Thu.Sep 19, 2024

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 320
article thumbnail

FBI Shuts Down Chinese Botnet

Schneier on Security

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Tor anonymity compromised by law enforcement. Is it still safe to use?

Malwarebytes

Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let’s take a look at some basics of Tor. How Tor works On a daily basis, millions of people use the Tor network to browse privately and visit websites on the dark web.

article thumbnail

Digital Maturity Key to AI Success in Australian Cyber Security

Tech Republic Security

ManageEngine reveals that digital maturity is essential for AI success in Australian cybersecurity. Discover how streamlined processes and automation boost AI ROI and effectiveness.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Antivirus firm Dr.Web disconnected all servers following a cyberattack

Security Affairs

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure.

Antivirus 141
article thumbnail

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

The Hacker News

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).

More Trending

article thumbnail

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

The Hacker News

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.

article thumbnail

SIEM for Small and Medium-Sized Enterprises: What you need to know

Security Affairs

Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity Theft Resource Center (ITRC) recently found that 73% of US small business owners experienced a cyberattack in 2023.

article thumbnail

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The Hacker News

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.

137
137
article thumbnail

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

Security Affairs

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

The Hacker News

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said.

Software 134
article thumbnail

First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia

WIRED Threat Level

The explosion of thousands of rigged pagers and walkie-talkies will likely make Hezbollah operatives fear any means of electronic communication. It’s having the same effect on the Lebanese population.

Hacking 131
article thumbnail

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

The Hacker News

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country," Kaspersky said in a new analysis.

Phishing 131
article thumbnail

Your Phone Won’t Be the Next Exploding Pager

WIRED Threat Level

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.

Hacking 131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

The Hacker News

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments.

article thumbnail

Astra Vulnerability Scanner Review (2024): How Good Is Astra?

Tech Republic Security

Astra Security is among the best vulnerability scanners for security-conscious companies. Learn more about its features, performance, and pricing with this detailed review.

129
129
article thumbnail

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

The Hacker News

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.

129
129
article thumbnail

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS

Penetration Testing

In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) by cybercriminals. The report highlights critical vulnerabilities,... The post CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Antivirus 111
article thumbnail

Stealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized

Penetration Testing

In recent research, Datadog Security Labs has shed light on a potential security risk within Microsoft Entra ID (formerly Azure Active Directory), Microsoft’s cloud-based identity and access management solution. The... The post Stealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized appeared first on Cybersecurity News.

Risk 126
article thumbnail

Watching the Watchmen: Securing Identity Administrators

Duo's Security Blog

Administrators of identity tools hold the skeleton keys to the kingdom now that identity is the new perimeter. To be clear, all administrator accounts — regardless of use case — represent accounts with elevated levels of power and access and should be a focus of heightened security controls. However, in recent months, administrators of identity infrastructure and tooling have come under specific attack.

article thumbnail

SambaSpy RAT Targets Italian Users in a Unique Malware Campaign

Penetration Testing

In May 2024, Kaspersky Labs uncovered a sophisticated malware campaign exclusively targeting users in Italy. Unusual for cybercriminal activities, this campaign focused solely on Italian victims, deploying a new Remote... The post SambaSpy RAT Targets Italian Users in a Unique Malware Campaign appeared first on Cybersecurity News.

Malware 119
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Best of CrowdStrike Fal.Con 2024: Tackling Adversity with a Wave of Cybersecurity Innovation

Tech Republic Security

CrowdStrike faced a crisis on July 19 when an update went horribly wrong. The company faced a firestorm of criticism. Doubts were raised about its survival.

article thumbnail

International Raids Shut Down Ghost Encrypted Messaging App

Security Boulevard

Europol headed up an international law enforcement operation against the operators and users of Ghost, an encrypted messaging app that was used by criminal organizations worldwide for drug trafficking, money laundering, and threating to kill or harm people. The post International Raids Shut Down Ghost Encrypted Messaging App appeared first on Security Boulevard.

article thumbnail

Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert

Penetration Testing

In a recent advisory published on September 16th, data protection powerhouse Acronis disclosed a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and... The post Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert appeared first on Cybersecurity News.

Backups 102
article thumbnail

News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’

The Last Watchdog

Silver Spring, MD, Sept. 19, 2024, CyberNewsWire — Aembit , the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report , a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts. The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reali

CISO 100
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Re-Imagining Zero Trust With an In-Office Experience, Everywhere

Cisco Security

Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey. Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey.

99
article thumbnail

I thought this new VisionOS 2 feature was just a gimmick - until it made me cry into my Vision Pro

Zero Day

Apple Vision Pro's 3D photo conversion 'realified' my old snapshots in a way I was completely unprepared for. Here's how it could transform the way you view your old memories.

98
article thumbnail

Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?

The Hacker News

Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks.

article thumbnail

How I used this portable power station to bring electricity to a caveman

Zero Day

What's the best way to test a power station's longevity and durability? Take it back in time! I exposed a Jackery Explorer Kit 4000 to the ultimate challenge. See the results.

98
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.