Wed.Jul 17, 2024

article thumbnail

Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious

Schneier on Security

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 288
article thumbnail

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Security Affairs

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password.

Passwords 138
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Oracle’s Java Changes Lead APAC Enterprises to Explore Alternatives Such As Azul

Tech Republic Security

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

143
143
article thumbnail

MarineMax data breach impacted over 123,000 individuals

Security Affairs

The world’s largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world’s largest recreational boat and yacht retailer MarineMax disclosed a data breach that impacted over 123,000 individuals. In March, the company suffered a cyber attack, and the Rhysida ransomware gang claimed to have stolen company sensitive data.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

Security Boulevard

The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims. The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard.

Phishing 126
article thumbnail

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Security Affairs

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability.

Malware 126

More Trending

article thumbnail

GUEST ESSAY: Consumers, institutions continue to shoulder burden for making mobile banking secure

The Last Watchdog

The rapid adoption of mobile banking has revolutionized how we manage our finances. Related: Deepfakes aimed at mobile banking apps With millions of users worldwide relying on mobile apps for their banking needs, the convenience is undeniable. However, this surge in digital banking also brings about substantial security concerns. Alarmingly, 85% of banks are predicted to be at risk from rising cyber threats.

Banking 100
article thumbnail

NATO Announces New Integrated Cyber Defence Centre

eSecurity Planet

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. However, the warfare landscape has undergone a significant transformation in recent decades. The rise of cyberthreats has emerged as a major concern for NATO and its member states.

article thumbnail

Avast SecureLine VPN vs NordVPN (2024): Which VPN Is Better?

Tech Republic Security

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 147
article thumbnail

HardBit ransomware – what you need to know

Graham Cluley

A new strain of the HardBit ransomware has emerged in the wild, which contains a protection mechanism in an attempt to prevent analysis from security researchers. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Fortifying Digital Infrastructure: Why Companies Must Strengthen Cloud Security Before Going ‘All In’ on Generative AI

Security Boulevard

Generative AI has great potential for scaling and automating security practices, but to be effective, organizations need to have a strong security foundation. The post Fortifying Digital Infrastructure: Why Companies Must Strengthen Cloud Security Before Going ‘All In’ on Generative AI appeared first on Security Boulevard.

article thumbnail

Over 400,000 Life360 user phone numbers leaked via unsecured API

Bleeping Computer

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. [.

123
123
article thumbnail

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The Hacker News

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta.

article thumbnail

Cisco SSM On-Prem bug lets hackers change any user's password

Bleeping Computer

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. [.

Passwords 110
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

2024 Paris Olympics Present Podium-Worthy Cybersecurity Challenges

SecureWorld News

As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games. The Olympics are a prime target for cyberattacks due to their high profile, the involvement of numerous stakeholders, and the extensive use of digital technologies.

article thumbnail

CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk

Penetration Testing

The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially... The post CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk appeared first on Cybersecurity News.

Risk 111
article thumbnail

Exchange Online adds Inbound DANE with DNSSEC for security boost

Bleeping Computer

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. [.

114
114
article thumbnail

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

The Hacker News

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.

Malware 110
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The US Supreme Court Kneecapped US Cyber Strategy

WIRED Threat Level

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

article thumbnail

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

The Hacker News

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0.

Software 109
article thumbnail

Baffle Extends Encryption Reach to AWS Databases

Security Boulevard

Baffle today extended its ability to secure multitenant applications running on the Amazon Web Services (AWS) cloud to include the relational databases many of them are deployed on. The post Baffle Extends Encryption Reach to AWS Databases appeared first on Security Boulevard.

article thumbnail

What Is Two-Factor Authentication?

Tech Republic Security

Cybersecurity threats are multiplying with each passing year. They are growing more sophisticated, as shown by the continued success enjoyed by ransomware and other scams. Two-factor authentication is a time-tested way to minimize the threat of a breach and protect the organization as well as the individual from attacks.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

The Hacker News

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters.

article thumbnail

Notorious FIN7 hackers sell EDR killer to other threat actors

Bleeping Computer

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [.

Hacking 91
article thumbnail

Navigating Insider Risks: Are your Employees Enabling External Threats?

The Hacker News

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed.

Risk 98
article thumbnail

SolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager

Penetration Testing

SolarWinds, a leading provider of IT management software, has issued an urgent security advisory regarding multiple critical vulnerabilities discovered in its Access Rights Manager (ARM) product. These flaws expose organizations to a range of... The post SolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Yacht giant MarineMax data breach impacts over 123,000 people

Bleeping Computer

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. [.

article thumbnail

New Research Exposes VPN Vulnerability: Port Shadow Attacks Undermine User Privacy

Penetration Testing

A new study presented at the Privacy Enhancing Technologies Symposium (PETS) 2024 has revealed a vulnerability in popular VPN protocols like OpenVPN and WireGuard. This flaw, dubbed “port shadow,” could potentially undermine the very... The post New Research Exposes VPN Vulnerability: Port Shadow Attacks Undermine User Privacy appeared first on Cybersecurity News.

VPN 83
article thumbnail

Accelerating SaaS solution delivery to the U.S. Federal Government

Cisco Security

The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market. The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market.

article thumbnail

Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews

WIRED Threat Level

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

85
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.