Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 279

Internet Internet DDOS Cybercrime 279

Tech Republic Security

JULY 17, 2024

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

150

150

Security Boulevard

JULY 17, 2024

The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims. The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard.

Phishing 125

Phishing Internet Internet Malware 125

Tech Republic Security

JULY 17, 2024

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 153

VPN 153

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password.

Passwords 123

Passwords Software Authentication Hacking 123

The Last Watchdog

JULY 17, 2024

The rapid adoption of mobile banking has revolutionized how we manage our finances. Related: Deepfakes aimed at mobile banking apps With millions of users worldwide relying on mobile apps for their banking needs, the convenience is undeniable. However, this surge in digital banking also brings about substantial security concerns. Alarmingly, 85% of banks are predicted to be at risk from rising cyber threats.

Banking 100

Banking Mobile Cyber Attacks Encryption 100

Security Boulevard

JULY 17, 2024

A hacker who calls themselves "emo" says they accessed the information of 15 million Trello users in January through an unsecured REST API endpoint and six months later leaked the information on an underground forum. The post Hacker Leaks Data of More Than 15 Million Trello Users appeared first on Security Boulevard.

Data privacy 122

Data privacy Data breaches Cybersecurity Network Security 122

The Hacker News

JULY 17, 2024

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.

Malware 120

Malware Government Cybersecurity 120

eSecurity Planet

JULY 17, 2024

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. However, the warfare landscape has undergone a significant transformation in recent decades. The rise of cyberthreats has emerged as a major concern for NATO and its member states.

Cybersecurity 119

Cybersecurity Technology Security Defenses Software 119

The Hacker News

JULY 17, 2024

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0.

Software 118

Software Passwords 118

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Affairs

JULY 17, 2024

The world’s largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world’s largest recreational boat and yacht retailer MarineMax disclosed a data breach that impacted over 123,000 individuals. In March, the company suffered a cyber attack, and the Rhysida ransomware gang claimed to have stolen company sensitive data.

Data breaches 115

Data breaches Retail Cyber Attacks Ransomware 115

Security Boulevard

JULY 17, 2024

Generative AI has great potential for scaling and automating security practices, but to be effective, organizations need to have a strong security foundation. The post Fortifying Digital Infrastructure: Why Companies Must Strengthen Cloud Security Before Going ‘All In’ on Generative AI appeared first on Security Boulevard.

Security Awareness 113

Security Awareness Cybersecurity 113

Bleeping Computer

JULY 17, 2024

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. [.

123

123

WIRED Threat Level

JULY 17, 2024

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Cybersecurity 120

Cybersecurity Hacking 120

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 17, 2024

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. [.

Passwords 110

Passwords Software 110

The Hacker News

JULY 17, 2024

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters.

Artificial Intelligence 108

Artificial Intelligence 108

Penetration Testing

JULY 17, 2024

The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially... The post CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk appeared first on Cybersecurity News.

Risk 111

Risk Software Cybersecurity 111

The Hacker News

JULY 17, 2024

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed.

Risk 107

Risk Banking Accountability 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureWorld News

JULY 17, 2024

As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games. The Olympics are a prime target for cyberattacks due to their high profile, the involvement of numerous stakeholders, and the extensive use of digital technologies.

Cybersecurity 105

Cybersecurity Phishing Mobile Media 105

Bleeping Computer

JULY 17, 2024

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. [.

114

114

Graham Cluley

JULY 17, 2024

A new strain of the HardBit ransomware has emerged in the wild, which contains a protection mechanism in an attempt to prevent analysis from security researchers. Read more in my article on the Tripwire State of Security blog.

Ransomware 104

Ransomware Malware 104

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability.

Malware 100

Malware Internet Internet Ransomware 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JULY 17, 2024

Cybersecurity threats are multiplying with each passing year. They are growing more sophisticated, as shown by the continued success enjoyed by ransomware and other scams. Two-factor authentication is a time-tested way to minimize the threat of a breach and protect the organization as well as the individual from attacks.

Authentication 85

Authentication Scams Ransomware Cybersecurity 85

Security Boulevard

JULY 17, 2024

Baffle today extended its ability to secure multitenant applications running on the Amazon Web Services (AWS) cloud to include the relational databases many of them are deployed on. The post Baffle Extends Encryption Reach to AWS Databases appeared first on Security Boulevard.

Encryption 97

Encryption Security Awareness Cybersecurity 97

Bleeping Computer

JULY 17, 2024

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [.

Software 91

Software Hacking 91

Penetration Testing

JULY 17, 2024

SolarWinds, a leading provider of IT management software, has issued an urgent security advisory regarding multiple critical vulnerabilities discovered in its Access Rights Manager (ARM) product. These flaws expose organizations to a range of... The post SolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager appeared first on Cybersecurity News.

Software 90

Software Cybersecurity 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JULY 17, 2024

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

86

86

Penetration Testing

JULY 17, 2024

A new study presented at the Privacy Enhancing Technologies Symposium (PETS) 2024 has revealed a vulnerability in popular VPN protocols like OpenVPN and WireGuard. This flaw, dubbed “port shadow,” could potentially undermine the very... The post New Research Exposes VPN Vulnerability: Port Shadow Attacks Undermine User Privacy appeared first on Cybersecurity News.

VPN 88

VPN Technology Cybersecurity 88

Bleeping Computer

JULY 17, 2024

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. [.

Data breaches 82

Data breaches Retail Ransomware 82

Penetration Testing

JULY 17, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, adding three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move highlights the urgent need for organizations to... The post CISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog appeared first on Cybersecurity News.

Cybersecurity 75

Cybersecurity 75

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft