Fri.Aug 09, 2024

article thumbnail

People-Search Site Removal Services Largely Ineffective

Schneier on Security

Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out.

282
282
article thumbnail

Australian Enterprises Coming 4th in 2024 Global Survey of Generative AI Usage

Tech Republic Security

Businesses in China, the U.K. and the U.S. are using generative AI more than Australia. But the Aussies lead in understanding, planning for, and implementing generative AI use policies.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

WIRED Threat Level

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

Hacking 145
article thumbnail

StormBamboo Compromises ISP, Spreads Malware

Tech Republic Security

Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware.

Malware 151
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

The Hacker News

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.

144
144
article thumbnail

5 Types of IVR Testing Tools and When To Use Each

Tech Republic Security

Discover the difference between types of IVR testing tools, ensuring optimal performance and security for your business phone system. Plus, we’ll show you when to DIY or call in the pros.

More Trending

article thumbnail

Security company ADT announces security breach of customer data

Malwarebytes

Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” An 8-K is a report of unscheduled material events or corporate changes at a company that could be of importance to the shareholders or the Securities and Exchange Commission (SEC).

article thumbnail

DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs

The Hacker News

The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a "laptop farm" to help get North Koreans remote jobs with American and British companies.

143
143
article thumbnail

Beware: Hackers Use Google Drawings & WhatsApp Links to Steal Data

Penetration Testing

Menlo Security has uncovered a new phishing campaign that exploits Google Drawings to bypass security systems and deceive users, compelling victims to click on fraudulent links designed to steal sensitive... The post Beware: Hackers Use Google Drawings & WhatsApp Links to Steal Data appeared first on Cybersecurity News.

Phishing 135
article thumbnail

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

The Hacker News

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Sonos smart speakers flaw allowed to eavesdrop on users

Security Affairs

NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw that could have allowed to eavesdrop on users. Researchers from NCC Group have discovered multiple vulnerabilities in Sonos smart speakers, including a flaw, tracked as CVE-2023-50809, that could have allowed eavesdropping on users. The researchers have disclosed the vulnerabilities during the BLACK HAT USA 2024 conference.

Wireless 134
article thumbnail

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

The Hacker News

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).

article thumbnail

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

WIRED Threat Level

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.

article thumbnail

Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

Security Affairs

Cisco warns of critical remote code execution zero-day vulnerabilities impacting end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisco warns of multiple critical remote code execution zero-day vulnerabilities in end-of-life Small Business SPA 300 and SPA 500 series IP phones. “Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbi

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

WIRED Threat Level

Six vulnerabilities in ATM-maker Diebold Nixdorf’s popular Vynamic Security Suite could have been exploited to control ATMs using “relatively simplistic attacks.

Software 132
article thumbnail

Aqua Security Researchers Disclose Series of AWS Flaws

Security Boulevard

Aqua Security this week at the Black Hat USA 2024 conference revealed that it has discovered six vulnerabilities in the cloud services provided by Amazon Web Services (AWS). The post Aqua Security Researchers Disclose Series of AWS Flaws appeared first on Security Boulevard.

article thumbnail

Black Hat USA 2024: All eyes on election security

We Live Security

In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated

article thumbnail

Exploring the dynamic landscape of cybersecurity threats

Security Boulevard

Hello, My name is Chen, and I work as a threat intelligence analyst at Salt Security. Every day, I dive into the complex world of cybersecurity, uncovering the hidden threats that hide in our digital lives. Today, I'd like to take you on a journey through the evolving landscape of API threats. APIs are the quiet helpers of the digital world, allowing software applications to communicate easily with each other.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Improving Ransomware Detection with Breach and Attack Simulation (BAS)

NetSpi Executives

Ransomware attacks are a pervasive and ongoing threat to organizations worldwide, costing billions in damages and operational downtime. For CISOs, security leaders, and SOC teams, the challenge is not just in preventing these attacks, but in detecting them as early as possible in the kill chain, before they can cause real damage. Enter Breach and Attack Simulation (BAS) , a powerful solution that enhances your organization’s ability to understand your detection capabilities and improve you

article thumbnail

Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

WIRED Threat Level

The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.

Mobile 115
article thumbnail

Entrust distrust: How to move to a new Certificate Authority

Security Boulevard

Entrust, a once-trusted Certificate Authority (CA), has faced a significant setback as Google and Mozilla have announced they will no longer trust Entrust's SSL/TLS certificates due to security concerns. This move leaves current Entrust customers scrambling to find alternative CAs to ensure secure digital connections. The article emphasizes the urgency of transitioning to a new, reliable CA, such as Sectigo, to avoid potential cybersecurity risks and ensure continued protection.

Risk 112
article thumbnail

Alert! Income tax refund SMS – Newest way of conducting bank fraud by cyber criminals

Quick Heal Antivirus

Scammers are literally on their toes all year round, but for all the wrong reasons, devising ways and. The post Alert! Income tax refund SMS – Newest way of conducting bank fraud by cyber criminals appeared first on Quick Heal Blog.

Banking 98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 8/9/24

Security Boulevard

Insight #1 As I watch the sea of news out of Black Hat, from CrowdStrike fallout to the ever-present-flow of AI tools (both threat and savior?), one announcement stands out. Software now powers the world, but it's also the simplest way for attackers to breach an organization. Despite this, we've lacked visibility into the inner workings of applications beyond passive log analysis.

CISO 108
article thumbnail

ADT Breached: Customer Data Leaked on a Hacking Forum

Heimadal Security

The American building security company, ADT, announced that it had been the victim of a data breach. Threat actors allegedly broke into certain of ADT’s systems and stole customer information, the company claims in a Form 8-K regulatory document it submitted to the Securities and Exchange Commission (SEC) on Thursday morning. The company has approximately […] The post ADT Breached: Customer Data Leaked on a Hacking Forum appeared first on Heimdal Security Blog.

Hacking 93
article thumbnail

Cyber attacks 2024: The biggest attacks of the first half of 2024

Security Boulevard

The post Cyber attacks 2024: The biggest attacks of the first half of 2024 appeared first on Click Armor. The post Cyber attacks 2024: The biggest attacks of the first half of 2024 appeared first on Security Boulevard.

article thumbnail

0.0.0.0 Day Vulnerability: An 18-Year-Old Flaw Actively Exploited by Threat Actors

Heimadal Security

Cybersecurity researchers have found a brand-new “0.0.0.0 Day” that affects all popular web browsers and that malevolent websites might use to compromise local networks. It is reported that the vulnerability exposes a fundamental flaw in how browsers handle requests, potentially granting threat actors access to sensitive services running on local devices.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Django Releases Security Updates to Address Critical Flaw (CVE-2024-42005, CVSS 9.8)

Penetration Testing

The Django team has issued security updates for Django 5.0.8 and 4.2.15 to address multiple vulnerabilities, including potential denial-of-service (DoS) attacks and a critical SQL injection vulnerability. All Django users... The post Django Releases Security Updates to Address Critical Flaw (CVE-2024-42005, CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

Modern Strategies to Address Phishing Risks with Advanced Technology

SecureWorld News

In today's digital age, phishing has evolved into a sophisticated threat capable of deceiving even the most technically savvy individuals. No longer confined to suspicious emails, phishing now encompasses voice-based attacks (vishing), text-based scams (smishing) automated with phishing kits, and deepfake technologies. The common thread among most of these attacks is the web browser, as enterprise employees often interact with malicious content displayed there.

article thumbnail

MDR vs MSSP: Key Differences and Full Guide

Heimadal Security

If you’re looking for external help with your organization’s security posture, one of the big decisions to make is whether you’ll go with generalists or specialists. On one hand, you could opt to work with a managed security service provider (MSSP). These generalist businesses offer a wide range of security services. Alternatively, you could choose […] The post MDR vs MSSP: Key Differences and Full Guide appeared first on Heimdal Security Blog.

84
article thumbnail

HPE Infuses AI Into Network Detection and Response Platform

Security Boulevard

Hewlett Packard Enterprise (HPE) this week at the Black Hat USA 2024 conference extended its network detection and response (NDR) capabilities that make use of artificial intelligence (AI) models to enable behavioral analytics. The post HPE Infuses AI Into Network Detection and Response Platform appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.