Fri.Sep 13, 2024

article thumbnail

My TedXBillings Talk

Schneier on Security

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.

article thumbnail

New Office of the CISO Paper: Organizing Security for Digital Transformation

Anton on Security

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.

Malware 140
article thumbnail

Espionage Alert: Google Sheets Exploit For Malware Control

Security Boulevard

A Google Sheets exploit has recently been discovered by cybersecurity experts Proofpoint. As per the initial information, the platform is being leveraged as a command-and-control (C2) mechanism. In this article, we’ll look at what the Google Sheets exploit is about, which sectors are being targeted, and more. Let’s begin! Google Sheets Exploit: Initial Discovery The […] The post Espionage Alert: Google Sheets Exploit For Malware Control appeared first on TuxCare.

Malware 129
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GitLab fixed a critical flaw in GitLab CE and GitLab EE

Security Affairs

GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a critical pipeline execution issue. GitLab released security patches for 17 vulnerabilities in GitLab CE (Community Edition) and EE (Enterprise Edition). One of these vulnerabilities is a critical pipeline execution flaw, tracked as CVE-2024-6678 (CVSS score of 9.9), that could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances. “An issue was discovered in GitLab CE/EE affecti

Hacking 128
article thumbnail

Realm.Security Emerges to Tackle Cybersecurity Data Management

Security Boulevard

Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics. The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard.

More Trending

article thumbnail

How Secure is the “Password Protection” on Your Files and Drives?

Security Boulevard

Most password protection methods use some form of encryption, but is there a clear choice between software and hardware encryption when it comes to protecting your personal or business files from theft, loss, or hacking? The post How Secure is the “Password Protection” on Your Files and Drives? appeared first on Security Boulevard.

Passwords 122
article thumbnail

New Linux malware called Hadooken targets Oracle WebLogic servers

Security Affairs

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. The name comes from the attack “surge fist” in the Street Fighter series. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.

Malware 125
article thumbnail

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

The Hacker News

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.

114
114
article thumbnail

Cyber Security in Banking: Threats, Solutions & Best Practices

eSecurity Planet

Cyber security in banking has become the frontline defense against an ever-growing wave of digital threats. With billions of dollars and sensitive data at risk, banks are under constant pressure to stay one step ahead of cybercriminals. So, what are the biggest threats facing the banking sector, and how are institutions safeguarding your financial future?

Banking 108
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

The Hacker News

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.

113
113
article thumbnail

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

WIRED Threat Level

The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.

109
109
article thumbnail

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

The Hacker News

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said.

Banking 107
article thumbnail

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Security Affairs

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach. Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

The Hacker News

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said.

article thumbnail

My Apple Intelligence wishlist: 10 features it needs to compete with OpenAI and Google

Zero Day

I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.

98
article thumbnail

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

The Hacker News

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.

Phishing 104
article thumbnail

Ford seeks patent for conversation-based advertising

Malwarebytes

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication Ford writes: “An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

The Hacker News

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.

article thumbnail

Proton VPN vs NordVPN: Which is best in 2024?

Zero Day

NordVPN and Proton VPN are two of the most popular VPN services available with strong protection features. Here are the key reasons you might pick one over the other.

VPN 98
article thumbnail

Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws

Penetration Testing

In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, could... The post Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws appeared first on Cybersecurity News.

article thumbnail

10 features Apple Intelligence needs to actually compete with OpenAI and Google

Zero Day

I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.

94
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward

Security Boulevard

Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the.

article thumbnail

I love everything about this Android tablet (especially the price)

Zero Day

Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a 120Hz display, 256GB of storage, and 24GB of RAM. What's more, it comes at a great discount.

98
article thumbnail

Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)

Security Boulevard

Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.

80
article thumbnail

Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos

Penetration Testing

A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malwarebytes. The scammers are using a combination of purchased Google... The post Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos appeared first on Cybersecurity News.

Scams 88
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

New Office of the CISO Paper: Organizing Security for Digital Transformation

Security Boulevard

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.

article thumbnail

Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required

Penetration Testing

Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control systems (ICS). The vulnerabilities, tracked as CVE-2024-45823 and CVE-2024-45824, could potentially allow unauthorized... The post Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required appeared first on Cybersecurity News.

Risk 82
article thumbnail

The best wireless chargers of 2024: Expert tested

Zero Day

Did you just preorder the new iPhone 16? Now, break up with your charging cables. We went hands-on with chargers from Anker, ESR, Courant, and more to find the best wireless chargers to make powering your devices easier than ever.

article thumbnail

What is EchoSpoofing?: Proofpoint Email Routing Exploit

Security Boulevard

Reading Time: 3 min The recent exploitation of Proofpoint’s email routing flaw, known as EchoSpoofing, allowed attackers to send millions of spoofed emails across multiple organizations. The post What is EchoSpoofing?: Proofpoint Email Routing Exploit appeared first on Security Boulevard.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.