Fri.Oct 27, 2023

article thumbnail

Messaging Service Wiretap Discovered through Expired TLS Cert

Schneier on Security

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired. However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

article thumbnail

Weekly Update 371

Troy Hunt

So I wrapped up this week's live stream then promptly blew hours mucking around with Zigbee on Home Assistant. Is it worth it, as someone asked in the chat? Uh, yeah, kinda, mostly. But seriously, having a highly automated house is awesome and I suggest that most people watching these vids harbour the same basic instinct as I do to try and improve our lives through technology.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple Vulnerability Can Expose iOS and macOS Passwords, Safari Browsing History

Tech Republic Security

This Safari vulnerability has not been exploited in the wild. Apple offers a mitigation, but the fix needs to be enabled manually.

Passwords 209
article thumbnail

Lockbit ransomware gang claims to have stolen data from Boeing

Security Affairs

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022).

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

TunnelBear VPN Review 2023: Pricing, Ease of Use & Security

Tech Republic Security

Read our in-depth analysis of TunnelBear VPN, covering its pricing, ease of use, security features, and more. Find out if this is the right VPN for you.

VPN 146
article thumbnail

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, and research institutes and think tanks.

More Trending

article thumbnail

F5 urges to address a critical flaw in BIG-IP

Security Affairs

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an u

article thumbnail

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

The Hacker News

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security.

article thumbnail

Hello Alfred app exposes user data

Security Affairs

Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. Hello Alfred is a one-stop application allowing real estate developers and property managers to provide in-home services and maintenance to residents. It also enables landlords to collect rent in-app.

article thumbnail

Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic

Dark Reading

The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Collect Market Intelligence with Residential Proxies?

Security Affairs

How residential proxies using real IPs from diverse locations enable businesses to gather comprehensive and accurate data from the web Since the adoption of the first digital tools and connection to the internet, the competitive business environment has revolutionized and transformed the ways modern companies conduct business operations. With the help of Information Technologies (IT), data transmission, storage, communication, and other business-related operations have been greatly enhanced to s

Marketing 132
article thumbnail

How to Help Avoid Holiday Credit Card Fraud

Identity IQ

How to Help Avoid Holiday Credit Card Fraud IdentityIQ The holiday season is the perfect time of the year to buy presents for your friends and family, but it’s also a time when credit card fraud is at an all-time high. In fact, studies have shown roughly 25% of people fall victim to credit card fraud during the holidays. Because of how common credit card fraud is during the holiday season, it’s important to understand what holiday credit card fraud is, how it can happen, and how to

article thumbnail

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

The Hacker News

The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software.

Software 113
article thumbnail

NetSPI Wins Big with Breach and Attack Simulation

NetSpi Executives

And the winner is… BAS! Since the launch of our Breach and Attack Simulation (BAS) enhancements in 2022 , we’ve helped companies spanning all sizes and sectors improve their threat detection capabilities and move away from a ‘secure by default’ mindset that has rendered ineffective against the evolving and complex threat landscape. In fact, after implementing BAS, one NetSPI client saw a 500 percent detection coverage increase YoY!

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Keep Your Business Running in a Contested Environment

The Hacker News

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems.

article thumbnail

Security Awareness Training: What Does a Phishing Email Look Like?

CompTIA on Cybersecurity

Learn why phishing emails are a threat to organizations and how your can train your employees to spot one.

article thumbnail

Microsoft 365 users get workaround for ‘Something Went Wrong’ errors

Bleeping Computer

Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers. [.

111
111
article thumbnail

What Lurks in the Dark: Taking Aim at Shadow AI

Dark Reading

Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto

Bleeping Computer

The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27. [.

Hacking 110
article thumbnail

Update now! Apple patches a raft of vulnerabilities

Malwarebytes

Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later get iOS 17.1 or iPadOS 17.1. iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and

article thumbnail

Windows 11 KB5031455 preview update enables Moment 4 features by default

Bleeping Computer

Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues. [.

105
105
article thumbnail

Safari Side-Channel Attack Enables Browser Theft

Dark Reading

The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.

Passwords 103
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

Bleeping Computer

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. [.

103
103
article thumbnail

News alert: Massachusetts awards $2.3 million grant to strengthen cybersecurity ecosystem statewide

The Last Watchdog

Boston, Mass., Oct. 27, 2023 – Today, the Healey-Driscoll Administration announced a $2.3 million grant through the MassTech Collaborative’s MassCyberCenter to CyberTrust Massachusetts, a nonprofit dedicated to strengthening the cybersecurity ecosystem, to support cybersecurity resiliency for Massachusetts communities and help develop a talent pipeline at Masschusetts colleges and universities to encourage students to enter the field.

article thumbnail

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

Malwarebytes

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

article thumbnail

Heimdal® Announces New Partnership with ResenNet, displacing ResenNet’s long-standing RMM provider, N-able

Heimadal Security

[Copenhagen, Denmark – October 2023] – Heimdal, the pioneer and leading provider of unified cybersecurity solutions, is thrilled to announce its latest strategic partnership with renowned Danish managed service provider (MSP) ResenNet. This collaboration marks a significant milestone in the world of Reseller and MSP relationships. Most notably, ResenNet has made the pivotal decision to […] The post Heimdal® Announces New Partnership with ResenNet, displacing ResenNet’s long-standing

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

10 Tips for Security Awareness Training That Hits the Target

Dark Reading

Try these tricks for devising an education program that gets employees invested — and stays with them after the training is over.

article thumbnail

Lazarus hackers breached dev repeatedly to deploy SIGNBT malware

Bleeping Computer

The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [.

Malware 93
article thumbnail

Understand the True Cost of a UEM Before Making the Switch

Dark Reading

When investing in a unified endpoint management solution, prioritize the needs of your network and users ahead of brand names. This Tech Tip focuses on questions to ask.

91
article thumbnail

Gazing Into the Future of Cybersecurity

CompTIA on Cybersecurity

At EMEACon 2023, James Stanger, Gary Fildes and Richard de Vere explored the trends, challenges and opportunities that lie ahead in cybersecurity.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.