Schneier on Security

NOVEMBER 12, 2024

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data.

Encryption 272

Encryption Accountability Cybersecurity 272

Joseph Steinberg

NOVEMBER 12, 2024

When, back in 2012, I first wrote in Forbes about smartphone taxi and e-hail apps , I warned that while leveraging technology to improve transportation certainly promised to deliver great convenience, the evolving rideshare model also brought with it significant potential dangers. Today, nearly 12 years later, platforms like Uber and Lyft have become mainstays of modern transportation in many cities – ubiquity and popularity, however, do not always translate into safety and security.

Artificial Intelligence 161

Artificial Intelligence Accountability Government Risk 161

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine.

Authentication 158

Authentication Engineering Malware Passwords 158

The Last Watchdog

NOVEMBER 12, 2024

The compliance variable has come into play in an impactful way. Related: Technology and justice systems The U.S. Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. SEC investigators gathered evidence that Unisys Corp., Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches link

CISO 133

CISO CSO Risk Cyber threats 133

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

NOVEMBER 12, 2024

A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared. The BBC reports it tried several methods to reach the company but failed in this effort. London offices are closed, nobody answers the phone, and clients are no longer capable of accessing their online records. All the company’s social media accounts haven’t been updated since 2023 at the latest.

Insurance 145

Insurance Accountability Risk Data breaches 145

The Hacker News

NOVEMBER 12, 2024

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024.

121

121

The Hacker News

NOVEMBER 12, 2024

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

System Administration 117

System Administration Cybersecurity 117

Security Affairs

NOVEMBER 12, 2024

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

Internet 118

Internet Internet Hacking Data breaches 118

The Hacker News

NOVEMBER 12, 2024

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.

Phishing 109

Phishing Advertising Marketing Cybersecurity 109

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. The new feature was introduced with the release of iOS 18.1 at the end of October.

Media 117

Media Wireless Mobile Encryption 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

NOVEMBER 12, 2024

The road to cyber preparedness begins with studying organizations’ own vulnerabilities - and doing it often so that nothing escapes notice – rather than obsessing about the perils that live outside. The post Sealing Entry Points and Weak Links in the Environment – How Dell is Building an Iron Wall of Defense appeared first on Security Boulevard.

104

104

The Hacker News

NOVEMBER 12, 2024

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.

Malware 99

Malware Hacking Cybersecurity 99

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows appeared first on Security Boulevard.

Education 103

Education Cybersecurity 103

Zero Day

NOVEMBER 12, 2024

Bitwarden offers secure, budget-friendly password management, while 1Password puts a premium on user experience. Here's how to decide between the two.

Password Management 105

Password Management Passwords 105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

NOVEMBER 12, 2024

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE). The vulnerabilities,... The post CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks appeared first on Cybersecurity News.

Software 91

Software Cybersecurity 91

Zero Day

NOVEMBER 12, 2024

Bitwarden offers feature-rich antivirus at a competitive price, while Malwarebytes focuses on protection against malware. Here's how to decide between the two.

Antivirus 98

Antivirus Malware 98

Penetration Testing

NOVEMBER 12, 2024

In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications, primarily... The post Researcher Finds Trojanized Apps with 2 Million Downloads on Google Play appeared first on Cybersecurity News.

Cybersecurity 90

Cybersecurity Malware 90

Zero Day

NOVEMBER 12, 2024

Bluesky is one of several social networks striving to offer an alternative to the site formerly known as Twitter. Here's how to join and use it.

138

138

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

NOVEMBER 12, 2024

Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citrix Virtual Apps and Desktops.... The post CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available appeared first on Cybersecurity News.

Cybersecurity 90

Cybersecurity 90

SecureWorld News

NOVEMBER 12, 2024

A new joint Cybersecurity Advisory, co-authored by leading cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom, details the vulnerabilities malicious actors routinely exploited in 2023. This advisory highlights specific vulnerabilities and offers guidance to mitigate risks for software developers and end-user organizations.

Software 87

Software Cyber threats Passwords Risk 87

Penetration Testing

NOVEMBER 12, 2024

A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, identified as CVE-2024-44102... The post CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required appeared first on Cybersecurity News.

Software 85

Software Cybersecurity 85

WIRED Threat Level

NOVEMBER 12, 2024

Privacy advocates worry banning masks at protests will encourage harassment, while cops' high-tech tools render the rules unnecessary.

94

94

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

NOVEMBER 12, 2024

Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client products.... The post Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities appeared first on Cybersecurity News.

Cybersecurity 84

Cybersecurity 84

Security Boulevard

NOVEMBER 12, 2024

National insurance firm Crum and Forster is offering a professional liability program for CISOs who are facing growing regulatory pressures and sophisticate cyberattacks but often are not covered by their organizations' D&O policies. The post Insurance Firm Introduces Liability Coverage for CISOs appeared first on Security Boulevard.

Insurance 80

Insurance CISO Risk Government 80

Penetration Testing

NOVEMBER 12, 2024

Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers. These programmable automation controllers (PACs) are used widely in industrial settings to... The post Schneider Electric Warns of Multiple Vulnerabilities in Modicon Controllers appeared first on Cybersecurity News.

Cybersecurity 83

Cybersecurity 83

Security Affairs

NOVEMBER 12, 2024

A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food, Hannaford, their pharmacies, and e-commerce services. A cyber attack hit the food giant Ahold Delhaize impacting US pharmacies and supermarket chains owned by the company. As of Tuesday, Hannaford’s e-commerce portal is down due to server issues, while websites for Food Lion, Giant Food, The Giant Company, and Stop & Shop remain accessible, displaying an incident notice from the US branch of the company.

eCommerce 78

eCommerce Cyber Attacks Retail Hacking 78

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Zero Day

NOVEMBER 12, 2024

Microsoft tightened its already strict hardware compatibility requirements for Windows 11 upgrades again. The updated Rufus utility can bypass those restrictions for most PCs, but it's the end of the line for an unlucky few.

107

107

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features, executing tasks in memory using functions like malloc , memmove , and memcmp.

Ransomware 76

Ransomware Malware Encryption Hacking 76

Penetration Testing

NOVEMBER 12, 2024

Zoom Video Communications has issued a security bulletin addressing multiple vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients across various platforms. These flaws could allow attackers to escalate privileges,... The post Zoom Issues Security Update Addressing Vulnerabilities in Workplace and SDK Apps appeared first on Cybersecurity News.

Cybersecurity 75

Cybersecurity 75

Graham Cluley

NOVEMBER 12, 2024

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. Read more in my article on the Tripwire State of Security blog.

Scams 75

Scams Government 75

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government