Tue.Oct 15, 2024

article thumbnail

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Schneier on Security

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand.

Marketing 273
article thumbnail

99% of UK Businesses Faced Cyber Attacks in the Last Year

Tech Republic Security

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid. And none of that has to do with who wins. According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.

Scams 142
article thumbnail

Generative AI in Security: Risks and Mitigation Strategies

Tech Republic Security

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 181
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

WordPress Jetpack plugin critical flaw impacts 27 million sites

Security Affairs

WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a popular plugin for WordPress that provides a suite of features to enhance website functionality, security, and performance.

Hacking 136
article thumbnail

SentinelOne CISO Identifies ‘Most Pressing Concern’ for Cyber Professionals

Tech Republic Security

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 158

More Trending

article thumbnail

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

article thumbnail

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.

Malware 141
article thumbnail

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

The Hacker News

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.

article thumbnail

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

WIRED Threat Level

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

The Hacker News

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S.

Hacking 144
article thumbnail

Safer with Google: Advancing Memory Safety

Google Security

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities 2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm.

article thumbnail

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

The Hacker News

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

Malware 142
article thumbnail

It Seemed Like an AI Crime-Fighting Super Tool. Then Defense Attorneys Started Asking Questions

WIRED Threat Level

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

The Hacker News

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery.

Software 141
article thumbnail

AI scammers target Gmail accounts, say they have your death certificate

Malwarebytes

Several reputable sources are warning about a very sophisticated Artificial Intelligence (AI) supported type of scam that is bound to trick a lot of people into compromising their Gmail account. The most recent warning comes from CEO of Y Combinator Garry Tan who posted on X , saying the scammers using AI voices tell you someone has issued a death certificate for you and is trying to recover your account.

article thumbnail

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

The Hacker News

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week.

Banking 139
article thumbnail

Bringing new theft protection features to Android users around the world

Google Security

Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.

Software 136
article thumbnail

GitHub addressed a critical vulnerability in Enterprise Server

Security Affairs

GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server to bypass SAML SSOand unauthorized user access.

article thumbnail

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

We Live Security

Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details via fake QR codes targeting electric car owners

130
130
article thumbnail

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

The Hacker News

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload.

Malware 127
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Automated vs manual penetration testing – which is best?

Security Boulevard

Today’s online world is a little like a virtual battlefield, rife with threats and vulnerabilities. So, having a strong cybersecurity posture for your business is crucial. Penetration testing – either automated or manual – is an essential tool to protect sensitive data and systems from hackers. These two methods aim to make defences stronger against… The post Automated vs manual penetration testing – which is best?

article thumbnail

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

Trend Micro

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

article thumbnail

New CMMC Standard Aims to Protect Data Handled by DoD Contractors

SecureWorld News

The Pentagon has officially released the final rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0, setting the stage for full implementation by mid-2025. This new standard will require U.S. Department of Defense (DoD) contractors to meet specific cybersecurity requirements to better protect sensitive data and defense information. Public inspection of the rule began last Friday, and formal publication is expected by today, October 15, according to the DoD.

Risk 111
article thumbnail

Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’

Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’ appeared first on Security Boulevard.

111
111
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

RED ALERT: CMMC Begins December 16th

Approachable Cyber Threats

Category CMMC, News Risk Level The long-awaited CMMC rule has finally been officially published and is accompanied by some beneficial changes from the original draft. We break them down for you so you and your organization can begin to prepare for the imminent enforcement. If you read our Race to CMMC Compliance breakdown or watched our recent Hive Live episode CMMC 101 , then you are already well-versed in the different levels and assessment requirements for the new Cybersecurity Maturity Model

Risk 104
article thumbnail

Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection

Security Boulevard

Read how AppOmni and Okta address the challenge of security teams correlating identity behavior with SaaS activity through the Shared Signals Framework (SSF). The post Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection appeared first on AppOmni. The post Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection appeared first on Security Boulevard.

108
108
article thumbnail

Your Roku TV is about to get a major smart home upgrade - for free

Zero Day

Roku's new integration features include a Camera Carousel, Smart Home Web View, and more notifications coming to your TV.

98
article thumbnail

CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access

Penetration Testing

The Kubernetes Security Response Committee has disclosed two security vulnerabilities (CVE-2024-9486 and CVE-2024-9594) in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).... The post CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.