Fri.May 10, 2024

article thumbnail

New Attack Against Self-Driving Car AI

Schneier on Security

This is another attack that convinces the AI to ignore road signs : Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture. The result is the camera capturing an image full of lines that don’t quite match each other.

article thumbnail

How Can Businesses Defend Themselves Against Common Cyberthreats?

Tech Republic Security

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

The Hacker News

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.

143
143
article thumbnail

Dell API abused to steal 49 million customer records in data breach

Bleeping Computer

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google fixes fifth actively exploited Chrome zero-day this year

Security Affairs

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the wild since the start of the year.

article thumbnail

Dell Data Breach Could Affect 49 Million Customers

Security Boulevard

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree. The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

More Trending

article thumbnail

For Whom the Dell Tolls: Data Breach Affects 49 Million Customers

SecureWorld News

Dell, one of the world's largest technology companies, has just disclosed a major data breach that may have compromised the personal information of tens of millions of current and former customers. According to an internal investigation by the computer giant, hackers managed to gain unauthorized access to Dell's databases sometime in 2022. The breach went undetected for several months before finally being discovered in early 2023.

article thumbnail

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

The Hacker News

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms.

Malware 122
article thumbnail

Boeing refused to pay $200 million LockBit ransomware demand

Graham Cluley

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang.

article thumbnail

Dell Hell: 49 Million Customers’ Information Leaked

Security Boulevard

DUDE! You’re Getting Phished. Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder. The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

Phishing 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Dell Data Breach Affects 49 Million Customers

Identity IQ

Dell Data Breach Affects 49 Million Customers IdentityIQ Dell Data Breach Affects 49 Million Customers Dell recently announced its investigation into a data breach exposing the personal information of more than 49 million customers. If you have purchased a Dell product in the past seven years, your information is likely exposed on the dark web. According to Bitdefender , Dell began emailing those affected on Wednesday, May 8, confirming that a portal containing the information had been breach

article thumbnail

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

The Hacker News

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team.

article thumbnail

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We Live Security

We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action

104
104
article thumbnail

Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM

Penetration Testing

SolarWinds, a leading provider of IT management software, has taken swift action to address critical vulnerabilities in its Access Rights Manager (ARM) solution, patching two major flaws that could expose sensitive data and grant... The post Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

RSAC 2024 Takeaways: AI, Next-Gen Tech, Closing the Skills Gap and More

CompTIA on Cybersecurity

Adapting to AI, training the next generation of security workers, and more: CompTIA checks in from the leading cybersecurity conference in San Francisco.

article thumbnail

Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox

Penetration Testing

Technical details have emerged about a significant security vulnerability, CVE-2024-21115, which has been discovered in Oracle VM VirtualBox, a widely used product under Oracle Virtualization. This flaw can lead to the complete takeover of... The post Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox appeared first on Penetration Testing.

article thumbnail

Ascension redirects ambulances after suspected ransomware attack

Bleeping Computer

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [.

article thumbnail

Tycoon 2FA: The Evolving Threat Bypassing Multi-Factor Authentication

Penetration Testing

The cybersecurity landscape faces a growing threat as Tycoon 2FA, a sophisticated phishing-as-a-service (PhaaS) platform, continues to evolve and evade detection. A new report from Proofpoint highlights how this malicious kit is increasingly targeting... The post Tycoon 2FA: The Evolving Threat Bypassing Multi-Factor Authentication appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Strengthening DDoS Protection with Threat Intelligence

SecureBlitz

Here, I will show you how to strengthen DDoS Protection with Threat Intelligence… When your adversaries get more creative, your defense has to get smarter. For businesses facing the threat of DDoS attacks, which means gaining greater insight into the weapons targeting your network and how best to act against them. There is no question […] The post Strengthening DDoS Protection with Threat Intelligence appeared first on SecureBlitz Cybersecurity.

DDOS 90
article thumbnail

CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

The Hacker News

Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses.

article thumbnail

The Week in Ransomware - May 10th 2024 - Chipping away at LockBit

Bleeping Computer

After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [.

article thumbnail

What's the Right EDR for You?

The Hacker News

A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Widely used Telit Cinterion modems open to SMS takeover attacks

Bleeping Computer

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.

article thumbnail

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

We Live Security

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024

article thumbnail

Widely used modems in industrial IoT devices open to SMS attack

Bleeping Computer

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.

article thumbnail

Cybersecurity Salary: How Much Can You Earn?

Security Boulevard

Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and. The post Cybersecurity Salary: How Much Can You Earn? appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Wichita Falls Victim to Ransomware Attack Claimed by LockBit

Heimadal Security

The City of Wichita, Kansas, fell victim to a ransomware attack, prompting the shutdown of its network to prevent further damage. The LockBit ransomware group has since claimed responsibility, adding the city to its list of targets on its Tor leak site and threatening to release stolen data. How is Wichita managing the ransomware incident? […] The post Wichita Falls Victim to Ransomware Attack Claimed by LockBit appeared first on Heimdal Security Blog.

article thumbnail

Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793)

Penetration Testing

Apple has released a crucial security update for its iTunes software on Windows, addressing a severe vulnerability that could allow remote attackers to execute malicious code on users’ computers. The flaw, tracked as CVE-2024-27793,... The post Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793) appeared first on Penetration Testing.

article thumbnail

Friday Five: Updated International Cyber Policy, Insights from DBIR and ONCD Reports, & More

Digital Guardian

As more insights continue to be unveiled from Verizon's DBIR report and a recently released report from the ONCD, governments and organizations are fighting to keep up with evolving threats. Get up to speed on these stories, the unmasking of LockBit's top admin, and more in this week's Friday Five.

article thumbnail

‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying

WIRED Threat Level

TunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.

VPN 95
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.