Tue.Nov 26, 2024

article thumbnail

What Graykey Can and Can’t Unlock

Schneier on Security

This is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media.

Media 208
article thumbnail

macOS Vulnerability (CVE-2023-32428) Grants Root Access, PoC Published

Penetration Testing

Security researcher Gergely Kalman has detailed a high-severity vulnerability in Apple’s MallocStackLogging framework that could allow attackers to gain local privilege escalation (LPE) on macOS systems. The flaw, designated CVE-2023-32428... The post macOS Vulnerability (CVE-2023-32428) Grants Root Access, PoC Published appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

The Hacker News

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.

139
139
article thumbnail

Australia Passes Groundbreaking Cyber Security Law to Boost Resilience

Tech Republic Security

Australia's landmark Cyber Security Act has been passed, setting new standards for incident reporting, ransomware payments, and critical infrastructure protection.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Supply Chain Ransomware Attack Hits Starbucks, UK Grocers

Security Boulevard

Coffee store giant Starbucks was among other organizations affected by a ransomware attack this month on cloud managed service provider Blue Yonder, a Panasonic subsidiary that has more than 3,000 customers. Two UK grocery chains also were impacted. The post Supply Chain Ransomware Attack Hits Starbucks, UK Grocers appeared first on Security Boulevard.

article thumbnail

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

The Hacker News

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0.

Firewall 106

More Trending

article thumbnail

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.

VPN 105
article thumbnail

Video: Cybersecurity Tips for Small Businesses

eSecurity Planet

Are you doing enough to protect your small business from hackers? In this video, our expert explores common cyber threats and shares actionable cybersecurity tips to safeguard your small business, from securing your network to keeping your software up to date. Read more: Complete Guide to Cybersecurity for Small Businesses The post Video: Cybersecurity Tips for Small Businesses appeared first on eSecurity Planet.

article thumbnail

5 things successful managers do to earn respect and build trust

Zero Day

You can't manage your staff well if you're not respected, and the path to respect is paved with humble stones. Five business leaders explain how to lead with humility.

105
105
article thumbnail

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

The Hacker News

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.

Hacking 100
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

I tested 9 AI content detectors - and these 2 correctly identified AI text every time

Zero Day

Two of the seven AI detectors I tested correctly identified AI-generated content 100% of the time. This is up from zero during my early rounds, but down from my last round of tests.

134
134
article thumbnail

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

The Hacker News

An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.

article thumbnail

Emergency Vehicle Lights Can Screw Up a Car's Automated Driving System

WIRED Threat Level

Newly published research finds that the flashing lights on police cruisers and ambulances can cause “digital epileptic seizures” in image-based automated driving systems, potentially risking wrecks.

Risk 94
article thumbnail

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

The Hacker News

A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.

IoT 90
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The $30 Blink Video Doorbell is one of the best smart home Black Friday deals

Zero Day

When can you buy a video doorbell for the price of a trip to a fast-food restaurant? The Blink Video Doorbell is 50% off at Amazon through Black Friday.

98
article thumbnail

The source code of Banshee Stealer leaked online

Security Affairs

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. BANSHEE Stealer supports basic evasion techniques, relies on the sysctl API to detect debugging and checks for virtualization by running a command to see if “Virtual” appears in the hardware model identifier

Malware 83
article thumbnail

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

The Hacker News

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel?

82
article thumbnail

Tech winners and losers of 2024: The year in true innovation and cringey product flops

Zero Day

AI flourished, Arm chips dominated, and open source thrived. Meanwhile, Elon Musk gets credit for two of the biggest losers, and Apple makes it onto both the naughty and nice lists.

111
111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction

Penetration Testing

In a recent cybersecurity report, ESET researchers have unveiled a coordinated attack by the Russia-aligned threat actor RomCom, exploiting zero-day vulnerabilities in both Mozilla Firefox and Microsoft Windows. These vulnerabilities—previously... The post RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction appeared first on Cybersecurity News.

article thumbnail

Human-AI Teaming in the Age of Collaborative Intelligence

SecureWorld News

This article explores the evolving landscape of human-AI teaming, focusing on its transformative impact, adaptive intelligence in mixed-reality environments, collective intelligence, transparency challenges, and the transition toward collaboration. Introduction to human-AI teaming (understanding the shift, key concepts, and examples of collaborative intelligence) Expanding the definition of collaboration (moving beyond traditional AI roles, emphasizing real-time adaptability and dynamic role cha

article thumbnail

The Windows laptop I recommend to most people undercuts the MacBook Air (and it's $400 off)

Zero Day

Microsoft's flagship Copilot+ PC, the Surface Laptop, is a well-rounded device with a marathon battery and solid hardware. Ahead of Black Friday, Amazon offers discounts for both sizes.

81
article thumbnail

CVE-2024-41779 (CVSS 9.8): IBM Rhapsody Model Manager Vulnerability Puts Systems at Risk

Penetration Testing

IBM has recently released a security bulletin addressing a critical vulnerability in IBM Engineering Systems Design Rhapsody – Model Manager (RMM). The vulnerability, identified as CVE-2024-41779 with a CVSS score... The post CVE-2024-41779 (CVSS 9.8): IBM Rhapsody Model Manager Vulnerability Puts Systems at Risk appeared first on Cybersecurity News.

Risk 69
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Level up your PS5 with this PlayStation VR2 bundle for $250 off before Black Friday

Zero Day

The PS VR2 headset allows players to experience games in a new way. This bundle includes Horizon Call of the Mountain for just $350 on Amazon ahead of Cyber Week.

85
article thumbnail

Intel Secures Nearly $8 Billion in CHIPS Act Funding to Boost US Semiconductor Production

Penetration Testing

Intel Corporation has been awarded 7.86 billion in funding under the U.S. CHIPS and Science Act, a major step towards bolstering domestic semiconductor manufacturing and reducing reliance on overseas production.... The post Intel Secures Nearly $8 Billion in CHIPS Act Funding to Boost US Semiconductor Production appeared first on Cybersecurity News.

article thumbnail

Most companies will increase IT spending in 2025. But there's a twist in the tale

Zero Day

Nearly two-thirds of companies plan to boost their IT budgets next year. Yet cost-saving measures are also on the agenda.

98
article thumbnail

Keycloak Patches Multiple Vulnerabilities in Latest Update

Penetration Testing

Open-source identity and access management platform Keycloak has released important security updates to address multiple vulnerabilities, including risks of denial-of-service attacks, information disclosure, and authentication bypass. The vulnerabilities, ranging in... The post Keycloak Patches Multiple Vulnerabilities in Latest Update appeared first on Cybersecurity News.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

The best smart bird feeders of 2024

Zero Day

Offering insight into which birds are visiting your feeder, these top smart bird feeders combine AI features, high-quality cameras, and more. Plus, they make a great gift for the holidays.

79
article thumbnail

CVE-2024-0130: NVIDIA Patches High-Severity Vulnerability in UFM Products

Penetration Testing

NVIDIA has recently released a firmware update to address a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. The vulnerability, identified as CVE-2024-0130, could allow an... The post CVE-2024-0130: NVIDIA Patches High-Severity Vulnerability in UFM Products appeared first on Cybersecurity News.

article thumbnail

The most durable power station I've tested dares Mother Nature to do her worst - and it's on sale

Zero Day

While many portable power stations claim to be designed for outdoor use, the Bluetti AC60P actually comes prepared for the worst conditions. Get one on sale now for Black Friday.

75
article thumbnail

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion, the risk of a data breach extends beyond immediate financial losses.

Retail 62
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.