Krebs on Security

SEPTEMBER 13, 2024

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and

Cybercrime 248

Cybercrime Mobile Accountability Hacking 248

Schneier on Security

SEPTEMBER 13, 2024

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.

Artificial Intelligence 219

Artificial Intelligence 219

Anton on Security

SEPTEMBER 13, 2024

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.

Digital transformation 130

Digital transformation CISO Technology Cybersecurity 130

Penetration Testing

SEPTEMBER 13, 2024

Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done by the original owner or with the correct password. Without deactivating Lost Mode,... The post Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade appeared first on Cybersecurity News.

Passwords 124

Passwords Cybersecurity Technology 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.

Malware 129

Malware Firmware Antivirus Manufacturing 129

Security Boulevard

SEPTEMBER 13, 2024

Most password protection methods use some form of encryption, but is there a clear choice between software and hardware encryption when it comes to protecting your personal or business files from theft, loss, or hacking? The post How Secure is the “Password Protection” on Your Files and Drives? appeared first on Security Boulevard.

Passwords 122

Passwords Encryption Software Hacking 122

Security Boulevard

SEPTEMBER 13, 2024

Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics. The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity Security Awareness 122

The Hacker News

SEPTEMBER 13, 2024

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.

120

120

Security Affairs

SEPTEMBER 13, 2024

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. The name comes from the attack “surge fist” in the Street Fighter series. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.

Malware 114

Malware Internet Internet Passwords 114

The Hacker News

SEPTEMBER 13, 2024

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.

114

114

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Zero Day

SEPTEMBER 13, 2024

I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.

98

98

The Hacker News

SEPTEMBER 13, 2024

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said.

Banking 114

Banking Cybersecurity 114

Malwarebytes

SEPTEMBER 13, 2024

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication Ford writes: “An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or

Advertising 98

Advertising Manufacturing Internet Internet 98

The Hacker News

SEPTEMBER 13, 2024

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said.

Cyber Attacks 111

Cyber Attacks 111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Affairs

SEPTEMBER 13, 2024

GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a critical pipeline execution issue. GitLab released security patches for 17 vulnerabilities in GitLab CE (Community Edition) and EE (Enterprise Edition). One of these vulnerabilities is a critical pipeline execution flaw, tracked as CVE-2024-6678 (CVSS score of 9.9), that could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances. “An issue was discovered in GitLab CE/EE affecti

Hacking 105

Hacking Accountability Information Security 105

Zero Day

SEPTEMBER 13, 2024

NordVPN and Proton VPN are two of the most popular VPN services available with strong protection features. Here are the key reasons you might pick one over the other.

VPN 98

VPN 98

The Hacker News

SEPTEMBER 13, 2024

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.

Software 101

Software 101

Security Affairs

SEPTEMBER 13, 2024

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach. Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area.

Data breaches 102

Data breaches Healthcare Ransomware Hacking 102

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Zero Day

SEPTEMBER 13, 2024

Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a 120Hz display, 256GB of storage, and 24GB of RAM. What's more, it comes at a great discount.

98

98

Penetration Testing

SEPTEMBER 13, 2024

In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, could... The post Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws appeared first on Cybersecurity News.

Software 94

Software Cybersecurity 94

eSecurity Planet

SEPTEMBER 13, 2024

Cyber security in banking has become the frontline defense against an ever-growing wave of digital threats. With billions of dollars and sensitive data at risk, banks are under constant pressure to stay one step ahead of cybercriminals. So, what are the biggest threats facing the banking sector, and how are institutions safeguarding your financial future?

Banking 88

Banking Identity Theft DDOS Cyber threats 88

The Hacker News

SEPTEMBER 13, 2024

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.

Phishing 93

Phishing Cyber threats Marketing Risk 93

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Zero Day

SEPTEMBER 13, 2024

I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.

85

85

Security Boulevard

SEPTEMBER 13, 2024

Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the.

Artificial Intelligence 81

Artificial Intelligence Cybersecurity 81

Penetration Testing

SEPTEMBER 13, 2024

Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control systems (ICS). The vulnerabilities, tracked as CVE-2024-45823 and CVE-2024-45824, could potentially allow unauthorized... The post Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required appeared first on Cybersecurity News.

Risk 79

Risk Software Cybersecurity 79

Security Boulevard

SEPTEMBER 13, 2024

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.

Digital transformation 72

Digital transformation CISO Technology Cybersecurity 72

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

SEPTEMBER 13, 2024

A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malwarebytes. The scammers are using a combination of purchased Google... The post Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos appeared first on Cybersecurity News.

Scams 79

Scams Cybersecurity 79

Zero Day

SEPTEMBER 13, 2024

Did you just preorder the new iPhone 16? Now, break up with your charging cables. We went hands-on with chargers from Anker, ESR, Courant, and more to find the best wireless chargers to make powering your devices easier than ever.

Wireless 76

Wireless 76

Penetration Testing

SEPTEMBER 13, 2024

A severe security flaw has been identified in FileSender, the popular web-based application that allows authenticated users to securely send large files. The vulnerability, classified as CVE-2024-45186, was discovered by... The post CVE-2024-45186: FileSender Vulnerability Poses Risk to User Credentials, Immediate Action Required appeared first on Cybersecurity News.

Risk 68

Risk Authentication Cybersecurity 68

Zero Day

SEPTEMBER 13, 2024

If you have a question that requires a lot of text or numerical analysis, consider running it by ChatGPT or one of the other AIs. You might just get a useful answer as fast as I did.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare