Schneier on Security

AUGUST 1, 2024

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment ­ system operations, software developers, committers, and maintainers ­ self-report feeling unfamiliar with secure software development practice

Education 273

Education Software 273

Troy Hunt

AUGUST 1, 2024

The ongoing scourge that is spyware (or, as it is commonly known, "stalkerware"), and the subsequent breaches that so often befall them continue to amaze me. More specifically, it's the way they tackle the non-consensual spying aspect of the service which, on the one hand is represented as a big "no-no" but on the others hand, the likes of Spytech in this week's update literally have a dedicated page for!

Spyware 204

Spyware Small Business Scams 204

The Last Watchdog

AUGUST 1, 2024

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. Now comes a global survey from Appdome and OWASP that reveals the vast majority of consumers are fed up. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient.

Mobile 147

Mobile Internet Internet Technology 147

Tech Republic Security

AUGUST 1, 2024

Redmond has confirmed the eight-hour Azure outage on July 30 was triggered by a distributed denial-of-service attack, but an “error in the implementation of [their] defenses” exacerbated it.

DDOS 159

DDOS 159

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085. We have started sharing exposed VMware ESXi vulnerable to CVE-2024-37085 (authentication bypass).

Internet 141

Internet Internet Ransomware Authentication 141

Tech Republic Security

AUGUST 1, 2024

If you’re looking for the best NordVPN alternatives today, Surfshark VPN, Proton VPN and ExpressVPN are among a handful of quality VPNs you should check out.

VPN 120

VPN 120

Tech Republic Security

AUGUST 1, 2024

Check out the top cloud computing certifications, which include offerings that focus on AWS and Microsoft Azure.

142

142

Security Boulevard

AUGUST 1, 2024

With the rise of AI, NHIs (non-human identities) are booming, and attacks are becoming increasingly identity-first and AI-powered, making them faster, evasive and more sophisticated. The post CSMA Starts with Identity A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Social Engineering Data privacy Engineering 119

The Hacker News

AUGUST 1, 2024

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed.

DNS 121

DNS Risk 121

Security Boulevard

AUGUST 1, 2024

Identity security and data security must be addressed simultaneously for an organization’s security posture to address security risks and threats adequately. The post The Unbreakable Bond: Why Identity and Data Security are Inseparable appeared first on Security Boulevard.

Risk 118

Risk Data privacy Security Awareness Cybersecurity 118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

AUGUST 1, 2024

Pharma company Cencora confirmed the theft of personal and health information following the February 2024 data breach. Pharmaceutical giant Cencora confirmed that the threat actors had access to personally identifiable information (PII) and protected health information (PHI) following the February 2024 cyberattack. On February 21, Cencora announced a data breach in a filing with the Securities and Exchange Commission (SEC).

Data breaches 125

Data breaches Ransomware Malware Hacking 125

Security Boulevard

AUGUST 1, 2024

Zimperium researchers discovered a widespread and sophisticated malware campaign dubbed SMS Stealer that's being used against Android device users to steal OTPs from text messages, which can lead to account takeover and ransomware attacks. The post Widespread OTP-Stealing Campaign Targets Android Users appeared first on Security Boulevard.

Accountability 116

Accountability Malware Ransomware Data privacy 116

WIRED Threat Level

AUGUST 1, 2024

Joshua Caleb Sutter infiltrated far-right extremist organizations as a confidential FBI informant, all while promoting hateful ideologies that influenced some of the internet's most violent groups.

Internet 115

Internet Internet 115

Security Boulevard

AUGUST 1, 2024

Google is adding greater encryption capabilities to Chrome to better protect users from information-stealing malware, a move that comes after the company's controversial decision to once again delay getting rid of third-party cookies. The post Google Using Enhanced Encryption to Protect Cookies appeared first on Security Boulevard.

Encryption 114

Encryption Malware Mobile Cybersecurity 114

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

AUGUST 1, 2024

Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). [.

Malware 117

Malware 117

Security Boulevard

AUGUST 1, 2024

A solid cybersecurity program can help prevent cyberattacks, protect networks and communication and give both employers and remote employees peace of mind. The post Navigating Indispensable Cybersecurity Practices for Hybrid Working Professionals appeared first on Security Boulevard.

Cybersecurity 113

Cybersecurity Security Awareness Network Security 113

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. Over a dozen Russian-linked cybercriminal groups exploited this attack technique to carry out a stealth domain name hijacking.

DNS 124

DNS Accountability Risk Hacking 124

Security Boulevard

AUGUST 1, 2024

Why zero trust is the new gold standard in cybersecurity Why zero trust is the new gold standard in cybersecurity Zero Trust: The Cornerstone of Modern Cybersecurity Zero Trust: The Cornerstone of Modern Cybersecurity The ever-changing digital terrain has rendered the formerly dependable castle-and-moat strategy for cybersecurity—which relied solely on firewalls—obviously insufficient.

Cybersecurity 109

Cybersecurity Data privacy Firewall 109

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 1, 2024

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets.

Cryptocurrency 109

Cryptocurrency Malware 109

Bleeping Computer

AUGUST 1, 2024

The Federal Bureau of Investigation (FBI) warns of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. [.

Cryptocurrency 114

Cryptocurrency 114

The Hacker News

AUGUST 1, 2024

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?

Malware 101

Malware Software Risk 101

Bleeping Computer

AUGUST 1, 2024

The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [.

Scams 103

Scams 103

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

AUGUST 1, 2024

A new report from Check Point Research (CPR) reveals that over 20,000 Ubiquiti devices, including the popular G4 Instant Camera and other models, remain susceptible to cyberattacks. The vulnerabilities, stemming from exposed UDP ports... The post 20,000+ Ubiquiti Devices Exposed: Amplification Attacks & Data Leaks appeared first on Cybersecurity News.

Cybersecurity 97

Cybersecurity 97

Bleeping Computer

AUGUST 1, 2024

Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. [.

DNS 99

DNS Accountability 99

WIRED Threat Level

AUGUST 1, 2024

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.

Hacking 119

Hacking 119

Bleeping Computer

AUGUST 1, 2024

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. [.

120

120

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

AUGUST 1, 2024

Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the RAT towards the end of May 2024, said the malware is under active development.

Banking 100

Banking Malware Cybersecurity 100

Google Security

AUGUST 1, 2024

Posted by Nataliya Stanetsky and Roger Piqueras Jover, Android Security & Privacy Team Cell-site simulators , also known as False Base Stations (FBS) or Stingrays, are radio devices that mimic real cell sites in order to lure mobile devices to connect to them. These devices are commonly used for security and privacy attacks, such as surveillance and interception of communications.

Mobile 89

Mobile Phishing Malware Surveillance 89

SecureList

AUGUST 1, 2024

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set of standard tools and a freshly built (and sometimes slightly altered) ransomware sample, victims can be sought, and the malicious activity

Ransomware 89

Ransomware Cybercrime Education Malware 89

Bleeping Computer

AUGUST 1, 2024

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. [.

Scams 92

Scams 92

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government