Schneier on Security

NOVEMBER 18, 2024

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo

Cybersecurity 250

Cybersecurity 250

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.

Data privacy 135

Data privacy Risk Surveillance Government 135

Malwarebytes

NOVEMBER 18, 2024

Accounting software QuickBooks , by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We’ve seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number.

Scams 144

Scams Antivirus Software Passwords 144

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. Recently, the FBI and CISA announced they are continuing to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of governme

Mobile 120

Mobile Telecommunications Data breaches Hacking 120

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

NOVEMBER 18, 2024

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets.

Mobile 143

Mobile 143

Security Affairs

NOVEMBER 18, 2024

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024.

Ransomware 132

Ransomware Insurance Encryption Healthcare 132

Trend Micro

NOVEMBER 18, 2024

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Malware 139

Malware 139

The Hacker News

NOVEMBER 18, 2024

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.

138

138

Malwarebytes

NOVEMBER 18, 2024

This week on the Lock and Code podcast… The month, a consumer rights group out of the UK posed a question to the public that they’d likely never considered: Were their air fryers spying on them? By analyzing the associated Android apps for three separate air fryer models from three different companies, a group of researchers learned that these kitchen devices didn’t just promise to make crispier mozzarella sticks, crunchier chicken wings, and flakier reheated pastries—they also wanted a lot of u

Surveillance 135

Surveillance Data collection Internet Internet 135

The Hacker News

NOVEMBER 18, 2024

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog.

Cybersecurity 131

Cybersecurity 131

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

NOVEMBER 18, 2024

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.

Risk 130

Risk Cybersecurity 130

The Hacker News

NOVEMBER 18, 2024

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.

Malware 128

Malware Antivirus Cybersecurity 128

Zero Day

NOVEMBER 18, 2024

Using PDFs, text files, or audio files, Google's NotebookLM tool can generate a podcast episode that sounds just like two real people discussing your topic. We'll walk you through exactly how it's done.

126

126

The Hacker News

NOVEMBER 18, 2024

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.

Penetration Testing 122

Penetration Testing Cyber Insurance Insurance 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

NOVEMBER 18, 2024

A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference... The post North Korean Hackers Target Job Seekers with Malware-Laced Video Apps appeared first on Cybersecurity News.

Malware 113

Malware Phishing Cybersecurity 113

SecureWorld News

NOVEMBER 18, 2024

A recent report from the U.S. Environmental Protection Agency (EPA) Office of Inspector General (OIG) has highlighted significant cybersecurity vulnerabilities in the nation's drinking water systems. The report, released on November 13, 2024, underscores the urgent need for increased security measures to protect critical infrastructure. The report examines drinking water systems with populations serving 50,000 people or more.

Cybersecurity 98

Cybersecurity Risk Penetration Testing Technology 98

Penetration Testing

NOVEMBER 18, 2024

A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations. This vulnerability, with a CVSS score... The post CVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 88

Cybersecurity 88

Zero Day

NOVEMBER 18, 2024

The OnePlus Pad 2 is a solid entertainment tablet with good hardware, a long-lasting battery, and most importantly: a brilliant display.

111

111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

NOVEMBER 18, 2024

Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.

Scams 110

Scams 110

Zero Day

NOVEMBER 18, 2024

Organizations keen to fund gen AI-powered software development for the anticipated benefits should also understand that this may come with adverse effects.

Risk 108

Risk Software 108

The Hacker News

NOVEMBER 18, 2024

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone.

106

106

Zero Day

NOVEMBER 18, 2024

Apple's latest iPad Mini 7, powered by the A17 Pro chip, is an incredibly capable tablet, but it missed one big opportunity.

108

108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

NOVEMBER 18, 2024

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits.

Cybersecurity 101

Cybersecurity Ransomware 101

Zero Day

NOVEMBER 18, 2024

With ChatGPT in your toolkit, coding can be faster and smoother. I share the best ways of using AI to overcome common coding challenges, so you can streamline your development projects.

108

108

ZoneAlarm

NOVEMBER 18, 2024

Cybersecurity researchers have exposed a global fraud network known as “SilkSpecter,” responsible for operating 4,700 fake shopping websites to steal credit card details. This sophisticated phishing campaign used professional designs and search engine manipulation to target unsuspecting shoppers worldwide. The SilkSpecter network orchestrated a massive operation involving thousands of fake e-commerce sites.

Phishing 88

Phishing Engineering Cybersecurity Data privacy 88

Zero Day

NOVEMBER 18, 2024

This is the tablet for the masses.

105

105

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

NOVEMBER 18, 2024

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone.

101

101

Zero Day

NOVEMBER 18, 2024

Out of the box, Google's Pro earbuds are already a great option for on-the-go sound. Want to improve the audio quality? The connection between your Pixel phone and earbuds makes that boost possible.

105

105

Security Boulevard

NOVEMBER 18, 2024

Protect your business with domain protection. Learn how it prevents cyberattacks, phishing, and data breaches while keeping your personal information secure. The post Guarding Your Brand: Why Domain Protection is Essential for Every Business Owner appeared first on Security Boulevard.

Data breaches 100

Data breaches Phishing Information Security 100

Zero Day

NOVEMBER 18, 2024

Generative AI brings productivity benefits, but IT professionals must be wary of wholesale adoption of these tools in their current incarnations.

Software 105

Software 105

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity