Krebs on Security
AUGUST 7, 2024
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.
Bleeping Computer
AUGUST 7, 2024
SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
AUGUST 7, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
Tech Republic Security
AUGUST 7, 2024
Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
AUGUST 7, 2024
Rubrik at the Black Hat USA 2024 conference today revealed it is partnering with the Mandiant arm of Google to reduce the amount of time organizations require to recover from a cybersecurity breach. The post Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability appeared first on Security Boulevard.
The Hacker News
AUGUST 7, 2024
Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
AUGUST 7, 2024
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. "Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably," a group of academics from the Graz University of Technology said [PDF].
Security Boulevard
AUGUST 7, 2024
Hackers ate my homework: MDM software for schools is breached for second time this year—13,000 devices wiped in Singapore alone. The post Student Devices Wiped — Mobile Guardian Hacked AGAIN appeared first on Security Boulevard.
IT Security Guru
AUGUST 7, 2024
For the IT Security Guru, Chris Dimitriadis, Chief Global Strategy Officer at ISACA, explores the UK Government’s proposed Cyber Security Resilience Act. As King Charles III read out the new Labour government’s plans at the State Opening of Parliament, our industry breathed a sigh of relief at the inclusion of the Cyber Security and Resilience Bill.
Security Boulevard
AUGUST 7, 2024
RAD Security this week at the Black Hat USA 2024 conference revealed it has added artificial intelligence (AI) capabilities to its cloud detection and response (CDR) platform as part of an ongoing effort to reduce dependencies on signatures that need to be developed before threats can be detected. The post RAD Security Combines AI With Behavioral Analytics to Improve Cybersecurity appeared first on Security Boulevard.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
The Hacker News
AUGUST 7, 2024
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
Security Boulevard
AUGUST 7, 2024
Sysdig today extended the reach of the cloud detection and response platform by adding the ability to correlate identity behavior with workload activity and cloud resources. Maya Levine, a product manager for Sysdig, said Cloud Identity Insights collects data using a next-generation instance of Sysdig agent software, that is based on updated implementations of a.
The Hacker News
AUGUST 7, 2024
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances.
Security Boulevard
AUGUST 7, 2024
LAS VEGAS — The U.S. presidential election is less than three months away, and many cybersecurity experts are bracing for a deluge of deceit. During a Black Hat 2024 keynote panel Wednesday morning, international leaders outlined how they are approaching election security risks — namely, cyber threats, nation-states, and the rapid spread of misinformation thought.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Graham Cluley
AUGUST 7, 2024
Cybersecurity journalist Joe Tidy has found himself in the unusual position of being targeted by a scammer calling herself "Jessica", he revealed this week. Read more in my article on the Hot for Security blog.
Security Boulevard
AUGUST 7, 2024
Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they represent. The post Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level appeared first on Security Boulevard.
The Hacker News
AUGUST 7, 2024
An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News.
Security Boulevard
AUGUST 7, 2024
Hunters International, a fast-rising RaaS group, is using a typosquatting domain for the open source Angry IP Scanner tool to deliver a novel RAT malware called SharpRhino in a campaign targeting IT workers. The post Hunters International RaaS Group Points SharpRhino at IT Workers appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 7, 2024
The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a technologically advanced not-for-profit healthcare system with nearly 4,000 employees and a medical staff of more than 450 physicians and 200 advanced practice clinicians. Bayhealth Medical Center , serving central and southern Delaware, operates two hospitals: Bayhealth Hospital, Kent Campus in Dover and Bayhealth Hospital, Sussex Campus in Milfo
Penetration Testing
AUGUST 7, 2024
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-2024-43044 and CVE-2024-43045, expose Jenkins instances to arbitrary file... The post CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks appeared first on Cybersecurity News.
The Hacker News
AUGUST 7, 2024
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
Security Boulevard
AUGUST 7, 2024
Advancements in cloud computing have made securing data more complicated. Fortifying servers in data centers to protect sensitive information no longer provides adequate protection. The cloud has become the data repository for everything, and data security must keep pace. The post Cloud Data Storage Raises New Security Issues appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
AUGUST 7, 2024
A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.
PCI perspectives
AUGUST 7, 2024
Don’t miss out on an extraordinary opportunity to learn from the most influential minds in payment security. Join us at a PCI SSC Community Meeting to collaborate and stay informed on the newest advancements in global payments security and PCI Security Standards. As promised, our 2024 keynote speakers, Tom Koulopoulos and Dr. Bruce McCabe , will deliver captivating and enlightening sessions, as they are distinguished experts in the field.
WIRED Threat Level
AUGUST 7, 2024
From tricking companies into handing over victims’ personal data to offering violence as a service, the online doxing ecosystem is not just still a problem—it’s getting more extreme.
Bleeping Computer
AUGUST 7, 2024
Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
IT Security Guru
AUGUST 7, 2024
The insurance industry is experiencing a significant transformation fuelled by the ubiquity of digital technologies. As these solutions gain traction in this sector, they add complexity to a regulatory landscape that insurance firms need to navigate, especially when it comes to Customer Identity and Access Management (CIAM). These regulations stress the fair treatment of customers, transparent sales practices, robust governance and consent.
Bleeping Computer
AUGUST 7, 2024
CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. [.
Penetration Testing
AUGUST 7, 2024
At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches on fully updated Windows systems, reintroducing previously fixed security... The post CVE-2024-21302, CVE-2024-38202: Zero-Day Vulnerabilities Expose Windows Systems to “Unpatching” Attacks appeared first on Cybersecurity News.
Bleeping Computer
AUGUST 7, 2024
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Expert insights. Personalized for you.
221 
Let's personalize your content