Wed.Oct 04, 2023

article thumbnail

Safe, Secure, Anonymous, and Other Misleading Claims

Troy Hunt

Imagine you wanted to buy some s**t on the internet. Not the metaphorical kind in terms of "I bought some random s**t online", but literal s**t. Turds. Faeces. The kind of thing you never would have thought possible to buy online until. Shitexpress came along. Here's a service that enables you to send an actual piece of smelly s**t to "An irritating colleague.

Internet 326
article thumbnail

Malicious Ads in Bing Chat

Schneier on Security

Malicious ads are creeping into chatbots.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Artificial Intelligence and CyberSecurity Expert Joseph Steinberg To Keynote Pennsylvania Summit

Joseph Steinberg

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will keynote the upcoming Securing the Future: Cloud, Cybersecurity, and AI Summit , taking place on Wednesday, October 11, 2023, in Pennsylvania, USA. The summit, sponsored by Avail Technology Solutions, will allow participants to learn about the latest advancements and trends in cloud technology, cybersecurity practices, and the exciting world of Artificial Intelligence (AI) — topics that Steinberg will cover in his key

article thumbnail

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

The Last Watchdog

Something simply must be done to slow, and ultimately reverse, attack surface expansion. Related: What Cisco’s buyout of Splunk really signals We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

Risk 222
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A Decade Later: How To Send Messages That Even The NSA, CIA, and FBI Cannot Read

Joseph Steinberg

A little over a decade ago I wrote a piece for Forbes describing a method of protecting electronic communications from unauthorized access, through the hiding of message contents within photos and video files. At the time, I even created a contest – embedding an unencrypted Amazon gift card number within an image displayed on the Forbes website alongside my article; despite my having provided clues as to what was hidden, and in what image it was hidden, and despite a hundred thousand peopl

article thumbnail

How Neuralink Keeps Dead Monkey Photos Secret

WIRED Threat Level

Elon Musk’s brain-chip startup conducted years of tests at UC Davis, a public university. A WIRED investigation reveals how Neuralink and the university keep the grisly images of test subjects hidden.

145
145

More Trending

article thumbnail

This Top-Rated Ad Blocker is Just $25 Through October 15th

Tech Republic Security

AdGuard gets rid of ads and provides an extra layer of protection on multiple devices. Through October 15th only, it's just $25 for life.

Phishing 143
article thumbnail

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 144
article thumbnail

Apple emergency update fixes new zero-day used to hack iPhones

Bleeping Computer

Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. [.

Hacking 142
article thumbnail

Exposing Infection Techniques Across Supply Chains and Codebases

Trend Micro

This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.

Mobile 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

The Hacker News

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks.

141
141
article thumbnail

Sony confirms data breach impacting thousands in the U.S.

Bleeping Computer

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. [.

article thumbnail

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

Security Affairs

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. The phishing attacks were aimed at senior executives across various industries, primarily in Banking, Financial, Insurance, Property Management and Real Estate, and Manufacturing sectors.

Phishing 139
article thumbnail

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

The Hacker News

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.

137
137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

A cyberattack disrupted Lyca Mobile services

Security Affairs

International mobile virtual network operator Lyca Mobile announced it has been the victim of a cyber attack that disrupted its network. Lyca Mobile is a mobile virtual network operator (MVNO) that provides prepaid mobile phone services to customers in several countries worldwide. A mobile virtual network operator doesn’t own its own physical wireless network infrastructure but instead leases network services from established mobile carriers.

Mobile 139
article thumbnail

'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover

Dark Reading

The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.

IoT 133
article thumbnail

Apple fixed the 17th zero-day flaw exploited in attacks

Security Affairs

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. “A local attacker may be able to elevate their privileges.

Hacking 136
article thumbnail

Microsoft: Hackers target Azure cloud VMs via breached SQL servers

Bleeping Computer

Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. [.

133
133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

DRM Report Q2 2023 – Ransomware threat landscape

Security Affairs

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. In an era where digitalization has woven its web into the very fabric of our lives, the dark underbelly of the digital realm continues to pose an ever-growing threat. Ransomware, a menace that has evolved into a formidable adversary, takes center stage in our examination of the cyber threat landscape during the second quarter of 2023.

article thumbnail

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

The Hacker News

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers.

article thumbnail

Hundreds of malicious Python packages found stealing sensitive data

Bleeping Computer

A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. [.

130
130
article thumbnail

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns of three other actively exploited zero-day flaws. Chipmaker Qualcomm released security updates to address 17 vulnerabilities in several components. Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild.

Firmware 129
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Gen Z fears physical violence from being online more than anyone else, Malwarebytes finds

Malwarebytes

The “version history” of the internet was split by what we could do online—simple browsing across Web 1.0’s static web pages, instant connection throughout Web 2.0’s social platforms, and, into the future, potential new forms of ownership within Web 3.0’s dreams of decentralization. But, as Malwarebytes has uncovered in new research, what we can do online produces its own, generational byproduct: Fear.

Antivirus 127
article thumbnail

Your Cheap Android TV Streaming Box May Have a Dangerous Backdoor

WIRED Threat Level

New research has found that some streaming devices and dozens of Android and iOS apps are secretly being used for fraud and other cybercrime.

article thumbnail

Cisco fixes hard-coded root credentials in Emergency Responder

Bleeping Computer

Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials. [.

125
125
article thumbnail

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

The Hacker News

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what's an instance of a typosquatting campaign.

120
120
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Update your Android devices now! Google patches two actively exploited vulnerabilities

Malwarebytes

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation. If your Android phone is at patch level 2023-10-06 or later then the two issues discussed below have been fixed.

article thumbnail

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

The Hacker News

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41.

Spyware 116
article thumbnail

Meta and TikTok consider charging users for ad-free experience

Malwarebytes

According to a report from the Wall Street Journal , Meta is considering charging its European users around $14 a month if they don't agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions charged by Apple's and Google's app stores. European rules require Meta to get users’ consent in order to show them targeted ads, so this seems like an obvious attempt to make up for the lost advertis

article thumbnail

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

The Hacker News

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.