Artificial Intelligence 222

Artificial Intelligence 222

Tech Republic Security

SEPTEMBER 19, 2024

Astra Security is among the best vulnerability scanners for security-conscious companies. Learn more about its features, performance, and pricing with this detailed review.

124

124

The Hacker News

SEPTEMBER 17, 2024

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said.

Risk 113

Risk 113

Security Affairs

SEPTEMBER 16, 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer.

Internet 118

Internet Internet Malware Passwords 118

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity