Fri.Oct 18, 2024

article thumbnail

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Krebs on Security

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “ USDoD ,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

article thumbnail

Justice Department Indicts Tech CEO for Falsifying Security Certifications

Schneier on Security

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 145
article thumbnail

macOS HM Surf flaw in TCC allows bypass Safari privacy settings

Security Affairs

Microsoft disclosed a flaw in the macOS Apple’s Transparency, Consent, and Control (TCC) framework that could allow it to bypass privacy settings and access user data. Microsoft discovered a vulnerability, tracked as CVE-2024-44133 and code-named ‘HM Surf’, in Apple’s Transparency, Consent, and Control (TCC) framework in macOS.

Adware 132
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

The Hacker News

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.

article thumbnail

Omni Family Health data breach impacts 468,344 individuals

Security Affairs

Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees. Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations. They offer a range of services, including primary care, dental care, behavioral health, and preventive services.

More Trending

article thumbnail

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

The Hacker News

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.

Malware 140
article thumbnail

The Disinformation Warning Coming From the Edge of Europe

WIRED Threat Level

Moldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.

Media 139
article thumbnail

Get an Untrusted Security Advisor! Have Fun, Reduce Fail!

Anton on Security

Many organizations are looking for trusted advisors , and this applies to our beloved domain of cyber/information security. If you look at LinkedIn, many consultants present themselves as trusted advisors to CISOs or their teams. Untrusted Advisor by Dall-E via Copilot This perhaps implies that nobody wants to hire an untrusted advisor. But if you think about it, modern LLM-powered chatbots and other GenAI applications are essentially untrusted advisors (RAG and fine-tuning notwithstanding).

article thumbnail

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

SecureList

Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture

The Hacker News

Picture your company's data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today’s fast-evolving landscape can feel like an impossible challenge. But there’s a game-changing solution: Data Security Posture Management (DSPM).

127
127
article thumbnail

Can You Fax a Check? Yes. Follow These Steps to Do it Safely

Tech Republic Security

Discover how to legally, securely, and quickly fax a check whether you're using a traditional fax machine or an online faxing service.

Software 125
article thumbnail

What the US Army’s 1959 ‘Soldier of Tomorrow’ Got Right About the Future of Warfare

WIRED Threat Level

Sixty-five years ago, the Army's leaders unveiled its “ultimate weapon” for the age of atomic warfare. Here’s how the service’s vision stands up to today's reality.

117
117
article thumbnail

Army Cloud Program to Help SMBs Meet DoD Cyber Requirements

Security Boulevard

The U.S. Army is developing a cloud environment called N-CODE that will give smaller businesses access to the security technologies they need to meet stringent DoD cybersecurity requirements and compete for defense contracts. The post Army Cloud Program to Help SMBs Meet DoD Cyber Requirements appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Amazon launches new Fire TV Stick to replace two current options

Zero Day

Amazon just released a new Fire TV Stick HD, retiring the Fire TV Stick and Fire TV Stick Lite. Here's what that means.

98
article thumbnail

USENIX NSDI ’24 – Netcastle: Network Infrastructure Testing At Scale

Security Boulevard

Authors/Presenters:Rob Sherwood, Jinghao Shi, Ying Zhang, Neil Spring, Srikanth Sundaresan, Jasmeet Bagga, Prathyusha Peddi, Vineela Kukkadapu, Rashmi Shrivastava, Manikantan KR, Pavan Patil, Srikrishna Gopu, Varun Varadan, Ethan Shi, Hany Morsy, Yuting Bu, Renjie Yang, Rasmus Jönsson, Wei Zhang, Jesus Jussepen Arredondo, Diana Saha, Sean Choi Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implemen

107
107
article thumbnail

This 4-in-1 keychain charger is my new essential travel accessory

Zero Day

Rolling Square's InCharge XS charges via USB-C, USB-A, and iPhone Lightning in one versatile cable that's small enough to fit on your keychain.

98
article thumbnail

From IT to Cybersecurity: How One Person Made the Leap and Got Hired

SecureWorld News

If you're in IT or another technical role and thinking about transitioning into cybersecurity, you might be wondering if you have what it takes. Maybe you've got solid tech skills and a knack for problem-solving, but you don't have a security title or certifications yet. You're probably thinking, “I'd be great in a cybersecurity role, but will anyone even consider me?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Save $20 on an Apple AirTag 4-Pack with this deal

Zero Day

If you're an iPhone user, you could probably use these trackers to monitor your keys, wallet, luggage, and even your young kids, especially with this $20 discount.

98
article thumbnail

Microsoft Reveals Loss of Customer Security Logs for a Month

Heimadal Security

Microsoft is alerting business clients to a flaw that resulted in critical logs being partially lost for nearly a month. This puts at risk businesses who depend on this data to identify unwanted activity. Microsoft is alerting enterprise customers that a flaw resulted in important logs being largely lost for nearly a month, endangering businesses […] The post Microsoft Reveals Loss of Customer Security Logs for a Month appeared first on Heimdal Security Blog.

Risk 90
article thumbnail

Buy 3 months of Xbox Game Pass Ultimate for 28% off with this deal

Zero Day

Try or gift Xbox Game Pass for three months for nearly one-third off and play over 100 games including Starfield, Forza Motorsport, and Football Manager 2024 on your Xbox, PC, or mobile device.

Mobile 98
article thumbnail

Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report

CompTIA on Cybersecurity

What does the maturing of cybersecurity look like in today’s tech landscape? Explore what the CompTIA State of Cybersecurity 2025 report has to say.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The Ring Battery Doorbell Plus is the perfect video doorbell for Ring fans

Zero Day

If you're a Ring user looking to upgrade to a battery-powered video doorbell, the Ring Battery Doorbell Plus is the perfect choice.

98
article thumbnail

Today’s top drivers for cybersecurity strategy

CompTIA on Cybersecurity

Learn about the key drivers for cybersecurity strategy and how to ensure your organization is protected.

article thumbnail

Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks

Penetration Testing

Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W. The vulnerabilities, which could allow... The post Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks appeared first on Cybersecurity News.

article thumbnail

AI-Generated Personas: Trust and Deception

Security Boulevard

And the Ethical Dilemma of Using AI to Create Fake Online Personalities In recent years, advancements in artificial intelligence (AI) have given rise to powerful tools like StyleGAN and sophisticated language models such as ChatGPT. These technologies can create hyper-realistic images and conversations, blurring the line between authentic human presence and synthetic creations.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Gatekeeper Bypass: Malicious Apps Could Slip Through macOS Defenses

Penetration Testing

A new report from Unit 42 researchers has uncovered significant weaknesses in macOS’s Gatekeeper security mechanism, which could allow malicious applications to bypass Apple’s verification process and execute harmful code... The post Gatekeeper Bypass: Malicious Apps Could Slip Through macOS Defenses appeared first on Cybersecurity News.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 10/18/24

Security Boulevard

Insight #1: Data breach costs are climbing According to IBM’s latest Cost of a Data Breach report , data breach costs have risen 39.4% over the past decade and are now at almost $5 million per breach. We should make sure our cybersecurity insurance falls in line with these numbers. Insight #2: Ditto for open-source nasties in repos According to a new report , the number of malicious packages uploaded to open-source repositories has increased 150% in the last year.

CISO 78
article thumbnail

Best Proxies for Bots: Ethical Usage and Top Providers

SecureBlitz

I will show you the best proxies for bots in this post. In today's digital landscape, bots have become increasingly common for various legitimate purposes, such as web scraping, market research, and automated testing. However, choosing the right proxy service is crucial to ensure smooth and efficient bot operations. This comprehensive guide will explore the […] The post Best Proxies for Bots: Ethical Usage and Top Providers appeared first on SecureBlitz Cybersecurity.

article thumbnail

Hikvision HikCentral Master Lite and Professional Affected by Multi Vulnerabilities

Penetration Testing

Hikvision, a leading provider of AIoT and video surveillance solutions, has disclosed three vulnerabilities affecting its HikCentral Master Lite and HikCentral Professional software. These flaws could allow attackers to execute... The post Hikvision HikCentral Master Lite and Professional Affected by Multi Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.