Schneier on Security

NOVEMBER 12, 2024

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data.

Encryption 307

Encryption Accountability Cybersecurity 307

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine.

Authentication 238

Authentication Engineering Malware Passwords 238

Security Affairs

NOVEMBER 12, 2024

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

Internet 134

Internet Internet Hacking Data breaches 134

Malwarebytes

NOVEMBER 12, 2024

A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared. The BBC reports it tried several methods to reach the company but failed in this effort. London offices are closed, nobody answers the phone, and clients are no longer capable of accessing their online records. All the company’s social media accounts haven’t been updated since 2023 at the latest.

Insurance 145

Insurance Accountability Risk Data breaches 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. The new feature was introduced with the release of iOS 18.1 at the end of October.

Media 135

Media Wireless Mobile Encryption 135

Penetration Testing

NOVEMBER 12, 2024

Citrix has issued a security bulletin warning of two vulnerabilities affecting NetScaler ADC and NetScaler Gateway, products that provide application delivery and security services. The vulnerabilities, tracked as CVE-2024-8534 and... The post Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk appeared first on Cybersecurity News.

Risk 136

Risk Cybersecurity 136

The Hacker News

NOVEMBER 12, 2024

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.

Malware 138

Malware Hacking Cybersecurity 138

Penetration Testing

NOVEMBER 12, 2024

In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications, primarily... The post Researcher Finds Trojanized Apps with 2 Million Downloads on Google Play appeared first on Cybersecurity News.

Cybersecurity 138

Cybersecurity Malware 138

The Hacker News

NOVEMBER 12, 2024

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.

Phishing 137

Phishing Advertising Marketing Cybersecurity 137

WIRED Threat Level

NOVEMBER 12, 2024

Privacy advocates worry banning masks at protests will encourage harassment, while cops' high-tech tools render the rules unnecessary.

135

135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

NOVEMBER 12, 2024

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024.

137

137

Digital Shadows

NOVEMBER 12, 2024

We are excited to introduce our latest threat landscape report on the construction sector, providing the latest insights into the evolving cyber threats facing the industry. In this blog, we’ll give you a taste of the report’s key themes, including analysis of the most pressing threats, prevalent MITRE ATT&CK techniques, and dark web insights.

Ransomware 111

Ransomware Phishing Cyber threats Malware 111

The Hacker News

NOVEMBER 12, 2024

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

System Administration 134

System Administration Cybersecurity 134

Penetration Testing

NOVEMBER 12, 2024

Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers. These programmable automation controllers (PACs) are used widely in industrial settings to... The post Schneider Electric Warns of Multiple Vulnerabilities in Modicon Controllers appeared first on Cybersecurity News.

Cybersecurity 125

Cybersecurity 125

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features, executing tasks in memory using functions like malloc , memmove , and memcmp.

Ransomware 127

Ransomware Malware Encryption Hacking 127

The Hacker News

NOVEMBER 12, 2024

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes.

Threat Detection 117

Threat Detection Technology 117

Zero Day

NOVEMBER 12, 2024

Bitwarden offers secure, budget-friendly password management, while 1Password puts a premium on user experience. Here's how to decide between the two.

Password Management 116

Password Management Passwords 116

Security Boulevard

NOVEMBER 12, 2024

The road to cyber preparedness begins with studying organizations’ own vulnerabilities - and doing it often so that nothing escapes notice – rather than obsessing about the perils that live outside. The post Sealing Entry Points and Weak Links in the Environment – How Dell is Building an Iron Wall of Defense appeared first on Security Boulevard.

123

123

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

NOVEMBER 12, 2024

A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, identified as CVE-2024-44102... The post CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required appeared first on Cybersecurity News.

Software 126

Software Cybersecurity 126

Zero Day

NOVEMBER 12, 2024

NordPass is one of our favorite password managers to help you keep your information secure.

Password Management 111

Password Management Passwords Information Security 111

Penetration Testing

NOVEMBER 12, 2024

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE). The vulnerabilities,... The post CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks appeared first on Cybersecurity News.

Software 92

Software Cybersecurity 92

Zero Day

NOVEMBER 12, 2024

Bitwarden offers feature-rich antivirus at a competitive price, while Malwarebytes focuses on protection against malware. Here's how to decide between the two.

Antivirus 111

Antivirus Malware 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

NOVEMBER 12, 2024

Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citrix Virtual Apps and Desktops.... The post CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available appeared first on Cybersecurity News.

Cybersecurity 91

Cybersecurity 91

Zero Day

NOVEMBER 12, 2024

Bluesky is one of several social networks striving to offer an alternative to the site formerly known as Twitter. Here's how to join and use it.

110

110

Security Affairs

NOVEMBER 12, 2024

New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware , which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features, executing tasks in memory using functions like malloc , memmove , and memcmp.

Ransomware 101

Ransomware Malware Encryption Hacking 101

Zero Day

NOVEMBER 12, 2024

The AtomMan G7 Ti Mini PC is about the thickness of a textbook, but it's stacked with powerful hardware found in gaming laptops by Dell and HP.

107

107

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows appeared first on Security Boulevard.

Education 103

Education Cybersecurity 103

Zero Day

NOVEMBER 12, 2024

Bluesky is now home to more than 14.5 million users amid a growing decline in X's audience.

102

102

Graham Cluley

NOVEMBER 12, 2024

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. Read more in my article on the Tripwire State of Security blog.

Scams 100

Scams Government 100

Zero Day

NOVEMBER 12, 2024

Whenever your iPhone's battery health number ticks down, it's a one-way trip.

102

102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity