Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 254

Malware Social Engineering Engineering Hacking 254

Troy Hunt

SEPTEMBER 17, 2024

I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn't really the right word, as, frankly, it was nerve-racking. This, with my obvious bias as her father, makes it all the more remarkable that Elle was able to do it at NDC Oslo when she was just 11 years old.

Technology 251

Technology 251

Tech Republic Security

SEPTEMBER 17, 2024

Cyber attackers are using malicious emails to infiltrate critical national infrastructure, like utilities, transport, telecommunications, and now data centres.

Telecommunications 192

Telecommunications Cyber Attacks Data breaches Cybersecurity 192

WIRED Threat Level

SEPTEMBER 17, 2024

At least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.

Hacking 137

Hacking 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

SEPTEMBER 17, 2024

Australia's IT spending is set to surge 8.7% in 2025, driven by cybersecurity needs, AI investments, and hardware upgrades as Windows 10 ends.

Cybersecurity 163

Cybersecurity Digital transformation Artificial Intelligence 163

Security Boulevard

SEPTEMBER 17, 2024

A new wave of all-in-one SOC platforms is consolidating the market, bringing enterprise-grade security solutions within reach of SMBs. The post The New Era of SOCs: Simplifying Cybersecurity for SMBs appeared first on Security Boulevard.

Cybersecurity 127

Cybersecurity Marketing Security Awareness 127

Penetration Testing

SEPTEMBER 17, 2024

GitLab has issued an urgent security update addressing a critical vulnerability that affects both GitLab Community Edition (CE) and Enterprise Edition (EE). The flaw, identified as CVE-2024-45409, carries a CVSS... The post GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability appeared first on Cybersecurity News.

Cybersecurity 133

Cybersecurity Authentication 133

Tech Republic Security

SEPTEMBER 17, 2024

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

Password Management 161

Password Management Data breaches Passwords 161

Security Boulevard

SEPTEMBER 17, 2024

Fake data breaches may not involve any actual theft, but their reputational impact can be just as damaging as real breaches. The post All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them appeared first on Security Boulevard.

Data breaches 126

Data breaches Social Engineering Engineering Security Awareness 126

Tech Republic Security

SEPTEMBER 17, 2024

Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep.

Network Security 149

Network Security 149

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

SEPTEMBER 17, 2024

A full 80% of organizations within the critical infrastructure vertical experienced email-related security breaches in the past year, according to an OPSWAT survey. The post Email Security Breaches Rampant Among Critical Infrastructure Organizations appeared first on Security Boulevard.

Security Awareness 124

Security Awareness Phishing Cybersecurity 124

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. The U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA.” The man, who remails at large, used fake email accounts posing as US-based researchers and engineers to target government personnel to obtain software and source code created by the Natio

Phishing 133

Phishing Government Identity Theft Engineering 133

The Hacker News

SEPTEMBER 17, 2024

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.

122

122

Penetration Testing

SEPTEMBER 17, 2024

Security professionals are sounding the alarm about a novel cyberattack vector: the use of counterfeit CAPTCHA tests to distribute malware on Windows devices. Users are urged to exercise increased vigilance... The post Cybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning appeared first on Cybersecurity News.

Malware 127

Malware Cybersecurity 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

SEPTEMBER 17, 2024

GSOC modernization is a journey that starts with understanding your unique business needs This article was originally published in ASIS Security Management Magazine. In the past decade, global security operations centers (GSOCs) have been in their early adolescence. They were focused on baseline physical security functions such as monitoring alarm systems and video surveillance feeds.… The post How to Modernize Security Operations Centers appeared first on Ontic.

Surveillance 117

Surveillance 117

Malwarebytes

SEPTEMBER 17, 2024

On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements. One of the most promising new features is the new Passwords app. Built on the foundation of Apple’s password management system Keychain, Passwords makes it easier for users to access stored passwords and get an overview of their credentials.

Passwords 119

Passwords Password Management Artificial Intelligence Accountability 119

Security Boulevard

SEPTEMBER 17, 2024

In today’s cybersecurity landscape, protecting sensitive information is more critical than ever. The latest “Cyber Security in Focus report” by. The post Data Detection & Response (DDR): Not the Dance Revolution It Claims appeared first on Symmetry Systems. The post Data Detection & Response (DDR): Not the Dance Revolution It Claims appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity 117

Security Affairs

SEPTEMBER 17, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Internet 128

Internet Internet Encryption Authentication 128

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

SEPTEMBER 17, 2024

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.

Cryptocurrency 117

Cryptocurrency Malware 117

Security Affairs

SEPTEMBER 17, 2024

Remote attack on pagers used by Hezbollah in Lebanon and Syria caused their explosion; at least 8 nine people dead and more than 2,800 injured. At least nine eight individuals, including a child, were killed and over 2,800 were injured due to the explosion of their pagers across Lebanon. A Hezbollah official told Reuters that this incident is the “biggest security breach” in nearly a year of conflict with Israel.

Hacking 130

Hacking Risk Information Security 130

The Hacker News

SEPTEMBER 17, 2024

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said.

Risk 117

Risk 117

Security Boulevard

SEPTEMBER 17, 2024

As per recent reports, a threat actor group known as Head Mare has been linked with cyberattacks that focus on exploiting a WinRAR Vulnerability. These attacks mainly target organizations located in Russia and Belarus. In this article, we’ll focus on details about Head Mare and the WinRAR vulnerability itself. Let’s begin! Head Mare Origins And […] The post Alert: Head Mare Associated With WinRAR Vulnerability Attack appeared first on TuxCare.

Cyber Attacks 114

Cyber Attacks Phishing Ransomware Malware 114

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Affairs

SEPTEMBER 17, 2024

The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London. In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some healthcare procedures, in some cases, patients were redirected to other hospitals.

Ransomware 132

Ransomware Healthcare Hacking Data breaches 132

The Hacker News

SEPTEMBER 17, 2024

The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.

Encryption 115

Encryption Government 115

Graham Cluley

SEPTEMBER 17, 2024

A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information. Read more in my article on the Hot for Security blog.

Hacking 110

Hacking Data breaches 110

Pen Test Partners

SEPTEMBER 17, 2024

TL;DR Modern vessels are becoming increasingly connected. While it is unlikely that hackers could fully control a container ship remotely, they may be able to disrupt systems such as the Power Management System (PMS), leading to blackouts and associated loss of propulsion and steering. Although manual recovery is possible, it can be time-consuming and challenging, especially during manoeuvring.

Cyber threats 110

Cyber threats Engineering Computers and Electronics Risk 110

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

SEPTEMBER 17, 2024

Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months.

Artificial Intelligence 111

Artificial Intelligence Media Technology 111

Security Boulevard

SEPTEMBER 17, 2024

AppOmni today disclosed how sensitive data stored in knowledge bases hosted on the ServiceNow software-as-a-service (SaaS) application platform can be accessed because the proper controls have not been implemented. The post AppOmni Surfaces Configuration Flaw in ServiceNow SaaS Platform appeared first on Security Boulevard.

Software 108

Software Security Awareness Cybersecurity 108

The Hacker News

SEPTEMBER 17, 2024

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.

Spyware 105

Spyware Technology 105

Penetration Testing

SEPTEMBER 17, 2024

Red Hat OpenShift, the industry-leading hybrid cloud platform, known for its robust security features and trusted by over 3,000 customers, including a significant portion of the Global Fortune 500, is... The post Critical Flaws in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) & CVE-2024-7387 (CVSS 9.1) appeared first on Cybersecurity News.

Cybersecurity 107

Cybersecurity 107

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government