Mon.Oct 09, 2023

article thumbnail

Black Hat Fireside Chat: Why using ‘Clean Code’ is paramount in speedy software development

The Last Watchdog

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. Related: Setting IoT security standards At Black Hat 2023 , I had the chance to visit with Olivier Gaudin , founder and co-CEO, and Johannes Dahse , head of R&D, at SonarSource , a Geneva, Switzerland-based supplier of systems to achieve Clean Code.

Software 231
article thumbnail

Upgrade to Microsoft Windows 11 Home for Just $30 Through 10/15

Tech Republic Security

You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security.

156
156
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

article thumbnail

Private Internet Access VPN: A Comprehensive Review for 2023

Tech Republic Security

When it comes to privacy and security, PIA VPN is among the best. Discover its features, performance, pricing and more with this in-depth review.

VPN 153
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

The Hacker News

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. It impacts versions 2.2.1 and prior.

140
140
article thumbnail

23andMe user data stolen, offered for sale

Malwarebytes

Information belonging to as many as seven million 23andMe customers has been put up for sale on criminal forums following a credential stuffing attack against the genomics company. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that threat actors had "obtained information from certain accounts, including information about users’ DNA Relatives profiles.

Passwords 137

More Trending

article thumbnail

Your family, home and small business need a cyber-resilience strategy, too!

We Live Security

Your preparedness to deal with cyberattacks is key for lessening the impact of a successful incident – this also holds true for home and small business environments.

article thumbnail

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8) in Citrix NetScaler Gateways.

VPN 137
article thumbnail

Security Patch for Two New Flaws in Curl Library Arriving on October 11

The Hacker News

The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.

133
133
article thumbnail

Bare-metal Rust in Android

Google Security

Posted by Andrew Walbran, Android Rust Team Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (running under Linux), but these are not the only components typically written in memory-unsafe languages. Many security-critical components of an Android system run in a “bare-metal” environment, outside of the Linux kernel, and these are historically writ

Firmware 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Huge DNA PII Leak: 23andMe Must Share the Blame

Security Boulevard

DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure. The post Huge DNA PII Leak: 23andMe Must Share the Blame appeared first on Security Boulevard.

article thumbnail

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

The Hacker News

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme.

Retail 127
article thumbnail

FTC: Americans lost $2.7 Billion Since 2021 to Social Media Scams

Security Boulevard

Americans lost a whopping $2.7 billion in scams that reached them via social media, and the actual figure could be much higher, according to the Federal Trade Commission (FTC). Of those who reported losing money to fraud over the past two years, 25% said the problem started on social media, the agency wrote in a. The post FTC: Americans lost $2.7 Billion Since 2021 to Social Media Scams appeared first on Security Boulevard.

Media 124
article thumbnail

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

The Hacker News

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks.

Phishing 125
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist

WIRED Threat Level

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

article thumbnail

"I Had a Dream" and Generative AI Jailbreaks

The Hacker News

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes.

Malware 124
article thumbnail

Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet

Dark Reading

Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.

116
116
article thumbnail

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

The Hacker News

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits

Dark Reading

Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.

114
114
article thumbnail

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

The Hacker News

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.

IoT 114
article thumbnail

Cybersecurity Talent in America: Bridging the Gap

Dark Reading

It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.

article thumbnail

News alert: Georgia State receives a $10 million grant to research AI, robotics and edge computing

The Last Watchdog

Atlanta, GA, Oct. 9, 2023 — Jonathan Shihao Ji, a computer science professor at Georgia State University, has received a $10 million grant from the Department of Defense (DoD) to address critical problems in artificial intelligence (AI) and robotics with a focus on human-robot interaction, 3D virtual environment reconstruction, edge computing and trustworthy AI In recent years, AI has become more and more prevalent in our world, powering search engines, voice assistants and self-driving c

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

7 Best MXDR Services

Heimadal Security

On a market continuously faced with workforce shortage, with a gap of 3.4 million workers globally (ISC2), businesses need to adapt their cybersecurity strategy and consider external services that can provide an incident response team, such as Managed Extended Detection & Response (MXDR). What are MXDR services? MXDR services are comprehensive cybersecurity services that offer […] The post 7 Best MXDR Services appeared first on Heimdal Security Blog.

article thumbnail

The Need for Speed: When Cloud Attacks Take Only 10 Minutes

Dark Reading

Security sensors are common in the home for both prevention and response in the event something goes wrong. But in the cloud, have you taken the same approach?

98
article thumbnail

Connecting Cybersecurity Concerns With Upskilling

CompTIA on Cybersecurity

Skills gaps keep many organizations from taking advantage of new technologies – and improving their security posture. Learn now upskilling can address both issues.

article thumbnail

Operation Behind Predator Mobile Spyware Is 'Industrial Scale'

Dark Reading

The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others.

Mobile 91
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Weekly Vulnerability Recap – October 9, 2023 – Zero-Days Strike Android, Microsoft, Apple, Cisco & More

eSecurity Planet

A surge of critical vulnerabilities and zero-day exploits has made for a very busy week in IT security, affecting a range of tech giants like Atlassian, Cisco, Apple, Arm, Qualcomm and Microsoft. Among the issues in the last week, Android and Arm faced actively exploited vulnerabilities in GPU drivers. Microsoft released urgent patches for Edge, Teams, and Skype.

article thumbnail

Webinar: How vCISOs Can Navigating the Complex World of AI and LLM Security

The Hacker News

In today's rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries.

article thumbnail

Learning from Let’s Encrypt’s 10 years of success

InfoWorld on Security

Foundations have a hit-or-miss success rate in software, generally, and open source, specifically. I’m on the record with 908 words of eyeroll for the Open Enterprise Linux Association and OpenTofu , given the conspicuous absence of cloud vendor support. Yet I’ve also recommended projects like Kubernetes precisely because of their foundation-led community support.

article thumbnail

7 Ways to Make the Most of Cybersecurity Awareness Month

ZoneAlarm

October is a month often associated with the spookiness of Halloween, but for the tech-savvy, it also marks Cybersecurity Awareness Month. Founded in 2004 by the National Cyber Security Alliance, this month is designated to shed light on the growing importance of cybersecurity. In our increasingly interconnected world, the threat of cyberattacks looms larger than … The post 7 Ways to Make the Most of Cybersecurity Awareness Month appeared first on ZoneAlarm Security Blog.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.