The Last Watchdog

JULY 25, 2024

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

Technology 317

Technology Ransomware Software Cyber Attacks 317

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars ­easily matching the most costly previous cyberattacks, such as NotPetya.

Marketing 306

Marketing Software Internet Internet 306

Security Affairs

JULY 25, 2024

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut

Engineering 143

Engineering Hacking Risk Information Security 143

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.

Architecture 284

Architecture Data privacy 284

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JULY 25, 2024

Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [.

Malware 137

Malware Firmware 137

Security Affairs

JULY 25, 2024

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.

Education 141

Education Malware Internet Internet 141

Security Affairs

JULY 25, 2024

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr.

Risk 140

Risk Financial Services Education Banking 140

Graham Cluley

JULY 25, 2024

The US Department of Homeland Security has unveiled a dog-like robot that it says has been adapted to jam the connectivity of smart home devices. Read more in my article on the Hot for Security blog.

Wireless 124

Wireless IoT 124

The Hacker News

JULY 25, 2024

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.

Ransomware 128

Ransomware Hacking 128

Penetration Testing

JULY 25, 2024

A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers. This flaw could allow unauthorized users to access sensitive data on cloud servers,... The post CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk appeared first on Cybersecurity News.

Risk 129

Risk Cybersecurity 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JULY 25, 2024

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S.

Scams 122

Scams Accountability 122

Duo's Security Blog

JULY 25, 2024

The challenge: Limited visibility Not all new software categories are created equal. Cisco Talos reported in February that three of the top five MITRE ATT@CK techniques used in 2023 were identity-based, so identity needed some focused security attention. Why? Access and identity sprawl is creating new security challenges for organizations of all sizes: More likely than not, your organization has hundreds of applications across different departments and roles.

Threat Detection 119

Threat Detection Risk Architecture Artificial Intelligence 119

The Hacker News

JULY 25, 2024

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign.

Phishing 119

Phishing Scams Cybersecurity 119

Graham Cluley

JULY 25, 2024

A cybercrime group has gained notoriety for attacking VMware ESXi servers since February 2024. Learn more about the SEXi / APT Inc ransomware in my article on the Tripwire State of Security blog.

Ransomware 111

Ransomware Cybercrime Malware 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JULY 25, 2024

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023.

Cryptocurrency 115

Cryptocurrency Internet Internet Cybersecurity 115

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes.

Software 123

Software Authentication Hacking Accountability 123

Penetration Testing

JULY 25, 2024

Starting with OneUI 6.1.1, Samsung has implemented a default setting that blocks users from sideloading APK files. This setting is now applied to Samsung’s latest Android devices, even if the REQUEST_INSTALL_PACKAGES permission has been... The post New Auto Blocker in Samsung OneUI 6.1.1: Blocking APK Sideloading for Enhanced Security appeared first on Cybersecurity News.

Cybersecurity 119

Cybersecurity Technology 119

The Hacker News

JULY 25, 2024

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction.

Accountability 111

Accountability Cybersecurity 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 25, 2024

Microsoft and Google were joined by LinkedIn, GitHub, and Trend Micro in a supporting an appeal of a lawsuit against spyware maker NSO Group that was tossed by a U.S. judge who said that, as a Salvadoran citizen, the plaintiff's case had no standing in a U.S. court. The post Google, Microsoft, Others Support U.S.-Based Spyware Lawsuits appeared first on Security Boulevard.

Spyware 104

Spyware Data privacy Mobile Malware 104

The Hacker News

JULY 25, 2024

While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment.

107

107

Bleeping Computer

JULY 25, 2024

Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. [.

Accountability 101

Accountability Scams 101

The Hacker News

JULY 25, 2024

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.

Risk 103

Risk Software 103

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

GlobalSign

JULY 25, 2024

While hybrid and multi-cloud environments are more convenient, they can complicate certificate management. Explore how automation may be the solution.

109

109

Bleeping Computer

JULY 25, 2024

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. [.

Government 105

Government 105

WIRED Threat Level

JULY 25, 2024

A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch.

Surveillance 109

Surveillance 109

The Hacker News

JULY 25, 2024

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed.

Cybersecurity 96

Cybersecurity 96

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JULY 25, 2024

Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. [.

Backups 92

Backups 92

Security Boulevard

JULY 25, 2024

The accountability for security failures or breaches typically falls on security teams or specific IT leaders rather than higher-level executives or the board. This accountability has long been the case; cyber risks were often siloed as technical issues rather than integrated into broader company business risk management frameworks. However, bucking this historical trend are recent moves from big companies like.

Accountability 83

Accountability Cybersecurity Cyber Risk Risk 83

Bleeping Computer

JULY 25, 2024

The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker. [.

Ransomware 83

Ransomware 83

Security Boulevard

JULY 25, 2024

Explore the strengths and weaknesses of Argon2, bcrypt, scrypt, and PBKDF2 in this comprehensive comparison of password hashing algorithms. Learn which algorithm suits your security needs, from cutting-edge Argon2 to the widely-used bcrypt, and understand the future of cryptographic protection. The post Comparative Analysis of Password Hashing Algorithms: Argon2, bcrypt, scrypt, and PBKDF2 appeared first on Security Boulevard.

Passwords 83

Passwords 83

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government