Thu.Oct 03, 2024

article thumbnail

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

The Last Watchdog

Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk.

Risk 243
article thumbnail

Weird Zimbra Vulnerability

Schneier on Security

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature

The Last Watchdog

San Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler , the leading platform in secrets management, today announces the launch of Change Requests , a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. Designed to enhance security, compliance, and team collaboration, Change Requests gives organizations the tools to mitigate the potential risks from misconfigurations or unauthorized changes

article thumbnail

One-Third of UK Teachers Lack Cybersecurity Training, While 34% Experience Security Incidents

Tech Republic Security

A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP

The Last Watchdog

Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The webinar will feature a Criminal IP ASM Live Demo, providing a comprehensive view of attack surface visibility.

article thumbnail

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

Security Affairs

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months.

Hacking 136

More Trending

article thumbnail

Dutch police breached by a state actor

Security Affairs

The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, and the police have reported the security breach to the Data Protection Authority.

article thumbnail

SSPM: A Better Way to Secure SaaS Applications 

Security Boulevard

As organizations continue to adopt more SaaS applications, the need for comprehensive security solutions will only grow. The post SSPM: A Better Way to Secure SaaS Applications appeared first on Security Boulevard.

article thumbnail

Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps

Security Affairs

Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion Pps and 3 Tbps. The largest DDoS attack peaked at 3.8 Tbps, that is the highest ever publicly disclosed. “Cloudflare’s defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with m

DDOS 123
article thumbnail

YouTube, Snapchat, TikTok Ordered to Reveal Recommender System Details Amid DSA Crackdown

Penetration Testing

In a significant move to enforce the Digital Services Act (DSA), the European Commission has issued formal requests for information to YouTube, Snapchat, and TikTok, demanding detailed insights into the... The post YouTube, Snapchat, TikTok Ordered to Reveal Recommender System Details Amid DSA Crackdown appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

LockBit Ransomware and Evil Corp Leaders Arrested and Sanctioned in Joint Global Effort

The Hacker News

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K.

article thumbnail

Authd Vulnerability (CVE-2024-9313) Allows User Impersonation on Ubuntu Systems

Penetration Testing

A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines. This flaw could allow malicious actors... The post Authd Vulnerability (CVE-2024-9313) Allows User Impersonation on Ubuntu Systems appeared first on Cybersecurity News.

article thumbnail

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

The Hacker News

Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News.

article thumbnail

Tick tock. Operation Cronos arrests more LockBit ransomware gang suspects

Graham Cluley

International law enforcement continues to dismantle the LockBit ransomware gang's infrastructure. Read more in my article on the Tripwire State of Security blog.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

The Hacker News

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries.

article thumbnail

This Windows-Android hybrid disrupted how I use my laptop in the best way

Zero Day

The fifth-gen Lenovo ThinkBook Plus is a laptop/tablet hybrid that runs on both Windows 11 and Android 13, resulting in a unique user experience that changed the way I use both.

98
article thumbnail

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

The Hacker News

INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said.

Phishing 113
article thumbnail

Browser Guard now flags data breaches and better protects personal data  

Malwarebytes

Two things are true of data online: It will be collected and, just as easily, it will be lost. But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches that have left their sensitive information vulnerable to harm.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks

The Hacker News

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface.

Mobile 110
article thumbnail

CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM

Penetration Testing

A high-severity vulnerability (CVE-2024-5102) has been discovered in Avast Antivirus for Windows, potentially allowing attackers to gain elevated privileges and wreak havoc on users’ systems. This flaw, present in versions... The post CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM appeared first on Cybersecurity News.

Antivirus 101
article thumbnail

One of the best Android Auto wireless adapters just got a useful (and premium) update

Zero Day

The AAWireless TWO is now smarter and more customizable - but only for Android users. Here's how to get notified when the dongle goes on sale later this month.

article thumbnail

5G and IoT for Enhanced Connectivity in Utility Infrastructure: The Future Is Now or Maybe Tomorrow?

SecureWorld News

The utility industry is undergoing changes that were unimaginable just a few decades ago. Remember when we were all excited about dial-up internet? Things have changed. Fast forward to today, and and we're not just talking about high-speed internet. But it also includes smart devices that monitor every aspect of today's utilities. From smart meters to self-repairing cables and now, with the launch of 5G, it feels like we are entering a new era.

IoT 89
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Buy a Microsoft Office Pro and Windows 11 Pro bundle for 87% off right now

Zero Day

This lifetime license bundle deal gives you access to the entire Microsoft Office Pro 2021 suite and Windows 11 Pro for just $53 for a limited time.

98
article thumbnail

The Complete Guide to PAM Tools, Features, And Techniques

Heimadal Security

Privileged access management is one of the most important topics in cybersecurity – yet it can be a minefield to get right. For hackers, elevated permissions are one of the absolute best ways to plan and execute a successful account. In fact, many attacks would simply be impossible without them. But effective privileged access management […] The post The Complete Guide to PAM Tools, Features, And Techniques appeared first on Heimdal Security Blog.

article thumbnail

October Prime Day bundle: Buy a Samsung Galaxy S24 FE and get a $100 Amazon gift card

Zero Day

Amazon is offering a $100 gift card when you buy the Samsung Galaxy S24 FE AI smartphone ahead of their Big Deal Days sale event on October 8 and 9.

98
article thumbnail

Snapekit Rootkit Unveiled: A Stealthy Threat Targeting Arch Linux

Penetration Testing

Gen Threat Labs has issued an alert about a newly discovered rootkit named Snapekit, which poses a significant threat to Arch Linux systems running kernel version 6.10.2-arch1-1 x86_64. This sophisticated... The post Snapekit Rootkit Unveiled: A Stealthy Threat Targeting Arch Linux appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Hacker News

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe.

article thumbnail

5 free Safari extensions I rely on for better security, privacy, and productivity online

Zero Day

If Safari is your go-to browser for MacOS, there are extensions you can add to improve the overall experience. Here are my top five.

98
article thumbnail

The state of generative AI in 2024

Webroot

Generative AI has taken the world by storm, transforming how individuals and businesses interact with and trust this new technology. With tools like ChatGPT, Grok, DALL-E, and Microsoft Copilot, everyday users are finding new ways to enhance productivity, creativity, and efficiency. However, as the integration of AI into daily life accelerates, so do the concerns around privacy and security.

article thumbnail

E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report

Security Boulevard

The Global Bot Security Report is out and the results are in: Health, Luxury, and E-Commerce are the least protected industries against simple bot attacks. Learn how your industry measures up. The post E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report appeared first on Security Boulevard.

72
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.