Tech Republic Security

OCTOBER 15, 2024

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 138

Risk Artificial Intelligence Software Cybersecurity 138

WIRED Threat Level

OCTOBER 15, 2024

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

Artificial Intelligence 127

Artificial Intelligence 127

Tech Republic Security

OCTOBER 15, 2024

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

Cyber Attacks 174

Cyber Attacks Data breaches Cybersecurity 174

The Hacker News

OCTOBER 15, 2024

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S.

Hacking 117

Hacking Engineering Government Technology 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

OCTOBER 15, 2024

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 144

CISO Software Cybersecurity 144

The Hacker News

OCTOBER 15, 2024

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

Malware 118

Malware 118

SecureList

OCTOBER 15, 2024

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.

Malware 105

Malware Architecture Encryption Phishing 105

The Hacker News

OCTOBER 15, 2024

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery.

Software 102

Software 102

Malwarebytes

OCTOBER 15, 2024

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid. And none of that has to do with who wins. According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.

Scams 100

Scams Identity Theft Cybercrime Accountability 100

The Hacker News

OCTOBER 15, 2024

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week.

Banking 104

Banking 104

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Security Boulevard

OCTOBER 15, 2024

Multiple security vulnerabilities were identified in PHP, a widely-used open source general purpose scripting language which could compromise the security and integrity of web applications. These vulnerabilities include incorrect parsing of multipart/form-data, improper handling of directives, and flawed logging mechanisms. Let’s dive into the details of the recent vulnerabilities.

100

100

Google Security

OCTOBER 15, 2024

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities 2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm.

Computers and Electronics 96

Computers and Electronics Software Risk Architecture 96

Penetration Testing

OCTOBER 15, 2024

The Kubernetes Security Response Committee has disclosed two security vulnerabilities (CVE-2024-9486 and CVE-2024-9594) in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).... The post CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access appeared first on Cybersecurity News.

Cybersecurity 95

Cybersecurity 95

Security Affairs

OCTOBER 15, 2024

WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a popular plugin for WordPress that provides a suite of features to enhance website functionality, security, and performance.

Hacking 102

Hacking 102

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

OCTOBER 15, 2024

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

Technology 94

Technology Artificial Intelligence 94

Security Boulevard

OCTOBER 15, 2024

Today’s online world is a little like a virtual battlefield, rife with threats and vulnerabilities. So, having a strong cybersecurity posture for your business is crucial. Penetration testing – either automated or manual – is an essential tool to protect sensitive data and systems from hackers. These two methods aim to make defences stronger against… The post Automated vs manual penetration testing – which is best?

Penetration Testing 94

Penetration Testing Cybersecurity 94

eSecurity Planet

OCTOBER 15, 2024

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

Cybersecurity 92

Cybersecurity Penetration Testing Cyber threats Firewall 92

Penetration Testing

OCTOBER 15, 2024

The Trend Micro Threat Hunting Team has uncovered EDRSilencer, a red team tool designed to disrupt endpoint detection and response (EDR) solutions. Originally intended to help security professionals identify and... The post EDRSilencer: The Red Team Tool Turned Cybercriminal Weapon appeared first on Cybersecurity News.

Cybersecurity 94

Cybersecurity 94

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

OCTOBER 15, 2024

Several reputable sources are warning about a very sophisticated Artificial Intelligence (AI) supported type of scam that is bound to trick a lot of people into compromising their Gmail account. The most recent warning comes from CEO of Y Combinator Garry Tan who posted on X , saying the scammers using AI voices tell you someone has issued a death certificate for you and is trying to recover your account.

Accountability 89

Accountability Scams Artificial Intelligence Phishing 89

The Hacker News

OCTOBER 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.

Software 91

Software Cybersecurity 91

Zero Day

OCTOBER 15, 2024

While the Apple TV and Roku devices elevate the smart TV experience, they use completely different platforms. Read on to find out how each device best suits different buyers.

90

90

SecureWorld News

OCTOBER 15, 2024

The Pentagon has officially released the final rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0, setting the stage for full implementation by mid-2025. This new standard will require U.S. Department of Defense (DoD) contractors to meet specific cybersecurity requirements to better protect sensitive data and defense information. Public inspection of the rule began last Friday, and formal publication is expected by today, October 15, according to the DoD.

Risk 87

Risk Cybersecurity Government Accountability 87

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Google Security

OCTOBER 15, 2024

Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off.

Authentication 81

Authentication Accountability Passwords Banking 81

Security Affairs

OCTOBER 15, 2024

North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions.

Malware 78

Malware Banking Hacking Accountability 78

Zero Day

OCTOBER 15, 2024

Roku's new integration features include a Camera Carousel, Smart Home Web View, and more notifications coming to your TV.

97

97

The Hacker News

OCTOBER 15, 2024

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload.

Malware 79

Malware Cybersecurity 79

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Zero Day

OCTOBER 15, 2024

With Android 15 dropping today, Google's phones are getting smarter, more secure, and a whole lot more useful in so many ways.

94

94

Penetration Testing

OCTOBER 15, 2024

In a report by Yehuda Gelb and Elad Rapoport from the Checkmarx Security Research Team, a new supply chain attack technique has been uncovered that could compromise the integrity of... The post “Command-Jacking”: New Supply Chain Attack Hijacks CLI Tools appeared first on Cybersecurity News.

Cybersecurity 80

Cybersecurity Penetration Testing 80

Trend Micro

OCTOBER 15, 2024

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Ransomware 76

Ransomware Accountability 76

Penetration Testing

OCTOBER 15, 2024

In a world where data privacy is a growing concern, end-to-end encryption (E2EE) cloud storage systems promise to keep your information secure, even from the very providers managing the storage. But... The post Broken Promises: E2EE Cloud Storage Vulnerabilities Exposed appeared first on Cybersecurity News.

Data privacy 77

Data privacy Encryption Information Security Cybersecurity 77

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk