Wed.Aug 07, 2024

article thumbnail

Cybercrime Rapper Sues Bank over Fraud Investigation

Krebs on Security

A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.

Banking 264
article thumbnail

Black Hat Roundup 2024: What to Expect From This Week’s Security Events

Tech Republic Security

Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

Security Affairs

Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts. Sonar’s Vulnerability Research Team discovered a critical Cross-Site Scripting (XSS) vulnerability in the popular open-source webmail software Roundcube. Roundcube is included by default in the server hosting panel cPanel which has millions of installations worldwide.

Passwords 145
article thumbnail

CrowdStrike Reveals Root Cause of Global System Outages

The Hacker News

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.

Software 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

Security Affairs

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.

Spyware 144
article thumbnail

Windows Update downgrade attack "unpatches" fully-updated systems

Bleeping Computer

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.

143
143

More Trending

article thumbnail

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a technologically advanced not-for-profit healthcare system with nearly 4,000 employees and a medical staff of more than 450 physicians and 200 advanced practice clinicians. Bayhealth Medical Center , serving central and southern Delaware, operates two hospitals: Bayhealth Hospital, Kent Campus in Dover and Bayhealth Hospital, Sussex Campus in Milfo

article thumbnail

FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million

The Hacker News

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

article thumbnail

A Flaw in Windows Update Opens the Door to Zombie Exploits

WIRED Threat Level

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.

Hacking 134
article thumbnail

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

The Hacker News

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances.

Passwords 139
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Expert Insight: Cyber Security Resilience Act: A game-changer for industry standards

IT Security Guru

For the IT Security Guru, Chris Dimitriadis, Chief Global Strategy Officer at ISACA, explores the UK Government’s proposed Cyber Security Resilience Act. As King Charles III read out the new Labour government’s plans at the State Opening of Parliament, our industry breathed a sigh of relief at the inclusion of the Cyber Security and Resilience Bill.

article thumbnail

New Go-based Backdoor GoGra Targets South Asian Media Organization

The Hacker News

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News.

Media 136
article thumbnail

Inside the Dark World of Doxing for Profit

WIRED Threat Level

From tricking companies into handing over victims’ personal data to offering violence as a service, the online doxing ecosystem is not just still a problem—it’s getting more extreme.

130
130
article thumbnail

Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability

Security Boulevard

Rubrik at the Black Hat USA 2024 conference today revealed it is partnering with the Mandiant arm of Google to reduce the amount of time organizations require to recover from a cybersecurity breach. The post Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now

The Hacker News

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.

Software 130
article thumbnail

This Caller Does Not Exist: Using AI to Conduct Vishing Attacks

Security Boulevard

The best way to defend against vishing attacks is by educating ourselves on how threat actors operate, and to become familiar with the tools, techniques and procedures used to carry out these attacks. The post This Caller Does Not Exist: Using AI to Conduct Vishing Attacks appeared first on Security Boulevard.

Education 126
article thumbnail

Pig-butchering scammer targets BBC journalist

Graham Cluley

Cybersecurity journalist Joe Tidy has found himself in the unusual position of being targeted by a scammer calling herself "Jessica", he revealed this week. Read more in my article on the Hot for Security blog.

article thumbnail

Student Devices Wiped — Mobile Guardian Hacked AGAIN

Security Boulevard

Hackers ate my homework: MDM software for schools is breached for second time this year—13,000 devices wiped in Singapore alone. The post Student Devices Wiped — Mobile Guardian Hacked AGAIN appeared first on Security Boulevard.

Mobile 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

IT Security Guru

The insurance industry is experiencing a significant transformation fuelled by the ubiquity of digital technologies. As these solutions gain traction in this sector, they add complexity to a regulatory landscape that insurance firms need to navigate, especially when it comes to Customer Identity and Access Management (CIAM). These regulations stress the fair treatment of customers, transparent sales practices, robust governance and consent.

Insurance 119
article thumbnail

RAD Security Combines AI With Behavioral Analytics to Improve Cybersecurity

Security Boulevard

RAD Security this week at the Black Hat USA 2024 conference revealed it has added artificial intelligence (AI) capabilities to its cloud detection and response (CDR) platform as part of an ongoing effort to reduce dependencies on signatures that need to be developed before threats can be detected. The post RAD Security Combines AI With Behavioral Analytics to Improve Cybersecurity appeared first on Security Boulevard.

article thumbnail

CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks

Penetration Testing

Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-2024-43044 and CVE-2024-43045, expose Jenkins instances to arbitrary file... The post CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks appeared first on Cybersecurity News.

article thumbnail

Sysdig Adds Ability to Correlate Identities to Cloud Computing Breaches

Security Boulevard

Sysdig today extended the reach of the cloud detection and response platform by adding the ability to correlate identity behavior with workload activity and cloud resources. Maya Levine, a product manager for Sysdig, said Cloud Identity Insights collects data using a next-generation instance of Sysdig agent software, that is based on updated implementations of a.

Software 124
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Sneak Peek: 2024 Community Meeting Keynote Speakers

PCI perspectives

Don’t miss out on an extraordinary opportunity to learn from the most influential minds in payment security. Join us at a PCI SSC Community Meeting to collaborate and stay informed on the newest advancements in global payments security and PCI Security Standards. As promised, our 2024 keynote speakers, Tom Koulopoulos and Dr. Bruce McCabe , will deliver captivating and enlightening sessions, as they are distinguished experts in the field.

102
102
article thumbnail

Democracy’s Challenge: Secure Elections Worldwide

Security Boulevard

LAS VEGAS — The U.S. presidential election is less than three months away, and many cybersecurity experts are bracing for a deluge of deceit. During a Black Hat 2024 keynote panel Wednesday morning, international leaders outlined how they are approaching election security risks — namely, cyber threats, nation-states, and the rapid spread of misinformation thought.

article thumbnail

Why tech-savvy leadership is key to cyber insurance readiness

We Live Security

Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage

article thumbnail

Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level

Security Boulevard

Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they represent. The post Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Exfiltration Tools

Digital Shadows

Discover how Rclone, WinSCP, and cURL are leveraged by threat actors for data exfiltration.

100
100
article thumbnail

Hunters International RaaS Group Points SharpRhino at IT Workers

Security Boulevard

Hunters International, a fast-rising RaaS group, is using a typosquatting domain for the open source Angry IP Scanner tool to deliver a novel RAT malware called SharpRhino in a campaign targeting IT workers. The post Hunters International RaaS Group Points SharpRhino at IT Workers appeared first on Security Boulevard.

Malware 119
article thumbnail

Ronin Network hacked, $12 million returned by "white hat" hackers

Bleeping Computer

Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. [.

Hacking 100
article thumbnail

Cloud Data Storage Raises New Security Issues

Security Boulevard

Advancements in cloud computing have made securing data more complicated. Fortifying servers in data centers to protect sensitive information no longer provides adequate protection. The cloud has become the data repository for everything, and data security must keep pace. The post Cloud Data Storage Raises New Security Issues appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.