Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 295

Internet Internet DDOS Cybercrime 295

Tech Republic Security

JULY 17, 2024

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

152

152

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password.

Passwords 139

Passwords Software Authentication Hacking 139

Tech Republic Security

JULY 17, 2024

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 155

VPN 155

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JULY 17, 2024

The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims. The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard.

Phishing 126

Phishing Internet Internet Malware 126

Security Affairs

JULY 17, 2024

The world’s largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world’s largest recreational boat and yacht retailer MarineMax disclosed a data breach that impacted over 123,000 individuals. In March, the company suffered a cyber attack, and the Rhysida ransomware gang claimed to have stolen company sensitive data.

Data breaches 130

Data breaches Retail Cyber Attacks Ransomware 130

The Last Watchdog

JULY 17, 2024

The rapid adoption of mobile banking has revolutionized how we manage our finances. Related: Deepfakes aimed at mobile banking apps With millions of users worldwide relying on mobile apps for their banking needs, the convenience is undeniable. However, this surge in digital banking also brings about substantial security concerns. Alarmingly, 85% of banks are predicted to be at risk from rising cyber threats.

Banking 100

Banking Mobile Cyber Attacks Encryption 100

eSecurity Planet

JULY 17, 2024

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. However, the warfare landscape has undergone a significant transformation in recent decades. The rise of cyberthreats has emerged as a major concern for NATO and its member states.

Cybersecurity 120

Cybersecurity Technology Software Security Defenses 120

Graham Cluley

JULY 17, 2024

A new strain of the HardBit ransomware has emerged in the wild, which contains a protection mechanism in an attempt to prevent analysis from security researchers. Read more in my article on the Tripwire State of Security blog.

Ransomware 117

Ransomware Malware 117

The Hacker News

JULY 17, 2024

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta.

Advertising 120

Advertising Marketing Ransomware 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JULY 17, 2024

Generative AI has great potential for scaling and automating security practices, but to be effective, organizations need to have a strong security foundation. The post Fortifying Digital Infrastructure: Why Companies Must Strengthen Cloud Security Before Going ‘All In’ on Generative AI appeared first on Security Boulevard.

Security Awareness 116

Security Awareness Cybersecurity 116

The Hacker News

JULY 17, 2024

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.

Malware 116

Malware Government Cybersecurity 116

Bleeping Computer

JULY 17, 2024

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. [.

123

123

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability.

Malware 127

Malware Internet Internet Ransomware 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JULY 17, 2024

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0.

Software 114

Software Passwords 114

Bleeping Computer

JULY 17, 2024

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. [.

Passwords 110

Passwords Software 110

SecureWorld News

JULY 17, 2024

As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games. The Olympics are a prime target for cyberattacks due to their high profile, the involvement of numerous stakeholders, and the extensive use of digital technologies.

Cybersecurity 110

Cybersecurity Phishing Mobile Media 110

Penetration Testing

JULY 17, 2024

The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially... The post CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk appeared first on Cybersecurity News.

Risk 111

Risk Software Cybersecurity 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JULY 17, 2024

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. [.

114

114

The Hacker News

JULY 17, 2024

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters.

Artificial Intelligence 105

Artificial Intelligence 105

Tech Republic Security

JULY 17, 2024

Cybersecurity threats are multiplying with each passing year. They are growing more sophisticated, as shown by the continued success enjoyed by ransomware and other scams. Two-factor authentication is a time-tested way to minimize the threat of a breach and protect the organization as well as the individual from attacks.

Authentication 88

Authentication Scams Ransomware Cybersecurity 88

The Hacker News

JULY 17, 2024

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed.

Risk 103

Risk Banking Accountability 103

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JULY 17, 2024

Baffle today extended its ability to secure multitenant applications running on the Amazon Web Services (AWS) cloud to include the relational databases many of them are deployed on. The post Baffle Extends Encryption Reach to AWS Databases appeared first on Security Boulevard.

Encryption 99

Encryption Security Awareness Cybersecurity 99

WIRED Threat Level

JULY 17, 2024

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Cybersecurity 110

Cybersecurity Hacking 110

Bleeping Computer

JULY 17, 2024

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [.

Hacking 91

Hacking Software 91

Penetration Testing

JULY 17, 2024

SolarWinds, a leading provider of IT management software, has issued an urgent security advisory regarding multiple critical vulnerabilities discovered in its Access Rights Manager (ARM) product. These flaws expose organizations to a range of... The post SolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager appeared first on Cybersecurity News.

Software 90

Software Cybersecurity 90

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JULY 17, 2024

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. [.

Data breaches 82

Data breaches Retail Ransomware 82

Penetration Testing

JULY 17, 2024

A new study presented at the Privacy Enhancing Technologies Symposium (PETS) 2024 has revealed a vulnerability in popular VPN protocols like OpenVPN and WireGuard. This flaw, dubbed “port shadow,” could potentially undermine the very... The post New Research Exposes VPN Vulnerability: Port Shadow Attacks Undermine User Privacy appeared first on Cybersecurity News.

VPN 88

VPN Technology Cybersecurity 88

Security Boulevard

JULY 17, 2024

Overview Unconstrained delegation is a feature in Active Directory that allows a computer, service, or user to impersonate any other user and access resources on their behalf across the entire network, completely unrestricted. A typical example of a use case for unconstrained delegation is when certain services require access to another server or back-end database. […] The post Unconstrained Delegation in Active Directory appeared first on Praetorian.

75

75

WIRED Threat Level

JULY 17, 2024

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

77

77

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government