Tue.Nov 19, 2024

article thumbnail

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

article thumbnail

Why Italy Sells So Much Spyware

Schneier on Security

Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b

Spyware 256
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Dell Unveils AI and Cybersecurity Solutions at Microsoft Ignite 2024

Tech Republic Security

Dell announced new AI and cybersecurity advancements at Microsoft Ignite, including APEX File Storage and Copilot services for Azure.

article thumbnail

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

Penetration Testing

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. A critical vulnerability has been discovered in Cobbler, a popular Linux installation server used for... The post CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise appeared first on Cybersecurity News.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations

Tech Republic Security

Microsoft Ignite 2024 unveils groundbreaking AI, security, and Teams innovations, shaping the future of enterprise tech and digital transformation.

article thumbnail

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges. According to the DoJ, the Phobos ransomware operation targeted over 1,000 public and private entities in the United States and worldwide, extorting more than $16 mil

More Trending

article thumbnail

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

WIRED Threat Level

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

145
145
article thumbnail

Vishing, Wangiri, and Other VoIP Fraud Tactics On the Rise

Tech Republic Security

Protect your business from VoIP fraud. Learn how to recognize the most common types and harden your phone system security.

Software 150
article thumbnail

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

The Hacker News

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.

145
145
article thumbnail

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN 125
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

The Hacker News

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e.

article thumbnail

I replaced my M1 MacBook Pro with a base model M4 - and it blew my $3,000 laptop away

Zero Day

Apple's flagship M4 laptops won't wow you with flashy features or fresh designs, but they're almost so polished that you can't complain.

134
134
article thumbnail

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

The Hacker News

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News.

article thumbnail

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

Malwarebytes

A large social media campaign was launched to promote a free Artificial Intelligence (AI) video editor. If the “free” part of that campaign sounds too good to be true, then that’s because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on Windows machines and Atomic Stealer (AMOS) on Macs.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

The Hacker News

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.

136
136
article thumbnail

My information was stolen. Now what?

We Live Security

Follow these steps to reduce the odds of having your personal information stolen, or recover more quickly in the event that you have fallen victim to an information stealer attack.

119
119
article thumbnail

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

The Hacker News

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.

article thumbnail

ICE Can Already Sidestep Sanctuary City Laws Through Data-Sharing Fusion Centers

WIRED Threat Level

Built to combat terrorism, fusion centers give US Immigration and Customs Enforcement a way to gain access to data that’s meant to be protected under city laws limiting local police cooperation with ICE.

119
119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

The Hacker News

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal.

IoT 130
article thumbnail

Kirk and Spock reunite: AI gives us the Star Trek farewell we always wanted

Zero Day

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

article thumbnail

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

The Hacker News

Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised.

122
122
article thumbnail

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypas

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

The Hacker News

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities.

article thumbnail

ChatGPT vs. ChatGPT Plus: Is a paid subscription still worth it?

Zero Day

OpenAI's GPT-4o model makes it harder to determine who'll find free ChatGPT adequate and when ChatGPT Plus is worth it. We break down your options to help you decide.

111
111
article thumbnail

Embedding Trust as a Strategic Asset in Technical Leadership

SecureWorld News

Discover how technical leaders can transform organizations by embedding trust as a measurable asset within business systems, unlocking sustained value and competitive advantage. Executive summary Organizations must integrate trust value into their core planning, treating it as a strategic asset that can be manufactured, measured, and managed, much like quality in Total Quality Management.

article thumbnail

Microsoft to tighten Windows security dramatically in 2025 - here's how

Zero Day

Stung by last summer's CrowdStrike meltdown, which crashed Windows PCs and servers worldwide, Microsoft is rolling out a wide range of security changes to Windows.

109
109
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

EPA IG Office: ‘High-Risk’ Security Flaws in Hundreds of Water Systems

Security Boulevard

The watchdog for the EPA found that, of 1,062 U.S. drinking water systems it assessed, 97 had "critical" or "high-risk" security flaws and another 211 had less dangerous vulnerabilities, risking threats from stolen data to disrupted service. The post EPA IG Office: ‘High-Risk’ Security Flaws in Hundreds of Water Systems appeared first on Security Boulevard.

Risk 108
article thumbnail

The end of ChromeOS is a new dawn for cheap Android laptops

Zero Day

It's the beginning of the end for ChromeOS as Google faces a pivotal challenge: compete with Apple's Arm dominance while leveraging AI and custom silicon to redefine affordable computing.

108
108
article thumbnail

CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS

Penetration Testing

Critical flaws in widely-used networking and security products demand immediate attention from administrators. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three actively exploited vulnerabilities... The post CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS appeared first on Cybersecurity News.

article thumbnail

Bluesky hits 20 million users and counting - watch it keep growing here

Zero Day

Bluesky now has more than 20 million users and shows no signs of slowing down.

108
108
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.