Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 305

Phishing Scams Malware Passwords 305

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

Telecommunications 250

Telecommunications Media Malware Internet 250

Tech Republic Security

SEPTEMBER 19, 2024

ManageEngine reveals that digital maturity is essential for AI success in Australian cybersecurity. Discover how streamlined processes and automation boost AI ROI and effectiveness.

Cybersecurity 124

Cybersecurity Artificial Intelligence 124

Malwarebytes

SEPTEMBER 19, 2024

Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let’s take a look at some basics of Tor. How Tor works On a daily basis, millions of people use the Tor network to browse privately and visit websites on the dark web.

Surveillance 130

Surveillance Encryption VPN Internet 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

SEPTEMBER 19, 2024

Astra Security is among the best vulnerability scanners for security-conscious companies. Learn more about its features, performance, and pricing with this detailed review.

113

113

The Last Watchdog

SEPTEMBER 19, 2024

Silver Spring, MD, Sept. 19, 2024, CyberNewsWire — Aembit , the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report , a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts. The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reali

CISO 100

CISO Architecture Media Authentication 100

Penetration Testing

SEPTEMBER 19, 2024

In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) by cybercriminals. The report highlights critical vulnerabilities,... The post CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS appeared first on Cybersecurity News.

Cybersecurity 127

Cybersecurity Ransomware Malware 127

Security Affairs

SEPTEMBER 19, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 132

Hacking Cybersecurity Risk Information Security 132

The Hacker News

SEPTEMBER 19, 2024

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).

Healthcare 119

Healthcare Ransomware 119

Security Affairs

SEPTEMBER 19, 2024

Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity Theft Resource Center (ITRC) recently found that 73% of US small business owners experienced a cyberattack in 2023.

Threat Detection 129

Threat Detection Identity Theft Banking Small Business 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

SEPTEMBER 19, 2024

In recent research, Datadog Security Labs has shed light on a potential security risk within Microsoft Entra ID (formerly Azure Active Directory), Microsoft’s cloud-based identity and access management solution. The... The post Stealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized appeared first on Cybersecurity News.

Risk 125

Risk Cybersecurity 125

Duo's Security Blog

SEPTEMBER 19, 2024

Administrators of identity tools hold the skeleton keys to the kingdom now that identity is the new perimeter. To be clear, all administrator accounts — regardless of use case — represent accounts with elevated levels of power and access and should be a focus of heightened security controls. However, in recent months, administrators of identity infrastructure and tooling have come under specific attack.

Accountability 114

Accountability Risk Authentication Social Engineering 114

The Hacker News

SEPTEMBER 19, 2024

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.

Password Management 114

Password Management Encryption Passwords 114

Security Boulevard

SEPTEMBER 19, 2024

Europol headed up an international law enforcement operation against the operators and users of Ghost, an encrypted messaging app that was used by criminal organizations worldwide for drug trafficking, money laundering, and threating to kill or harm people. The post International Raids Shut Down Ghost Encrypted Messaging App appeared first on Security Boulevard.

Encryption 109

Encryption Mobile Cybersecurity Network Security 109

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

SEPTEMBER 19, 2024

In May 2024, Kaspersky Labs uncovered a sophisticated malware campaign exclusively targeting users in Italy. Unusual for cybercriminal activities, this campaign focused solely on Italian victims, deploying a new Remote... The post SambaSpy RAT Targets Italian Users in a Unique Malware Campaign appeared first on Cybersecurity News.

Malware 118

Malware Cybersecurity 118

The Hacker News

SEPTEMBER 19, 2024

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.

111

111

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.

Authentication 123

Authentication Hacking Information Security 123

Tech Republic Security

SEPTEMBER 19, 2024

CrowdStrike faced a crisis on July 19 when an update went horribly wrong. The company faced a firestorm of criticism. Doubts were raised about its survival.

Cybersecurity 100

Cybersecurity 100

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

SEPTEMBER 19, 2024

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said.

Software 107

Software Accountability Cybersecurity 107

Zero Day

SEPTEMBER 19, 2024

Apple Vision Pro's 3D photo conversion 'realified' my old snapshots in a way I was completely unprepared for. Here's how it could transform the way you view your old memories.

98

98

The Hacker News

SEPTEMBER 19, 2024

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country," Kaspersky said in a new analysis.

Phishing 103

Phishing Malware 103

Zero Day

SEPTEMBER 19, 2024

What's the best way to test a power station's longevity and durability? Take it back in time! I exposed a Jackery Explorer Kit 4000 to the ultimate challenge. See the results.

98

98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

SEPTEMBER 19, 2024

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.

101

101

Cisco Security

SEPTEMBER 19, 2024

Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey. Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey.

109

109

The Hacker News

SEPTEMBER 19, 2024

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments.

Healthcare 101

Healthcare Cybersecurity Ransomware Risk 101

Trend Micro

SEPTEMBER 19, 2024

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Antivirus 94

Antivirus Ransomware 94

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

SEPTEMBER 19, 2024

No matter where you look, today, technology plays a central and ever-increasing role in our lives. Whether that's in education, government, business, or industry, technology is omnipresent. It automates and orchestrates and helps drive speed and efficiency. It is connected and highly communicative, and it needs increasingly less intervention on our part to fulfil its intended purpose.

Risk 93

Risk IoT Cybersecurity Technology 93

WIRED Threat Level

SEPTEMBER 19, 2024

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.

Hacking 90

Hacking 90

Penetration Testing

SEPTEMBER 19, 2024

In a recent advisory published on September 16th, data protection powerhouse Acronis disclosed a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and... The post Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert appeared first on Cybersecurity News.

Backups 101

Backups Cybersecurity 101

WIRED Threat Level

SEPTEMBER 19, 2024

The explosion of thousands of rigged pagers and walkie-talkies will likely make Hezbollah operatives fear any means of electronic communication. It’s having the same effect on the Lebanese population.

Hacking 88

Hacking 88

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government