Thu.Aug 01, 2024

article thumbnail

Education in Secure Software Development

Schneier on Security

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment ­ system operations, software developers, committers, and maintainers ­ self-report feeling unfamiliar with secure software development practice

Education 294
article thumbnail

Weekly Update 411

Troy Hunt

The ongoing scourge that is spyware (or, as it is commonly known, "stalkerware"), and the subsequent breaches that so often befall them continue to amaze me. More specifically, it's the way they tackle the non-consensual spying aspect of the service which, on the one hand is represented as a big "no-no" but on the others hand, the likes of Spytech in this week's update literally have a dedicated page for!

Spyware 224
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Confirms Global Azure Outage Caused by DDoS Attack

Tech Republic Security

Redmond has confirmed the eight-hour Azure outage on July 30 was triggered by a distributed denial-of-service attack, but an “error in the implementation of [their] defenses” exacerbated it.

DDOS 176
article thumbnail

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

The Last Watchdog

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. Now comes a global survey from Appdome and OWASP that reveals the vast majority of consumers are fed up. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient.

Mobile 147
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Top 6 Cloud Computing Certifications Worth Taking

Tech Republic Security

Check out the top cloud computing certifications, which include offerings that focus on AWS and Microsoft Azure.

161
161
article thumbnail

A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers

WIRED Threat Level

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.

Hacking 144

More Trending

article thumbnail

He Was an FBI Informant—and Inspired a Generation of Violent Extremists

WIRED Threat Level

Joshua Caleb Sutter infiltrated far-right extremist organizations as a confidential FBI informant, all while promoting hateful ideologies that influenced some of the internet's most violent groups.

Internet 142
article thumbnail

Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique

The Hacker News

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed.

DNS 141
article thumbnail

The Top 7 NordVPN Alternatives for 2024

Tech Republic Security

If you’re looking for the best NordVPN alternatives today, Surfshark VPN, Proton VPN and ExpressVPN are among a handful of quality VPNs you should check out.

VPN 138
article thumbnail

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

The Hacker News

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Pharma Giant Cencora confirmed the theft of personal and health information

Security Affairs

Pharma company Cencora confirmed the theft of personal and health information following the February 2024 data breach. Pharmaceutical giant Cencora confirmed that the threat actors had access to personally identifiable information (PII) and protected health information (PHI) following the February 2024 cyberattack. On February 21, Cencora announced a data breach in a filing with the Securities and Exchange Commission (SEC).

article thumbnail

Obfuscation: There Are Two Sides To Everything

The Hacker News

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?

Malware 130
article thumbnail

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. Over a dozen Russian-linked cybercriminal groups exploited this attack technique to carry out a stealth domain name hijacking.

DNS 131
article thumbnail

Twilio kills off Authy for desktop, forcibly logs out all users

Bleeping Computer

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. [.

120
120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CSMA Starts with Identity A Comprehensive Approach to Modern Cybersecurity

Security Boulevard

With the rise of AI, NHIs (non-human identities) are booming, and attacks are becoming increasingly identity-first and AI-powered, making them faster, evasive and more sophisticated. The post CSMA Starts with Identity A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.

article thumbnail

How “professional” ransomware variants boost cybercrime groups

SecureList

Introduction Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set of standard tools and a freshly built (and sometimes slightly altered) ransomware sample, victims can be sought, and the malicious activity

article thumbnail

The Unbreakable Bond: Why Identity and Data Security are Inseparable

Security Boulevard

Identity security and data security must be addressed simultaneously for an organization’s security posture to address security risks and threats adequately. The post The Unbreakable Bond: Why Identity and Data Security are Inseparable appeared first on Security Boulevard.

Risk 118
article thumbnail

Hackers abuse free TryCloudflare to deliver remote access malware

Bleeping Computer

Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). [.

Malware 117
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

$75 million record-breaking ransom paid to cybercriminals, say researchers

Graham Cluley

The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Read more in my article on the Hot for Security blog.

article thumbnail

Widespread OTP-Stealing Campaign Targets Android Users

Security Boulevard

Zimperium researchers discovered a widespread and sophisticated malware campaign dubbed SMS Stealer that's being used against Android device users to steal OTPs from text messages, which can lead to account takeover and ransomware attacks. The post Widespread OTP-Stealing Campaign Targets Android Users appeared first on Security Boulevard.

article thumbnail

FBI warns of scammers posing as crypto exchange employees

Bleeping Computer

The Federal Bureau of Investigation (FBI) warns of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. [.

article thumbnail

Google Using Enhanced Encryption to Protect Cookies

Security Boulevard

Google is adding greater encryption capabilities to Chrome to better protect users from information-stealing malware, a move that comes after the company's controversial decision to once again delay getting rid of third-party cookies. The post Google Using Enhanced Encryption to Protect Cookies appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

New Android Banking Trojan BingoMod Steals Money, Wipes Devices

The Hacker News

Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the RAT towards the end of May 2024, said the malware is under active development.

Banking 111
article thumbnail

Navigating Indispensable Cybersecurity Practices for Hybrid Working Professionals

Security Boulevard

A solid cybersecurity program can help prevent cyberattacks, protect networks and communication and give both employers and remote employees peace of mind. The post Navigating Indispensable Cybersecurity Practices for Hybrid Working Professionals appeared first on Security Boulevard.

article thumbnail

UK takes down major 'Russian Coms' caller ID spoofing platform

Bleeping Computer

The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [.

Scams 103
article thumbnail

Why zero trust is the new gold standard in cybersecurity

Security Boulevard

Why zero trust is the new gold standard in cybersecurity Why zero trust is the new gold standard in cybersecurity Zero Trust: The Cornerstone of Modern Cybersecurity Zero Trust: The Cornerstone of Modern Cybersecurity The ever-changing digital terrain has rendered the formerly dependable castle-and-moat strategy for cybersecurity—which relied solely on firewalls—obviously insufficient.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Sitting Ducks DNS attacks let hackers hijack over 35,000 domains

Bleeping Computer

Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. [.

DNS 99
article thumbnail

20,000+ Ubiquiti Devices Exposed: Amplification Attacks & Data Leaks

Penetration Testing

A new report from Check Point Research (CPR) reveals that over 20,000 Ubiquiti devices, including the popular G4 Instant Camera and other models, remain susceptible to cyberattacks. The vulnerabilities, stemming from exposed UDP ports... The post 20,000+ Ubiquiti Devices Exposed: Amplification Attacks & Data Leaks appeared first on Cybersecurity News.

article thumbnail

Keeping your Android device safe from text message fraud

Google Security

Posted by Nataliya Stanetsky and Roger Piqueras Jover, Android Security & Privacy Team Cell-site simulators , also known as False Base Stations (FBS) or Stingrays, are radio devices that mimic real cell sites in order to lure mobile devices to connect to them. These devices are commonly used for security and privacy attacks, such as surveillance and interception of communications.

Mobile 93
article thumbnail

Tech support scam ring leader gets 7 years in prison, $6M fine

Bleeping Computer

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. [.

Scams 92
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.