Wed.Sep 04, 2024

article thumbnail

Security Researcher Sued for Disproving Government Statements

Schneier on Security

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Let’s hope the judge throws the case out, but—still—it will serve as a warning to others.

article thumbnail

Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US

Tech Republic Security

Read more about an attack campaign led by Iran-based cyberespionage threat actor Fox Kitten, and learn how to protect your company from this threat.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published

Penetration Testing

Security researcher Hyprdude has published detailed information and a proof-of-concept (PoC) exploit for a critical vulnerability identified as CVE-2024-20017. With a CVSS score of 9.8, this vulnerability poses a severe... The post CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published appeared first on Cybersecurity News.

article thumbnail

How to avoid election related scams

Malwarebytes

With the US election campaigns at full throttle, scammers have taken a renewed interest in the ways this can be used to defraud people , often using the same tactics legitimate campaigns leverage for support (emails, text messages, phone calls, and social media pleas). The lure that we have seen the most involves asking people to donate to a campaign.

Scams 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover

Penetration Testing

A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most severe vulnerability (CVE-2024-40711,... The post Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover appeared first on Cybersecurity News.

Backups 142
article thumbnail

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

The Hacker News

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.

142
142

More Trending

article thumbnail

CyberSecurity Expert Joseph Steinberg To Speak At Penn Club About CyberSecurity

Joseph Steinberg

CyberSecurity Expert Joseph Steinberg will deliver a talk at the Penn Club in New York City on October 29 th. The Penn Club provided the following description of Steinberg’s talk, appropriately titled A Spooky Drive Into CyberSecurity for the Halloween season, and which will be run as a joint event with the Columbia Club: Join us for Halloween fun. What does cybersecurity hold for you tricks or treats?

article thumbnail

Goffloader: In-Memory Execution, No Disk Required

Penetration Testing

The security company Praetorian has released GoffLoader, a tool designed to simplify the execution of BOF files and unmanaged Cobalt Strike PE files directly in memory, without writing any files... The post Goffloader: In-Memory Execution, No Disk Required appeared first on Cybersecurity News.

article thumbnail

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

The Hacker News

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.

Software 133
article thumbnail

Google fixed actively exploited Android flaw CVE-2024-32896

Security Affairs

Google addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), in its Android operating system that is under active exploitation in the wild. The vulnerability CVE-2024-32896 is a privilege escalation in the Android Framework component. “there is a possible way to bypass due to a logic error in the code.” reads the advisory publish

Firmware 131
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

North Korean Hackers Targets Job Seekers with Fake FreeConference App

The Hacker News

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.

133
133
article thumbnail

Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)

Penetration Testing

System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability (CVE-2024-45692) that... The post Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169) appeared first on Cybersecurity News.

article thumbnail

Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

Security Affairs

D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series. Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vulnerabilities in its discontinued DIR-846 router model. The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) are two OS command injection issues.

Firmware 130
article thumbnail

News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities

The Last Watchdog

Cary, NC, Sept. 4, 2024, CyberNewsWire — In a proactive response to the rapidly evolving landscape of cyber threats, INE Security , a global leader in cybersecurity and network training, today unveiled a crucial initiative aimed at fortifying corporate defenses against digital dangers. The newly launched guide, “5 Practical Steps to Reduce Cyber Threats,” offers actionable strategies for cybersecurity leaders to enhance their team’s preparedness and response capabilities.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

The Hacker News

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens.

article thumbnail

News alert: AI SPERA attains PCI DSS certification for its search engine solution ‘Criminal IP’

The Last Watchdog

Torrance, Calif., Sept. 4, 2024, CyberNewsWire — AI SPERA , a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP. This accomplishment builds on last year’s attainment of PCI DSS v3.2.1 (Payment Card Industry Data Security Standard) certification and marks a significant milestone in the company’s ongoing efforts to enhance security, further solidifying its leadership in the global market.

article thumbnail

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

The Hacker News

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.

Software 124
article thumbnail

White House Wants to Tighten Internet Routing Security

Security Boulevard

The White House is urging internet network providers to take steps outlined in its roadmap to better secure the Border Gateway Protocol, a set of rule that are not widely known but are crucial to routing traffic around the internet. The post White House Wants to Tighten Internet Routing Security appeared first on Security Boulevard.

Internet 118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The New Effective Way to Prevent Account Takeovers

The Hacker News

Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks.

article thumbnail

Bad Reasons to Update Your Linux Kernel

Security Boulevard

Linux kernel updates often include performance improvements and hardware compatibility. Regular kernel updates are crucial for patching vulnerabilities and protecting your system from cyberattacks. Live patching eliminates the need to reboot the system, avoiding service interruptions. Freshen up with something new and improved – if it’s as simple as applying a software update…. well, why […] The post Bad Reasons to Update Your Linux Kernel appeared first on TuxCare.

Software 113
article thumbnail

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

The Hacker News

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.

article thumbnail

News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities

Security Boulevard

Cary, NC, Sept. 4, 2024, CyberNewsWire — In a proactive response to the rapidly evolving landscape of cyber threats, INE Security , a global leader in cybersecurity and network training, today unveiled a crucial initiative aimed at fortifying corporate defenses … (more…) The post News alert: INE Security releases a strategies guide for cyber threat preparedness, response capabilities first appeared on The Last Watchdog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

News alert: Blackwired launches ‘ThirdWatch?’ — an advanced third-party risk management platform

The Last Watchdog

Singapore, Sept. 4, 2024, CyberNewsWire — Blackwired , the leading cyber observatory for disruptive cybersecurity technologies, has announced the launch of ThirdWatch?, a groundbreaking solution to identify direct threats facing an organization and its Third Parties. ThirdWatch? is a subject-directed monitoring platform that provides a comprehensive 360-degree view in 3D of existential threats that impact organizations and the associated cyber risks posed by their vendors, partners, suppli

Risk 100
article thumbnail

Your Roku TV is about to get a new premium feature - for free

Zero Day

Roku TVs are getting a feature called Backdrops that transforms your idle TV into a work of art.

98
article thumbnail

Top Cyber Attacker Techniques, May–July 2024

Digital Shadows

From May 1 to July 31, 2024, ReliaQuest analyzed customer incident data and cybercriminal forums to identify common MITRE ATT&CK TTPs and gather additional intelligence.

article thumbnail

Your Roku TV is about to get an artsy upgrade, thanks to a new premium feature

Zero Day

Roku TVs are getting a feature called Backdrops that transforms your idle TV into a work of art.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The key considerations for cyber insurance: A pragmatic approach

We Live Security

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover?

article thumbnail

Better than Ring? This video doorbell has similar features and none of the monthly fees

Zero Day

The Lorex 2K video doorbell is the brand's flagship security system. I tested it to see if it was worth the money.

98
article thumbnail

Leveraging Threat Intelligence in Cisco Secure Network Analytics

Cisco Security

Cisco Secure Network Analytics provides pervasive network visibility and security analytics for advanced protection across the extended network and cloud. The purpose of this blog is to review two methods of using threat intelligence in Secure Network Analytics. First, we will cover the threat intelligence feed, and then we will look at using your own […] Cisco Secure Network Analytics provides pervasive network visibility and security analytics for advanced protection across the extended

article thumbnail

That massive Pixel security flaw reported last month has been patched

Zero Day

Google's new update removes software intended only for cell phone store employees that could have been exploited by bad actors.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.