Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 250

Phishing Scams Malware Passwords 250

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

Telecommunications 236

Telecommunications Media Malware Internet 236

Tech Republic Security

SEPTEMBER 19, 2024

Astra Security is among the best vulnerability scanners for security-conscious companies. Learn more about its features, performance, and pricing with this detailed review.

125

125

The Last Watchdog

SEPTEMBER 19, 2024

Silver Spring, MD, Sept. 19, 2024, CyberNewsWire — Aembit , the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report , a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts. The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reali

CISO 100

CISO Architecture Media Authentication 100

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 19, 2024

ManageEngine reveals that digital maturity is essential for AI success in Australian cybersecurity. Discover how streamlined processes and automation boost AI ROI and effectiveness.

Cybersecurity 112

Cybersecurity Artificial Intelligence 112

Penetration Testing

SEPTEMBER 19, 2024

In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) by cybercriminals. The report highlights critical vulnerabilities,... The post CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS appeared first on Cybersecurity News.

Cybersecurity 118

Cybersecurity Ransomware Malware 118

The Hacker News

SEPTEMBER 19, 2024

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.

Password Management 112

Password Management Encryption Passwords 112

Security Affairs

SEPTEMBER 19, 2024

An international law enforcement operation infiltrated the encrypted messaging app Ghost, which was widely used by criminals, resulting in the arrest of dozens of individuals. An international law enforcement operation infiltrated the encrypted communications app Ghost, designed for criminal use, leading to numerous arrests. The alleged administrator of the app, Jay Je Yoon Jung (32), was charged with supporting a criminal organization and profiting from illegal activities.

Encryption 116

Encryption Cryptocurrency Mobile Hacking 116

The Hacker News

SEPTEMBER 19, 2024

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.

113

113

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.

Authentication 110

Authentication Hacking Information Security 110

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

The Hacker News

SEPTEMBER 19, 2024

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country," Kaspersky said in a new analysis.

Phishing 110

Phishing Malware 110

Tech Republic Security

SEPTEMBER 19, 2024

CrowdStrike faced a crisis on July 19 when an update went horribly wrong. The company faced a firestorm of criticism. Doubts were raised about its survival.

Cybersecurity 93

Cybersecurity 93

The Hacker News

SEPTEMBER 19, 2024

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832).

Healthcare 110

Healthcare Ransomware 110

Zero Day

SEPTEMBER 19, 2024

Apple Vision Pro's 3D photo conversion 'realified' my old snapshots in a way I was completely unprepared for. Here's how it could transform the way you view your old memories.

98

98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 19, 2024

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said.

Software 107

Software Accountability Cybersecurity 107

Zero Day

SEPTEMBER 19, 2024

What's the best way to test a power station's longevity and durability? Take it back in time! I exposed a Jackery Explorer Kit 4000 to the ultimate challenge. See the results.

98

98

The Hacker News

SEPTEMBER 19, 2024

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.

101

101

Security Boulevard

SEPTEMBER 19, 2024

Europol headed up an international law enforcement operation against the operators and users of Ghost, an encrypted messaging app that was used by criminal organizations worldwide for drug trafficking, money laundering, and threating to kill or harm people. The post International Raids Shut Down Ghost Encrypted Messaging App appeared first on Security Boulevard.

Encryption 91

Encryption Mobile Cybersecurity Network Security 91

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

SEPTEMBER 19, 2024

In a recent advisory published on September 16th, data protection powerhouse Acronis disclosed a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and... The post Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert appeared first on Cybersecurity News.

Backups 95

Backups Cybersecurity 95

Cisco Security

SEPTEMBER 19, 2024

Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey. Cisco has designed our solution to overcome common obstacles by powering a secure, in-office experience anywhere that builds on Cisco's own zero trust journey.

89

89

The Hacker News

SEPTEMBER 19, 2024

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments.

Healthcare 91

Healthcare Cybersecurity Ransomware Risk 91

Security Affairs

SEPTEMBER 19, 2024

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure.

Antivirus 88

Antivirus Malware Hacking Information Security 88

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

SEPTEMBER 19, 2024

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.

Hacking 86

Hacking 86

Penetration Testing

SEPTEMBER 19, 2024

In a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potentially other countries in the Asia-Pacific (APAC) region... The post Sophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt Strike to Infiltrate APAC appeared first on Cybersecurity News.

Government 82

Government Cybersecurity Malware 82

Zero Day

SEPTEMBER 19, 2024

Anyone can install the new public beta, but you'll need an iPhone 15 Pro or a new iPhone 16 model to run Apple Intelligence.

97

97

Penetration Testing

SEPTEMBER 19, 2024

The AutoVM team at Google has discovered that dependency scanning tools often mistakenly report vulnerabilities in software. These vulnerabilities may either pose no real security threat or require no action.... The post Google Warns: Dependency Scanners Often Misreport Vulnerabilities appeared first on Cybersecurity News.

Software 79

Software Cybersecurity 79

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

SEPTEMBER 19, 2024

Permiso today added a Universal Identity Graph engine that makes it simpler for cybersecurity teams to visually map the relationship between individuals, applications and systems to better enforce zero-trust IT policies. The post Permiso Launches Universal Identity Graph to Advance Zero-Trust IT appeared first on Security Boulevard.

Engineering 73

Engineering Cybersecurity Security Awareness 73

The Hacker News

SEPTEMBER 19, 2024

Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks.

Accountability 74

Accountability Ransomware 74

SecureWorld News

SEPTEMBER 19, 2024

No matter where you look, today, technology plays a central and ever-increasing role in our lives. Whether that's in education, government, business, or industry, technology is omnipresent. It automates and orchestrates and helps drive speed and efficiency. It is connected and highly communicative, and it needs increasingly less intervention on our part to fulfil its intended purpose.

Risk 71

Risk IoT Cybersecurity Technology 71

Security Boulevard

SEPTEMBER 19, 2024

The firehose of security incidents – data breaches, ransomware, and supply chain attacks – often obscures the methods that attackers use to create these incidents. One of the most common is credential stuffing, which is a type of authentication-related attack that leads to account takeovers (ATO) and ultimately theft or fraud. So, what is credential […] The post Understanding Credential Stuffing Attacks appeared first on Cequence Security.

Data breaches 70

Data breaches Authentication Accountability Ransomware 70

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity