Tue.Sep 10, 2024

article thumbnail

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

The Last Watchdog

Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.

article thumbnail

New Chrome Zero-Day

Schneier on Security

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bug Left Some Windows PCs Dangerously Unpatched

Krebs on Security

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

article thumbnail

Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security

Tech Republic Security

Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024.

Software 164
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Kali Linux 2024.3 Release (Multiple transitions)

Kali Linux

With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.

Firmware 143
article thumbnail

Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities

Tech Republic Security

A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmond’s monthly patch batch.

Software 160

More Trending

article thumbnail

CosmicBeetle steps up: Probation period at RansomHub

We Live Security

ESET researchers examine the recent activities of the CosmicBeetle threat actor, documentingt its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.

article thumbnail

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

The Hacker News

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity.

143
143
article thumbnail

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Security Affairs

Poland ‘s security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber operation orchestrated by Russia and Belarus, aimed at destabilizing the country, according to Deputy Prime Minister and Minister for digital affairs Krzysztof Gawkowski. “The Belarusian and Russian foreign services… had a specific goal – to extort information, to blackmail individual

article thumbnail

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

The Hacker News

A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Payment provider data breach exposes credit card information of 1.7 million customers

Malwarebytes

Payment provider Slim CD has disclosed a security incident that may have exposed the full credit card information of anyone paying at a merchant that uses Slim CD’s services. The Florida-based gateway system, which allows merchants to take any kind of electronic payment, said on June 15 it noticed “suspicious activity” within its environment.

article thumbnail

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

The Hacker News

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

Software 135
article thumbnail

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 132
article thumbnail

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

The Hacker News

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Quad7 botnet evolves to more stealthy tactics to evade detection

Security Affairs

The Quad7 botnet evolves and targets new SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

Wireless 130
article thumbnail

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

The Hacker News

The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN.

Malware 131
article thumbnail

News alert: INE Security launches initiative to help SMBs foster a proactive cybersecurity culture

The Last Watchdog

Cary, NC, Sept. 10, 2024, CyberNewsWire — As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to the recent Hiscox annual cyber readiness report , 41% of SMBs in the US fell victim to a cyberattack in 2023, a figure that has nearly doubled since 2021. INE Security , a global leader in cybersecurity training and certifications, recognizes this as a critical issue and is leading an initiative for change by working with SMBs to bridge the

article thumbnail

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

The Hacker News

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Your partner “is cheating on you” scam asks you to pay to see proof

Malwarebytes

As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails. Last week we reported how cybercriminals are using photographs of targets’ homes in order to scare them into paying money. Now they’re throwing in the name of targets’ partners, telling the receiver that their partner is cheating on them.

Scams 125
article thumbnail

AI-Powered Deepfake Scams Wreak Havoc on Businesses

Security Boulevard

More than half (53%) of businesses in the U.S. and UK have been targeted by financial scams using deepfake technology, with 43% of those companies falling victim, according to a Medius survey of 1,533 finance professionals. The post AI-Powered Deepfake Scams Wreak Havoc on Businesses appeared first on Security Boulevard.

Scams 124
article thumbnail

The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security

eSecurity Planet

Air-gapped systems have long been the go-to solution for sensitive operations, especially in sectors like defense, finance, and critical infrastructure. These systems, disconnected from external networks, are believed to be nearly impervious to cyberattacks. However, the evolving landscape of cybersecurity threats has brought new methods to breach even these fortified digital fortresses.

Risk 107
article thumbnail

Manufacturing, Industrial Sectors Are Under Siege

Security Boulevard

Manufacturing and industrial sectors are becoming bigger cyber-targets, and many of the intrusions are coming from China. Those are among the sobering takeaways from a report Tuesday by Ontinue’s Advanced Threat Operations team in its biannual Threat Intelligence Report. The two sectors endured a 105% increase in attacks during the first half of 2024, highlighting.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Inc Ransom Attack Analysis: Extortion Methodologies

Digital Shadows

This report details the various stages of an Inc Ransomware attack intrusion lifecycle, from exploiting a firewall to the use of Windows log manager and PowerShell for defense evasion.

Firewall 105
article thumbnail

Just-in-Time Access: Key Benefits for Cloud Platforms

Security Boulevard

Just-in-time access has emerged as a game-changing approach to enhance the security posture of cloud environments. This innovative method aligns with the principle of least privilege, reducing the attack surface and minimizing potential security risks. The post Just-in-Time Access: Key Benefits for Cloud Platforms appeared first on Security Boulevard.

Risk 114
article thumbnail

Cybersecurity for Small Businesses: Challenges and Best Practices

Tech Republic Security

Every business with a digital footprint, regardless of its nature or size, is vulnerable to cyberthreats. But small businesses, in particular, find themselves in a more perilous position. Apart from limited financial resources, there is also a perceived reluctance on the part of many small businesses to implement adequate cybersecurity measures in their business.

article thumbnail

Patch Tuesday Update – September 2024

Security Boulevard

The post Patch Tuesday Update - September 2024 appeared first on Digital Defense. The post Patch Tuesday Update – September 2024 appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

iPhone 16 Pro hands-on: My 3 favorite things about this ridiculously overpowered supercomputer

Zero Day

Apple may be known for its slick design and marketing, but it's the company's engineering prowess that powers the iPhone 16 Pro to new heights.

article thumbnail

Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics

Security Boulevard

Introduction Following the 2024 ThreatLabz Phishing Report, Zscaler ThreatLabz has been closely tracking domains associated with typosquatting and brand impersonation - common techniques used by threat actors to proliferate phishing campaigns. Typosquatting involves registering domains with misspelled versions of popular websites or brands to capitalize on user errors, while brand impersonation involves creating fake online entities that closely mimic a brand’s official presence.

Phishing 111
article thumbnail

Apple retires iPhone 13 and iPhone 15 Pro models - what should you buy instead?

Zero Day

The move really limits the options of anyone who wants a new Pro model directly from Apple.

98
article thumbnail

Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare

Security Boulevard

Software developers, as key players in the digital ecosystem, must proactively adapt to these changes to ensure compliance and uphold the privacy rights of users. The post Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare appeared first on Security Boulevard.

Software 103
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.