Schneier on Security

OCTOBER 7, 2024

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.

DDOS 194

DDOS 194

The Last Watchdog

OCTOBER 7, 2024

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP , a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA , has partnered with Hybrid Analysis , a platform that provides advanced malware analysis and threat intelligence, to enhance threat research. This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more effective threat mitigation s

Malware 130

Malware Engineering Cyber threats Phishing 130

Tech Republic Security

OCTOBER 7, 2024

These 15 cyber attacks or data breaches impacted large swaths of users across the United States and changed what was possible in cybersecurity.

Data breaches 176

Data breaches Cyber Attacks Cybersecurity Software 176

Security Boulevard

OCTOBER 7, 2024

Akamai Technologies has made available at no extra cost a connector that makes it simpler for cybersecurity teams to discover application programming interfaces (APIs) that organizations have exposed via its content delivery network (CDN). The post Akamai Embeds API Security Connector in CDN Platform appeared first on Security Boulevard.

Technology 128

Technology Cybersecurity 128

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

OCTOBER 7, 2024

Read more about the U.S. Department of Justice and Microsoft’s efforts to interrupt the activities of Russian-based threat actor Star Blizzard, and learn how to protect from this threat.

Government 143

Government Software 143

The Hacker News

OCTOBER 7, 2024

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024.

DDOS 133

DDOS Malware Cybersecurity 133

Security Affairs

OCTOBER 7, 2024

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.

Data breaches 132

Data breaches Telecommunications Accountability Ransomware 132

Security Boulevard

OCTOBER 7, 2024

The zero-trust model demands robust identity security, which needs continuous verification of individuals and systems. The post How to Prepare Identity Stack to Adopt the Zero-Trust Model appeared first on Security Boulevard.

Security Awareness 124

Security Awareness Cybersecurity 124

Tech Republic Security

OCTOBER 7, 2024

Australian cyber professionals are reporting more job stress, partly due to skills gaps and other growing industry challenges.

Cybersecurity 136

Cybersecurity Cyber Attacks 136

Security Boulevard

OCTOBER 7, 2024

The DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com last year. The post DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group appeared first on Security Boulevard.

Social Engineering 124

Social Engineering Cryptocurrency Engineering Cybersecurity 124

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

We Live Security

OCTOBER 7, 2024

ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal.

Government 141

Government 141

Graham Cluley

OCTOBER 7, 2024

When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase. Little did he know that the cleaning machine scuttling about his family's feet contained a security flaw that could let anyone see and hear their every move. Read more in my article on the Hot for Security blog.

121

121

Security Boulevard

OCTOBER 7, 2024

There is a growing disconnect between the increasing sophistication of cybersecurity threats and the preparedness of IT teams to combat them, according to an O’Reilly study of more than 1300 IT professionals. The post Critical Skills Gap in AI, Cloud Security appeared first on Security Boulevard.

Cybersecurity 118

Cybersecurity 118

The Hacker News

OCTOBER 7, 2024

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.

127

127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

OCTOBER 7, 2024

As the threat landscape continues to evolve, businesses must understand the specific cybersecurity risks they face and take proactive measures to protect themselves. One of the most significant challenges in cybersecurity is the increasing diversity of threats and the need to address risks specific to each industry. From data centers to healthcare, each sector has.

Cybersecurity 118

Cybersecurity Healthcare Risk Security Awareness 118

The Hacker News

OCTOBER 7, 2024

Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack.

Cyber Attacks 127

Cyber Attacks Media 127

Security Boulevard

OCTOBER 7, 2024

Understanding reachability is increasingly important for enterprises, as it can significantly influence their risk management strategies. The post Reachability and Risk: Prioritizing Protection in a Complex Security Landscape appeared first on Security Boulevard.

Risk 118

Risk Cybersecurity Network Security 118

Security Affairs

OCTOBER 7, 2024

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected unauthorized activity in one of our internal applications.

Data breaches 134

Data breaches Identity Theft Hacking Ransomware 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

OCTOBER 7, 2024

Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on your screen—for example, the battery level, who’s calling you, or what item your finger is on.

Passwords 117

Passwords Mobile Software Risk 117

Security Affairs

OCTOBER 7, 2024

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: ВГТРК) or Russian Television and Radio Broadcasting Company, also known as Russian Television and Radio,

Media 136

Media Cyber Attacks Backups Government 136

Tech Republic Security

OCTOBER 7, 2024

DNS and IP address management is getting harder as multi-cloud strategies take over in Australia and the APAC region.

DNS 131

DNS 131

Security Affairs

OCTOBER 7, 2024

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.

Big data 128

Big data Software Hacking Information Security 128

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

SecureList

OCTOBER 7, 2024

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).

Phishing 109

Phishing Government Malware Software 109

Penetration Testing

OCTOBER 7, 2024

A new study has revealed the extent to which smart TVs use Automatic Content Recognition (ACR) technology to track users’ viewing habits. The research, conducted by a team of scientists... The post Your Smart TV is Watching You: New Research Reveals the Extent of ACR Tracking appeared first on Cybersecurity News.

Technology 110

Technology Cybersecurity 110

The Hacker News

OCTOBER 7, 2024

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.

Accountability 111

Accountability 111

Zero Day

OCTOBER 7, 2024

The Apple Pencil Pro may seem like an expensive add-on after purchasing the latest iPad Pro or iPad Air, but fortunately, its price has dropped to $98 at three major retailers for October Prime Day.

Retail 98

Retail 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

OCTOBER 7, 2024

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.

Software 108

Software 108

Approachable Cyber Threats

OCTOBER 7, 2024

Category Awareness, Compliance, Cybersecurity Fundamentals, FedRAMP, CMMC Risk Level NIST recently updated its decades-old password security guidance after years of scrutiny, skepticism, and flat-out ineffectiveness finally forced the agency to address practical security considerations and realistic threats while abandoning what many considered to be ineffective security theater.

Passwords 98

Passwords Password Management Authentication Risk 98

The Hacker News

OCTOBER 7, 2024

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.

108

108

Zero Day

OCTOBER 7, 2024

Forget Windows laptops, MacBooks, and iPads. If you want a fast, reliable, and secure laptop for cheap, get a Chromebook. It'll be one of the best tech decisions you'll make.

98

98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government