Tech Republic Security

OCTOBER 2, 2024

Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.

Passwords 182

Passwords 182

Penetration Testing

OCTOBER 2, 2024

A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.

Risk 145

Risk Cybersecurity 145

Tech Republic Security

OCTOBER 2, 2024

Obsidian Security expands in APAC to address increasing SaaS threats, focusing on enterprise risks, security gaps, and the shared responsibility model.

Risk 164

Risk 164

We Live Security

OCTOBER 2, 2024

ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia

144

144

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

OCTOBER 2, 2024

Google Cloud’s virtual machines can now get in-house attestation for VMs that offer AMD encrypted virtualization. Plus, Google VMs now offer more hardware options.

Encryption 164

Encryption Software 164

The Hacker News

OCTOBER 2, 2024

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.

Manufacturing 141

Manufacturing Hacking 141

The Hacker News

OCTOBER 2, 2024

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor.

Cybersecurity 136

Cybersecurity 136

Elie

OCTOBER 2, 2024

This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.

Cybersecurity 133

Cybersecurity 133

The Hacker News

OCTOBER 2, 2024

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB.

Cryptocurrency 135

Cryptocurrency Phishing 135

SecureList

OCTOBER 2, 2024

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks before they cause significant damage.

Threat Detection 130

Threat Detection Artificial Intelligence Cybersecurity Technology 130

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

OCTOBER 2, 2024

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.

Hacking 135

Hacking Ransomware 135

The Last Watchdog

OCTOBER 2, 2024

Silver Spring, MD, Oct. 2, 2024, CyberNewswire — Aembit , the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment to address pressing gaps in non-human identity security. Duarte’s journey in cybersecurity began with a passion for penetration testing, sparked by the 1980s cult classic film WarGames.

CISO 130

CISO Penetration Testing Retail Accountability 130

The Hacker News

OCTOBER 2, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.

Cybersecurity 134

Cybersecurity 134

Security Affairs

OCTOBER 2, 2024

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware was first identified in 2022, and since then it has been upgraded with advanced features, the latest version 0.7.0 introduces AI-driven capabilities for extracting cryptocurrency seed phrases from i

Artificial Intelligence 123

Artificial Intelligence Cryptocurrency Malware Hacking 123

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

OCTOBER 2, 2024

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures.

Malware 134

Malware Phishing 134

Security Affairs

OCTOBER 2, 2024

An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities announced a new operation against the LockBit ransomware gang. The police arrested an alleged LockBit developer at France’s request while vacationing outside Russia and two individuals in the UK for supporting a LockBit affiliate.

Ransomware 123

Ransomware Cybercrime Banking Hacking 123

The Hacker News

OCTOBER 2, 2024

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution.

Hacking 128

Hacking Cybersecurity 128

Security Boulevard

OCTOBER 2, 2024

Cybersecurity professionals are facing increasing levels of stress, with 66% reporting that their roles have become more demanding over the past five years, according to a report from ISACA. The post Cybersecurity Professionals Operate Under Increased Stress Levels appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity CISO 122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 2, 2024

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1.

Malware 124

Malware 124

Security Affairs

OCTOBER 2, 2024

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on vulnerable instances.

Hacking 122

Hacking Cybersecurity Risk Information Security 122

Security Boulevard

OCTOBER 2, 2024

US security agencies and international counterparts list six principles critical infrastructure organizations should hold onto to ensure their OT environments are protected against the rising tide of cyberthreats coming their way. The post US and Other Countries Outline Principles for Securing OT appeared first on Security Boulevard.

Security Awareness 119

Security Awareness Cybersecurity Network Security 119

Security Affairs

OCTOBER 2, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 121

Authentication Hacking Cybersecurity Risk 121

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

SecureWorld News

OCTOBER 2, 2024

Th e 8th biennial Deloitte-NASCIO Cybersecurity Study reveals a rapidly evolving cybersecurity landscape, with artificial intelligence (AI) and generative AI (GenAI) introducing new challenges. Conducted in spring 2024, the study captures insights from Chief Information Security Officers of all 50 U.S. states and the District of Columbia, marking a period where the impact of COVID-19 has subsided yet new threats have surfaced.

Cyber threats 116

Cyber threats CISO Digital transformation Artificial Intelligence 116

Security Boulevard

OCTOBER 2, 2024

Despite slower hiring trends and tighter budgets, chief information security officer (CISO) compensation continues to rise, with the average U.S.-based CISO earning $565K, and top earners exceeding $1 million. The post Average CISO Compensation Tops $500K appeared first on Security Boulevard.

CISO 113

CISO Information Security Cybersecurity 113

Trend Micro

OCTOBER 2, 2024

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

Cyber threats 110

Cyber threats 110

Cisco Security

OCTOBER 2, 2024

With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage. With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage.

Cybersecurity 104

Cybersecurity 104

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

OCTOBER 2, 2024

Cisco has issued a security advisory addressing a critical vulnerability (CVE-2024-20432) in its Nexus Dashboard Fabric Controller (NDFC). This flaw, which carries a severity rating of 9.9 out of 10... The post CVE-2024-20432 (CVSS 9.9): Cisco Nexus Dashboard Fabric Controller Exposed to RCE appeared first on Cybersecurity News.

Cybersecurity 103

Cybersecurity 103

Zero Day

OCTOBER 2, 2024

The home security company introduces several more cool features to its Ring Protect Plan - now rebranded to Ring Home.

98

98

Heimadal Security

OCTOBER 2, 2024

Admin rights are one of the most important and fundamental aspects of cybersecurity. Without elevated permissions, hackers will have a hard time stealing your data or disrupting your services. For that reason, they’re often trying to gain access to an administrator account to successfully carry off whatever attack they’re planning. That’s where privileged access management […] The post Admin Rights in Action: How Hackers Target Privileged Accounts appeared first on Heimdal Security Blog.

Accountability 97

Accountability Cybersecurity 97

Zero Day

OCTOBER 2, 2024

Raspberry Pi's new AI camera is specifically designed from the ground up for AI applications.

98

98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity