Schneier on Security

OCTOBER 28, 2024

It’s low tech , but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.

Banking 247

Banking 247

Tech Republic Security

OCTOBER 28, 2024

Like other password managers, there are risks and drawbacks to consider before trusting Firefox Password Manager with your credentials.

Password Management 172

Password Management Passwords Risk 172

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks —often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility.

B2B 132

B2B Cybersecurity Risk Identity Theft 132

Penetration Testing

OCTOBER 28, 2024

A high-severity vulnerability has been discovered in the Common Log File System (CLFS) driver in Windows 11, enabling local users to escalate their privileges. CLFS is responsible for efficiently managing... The post CLFS Flaw in Windows 11 Allows for Privilege Escalation, PoC Published appeared first on Cybersecurity News.

Cybersecurity 133

Cybersecurity 133

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

OCTOBER 28, 2024

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria Del Vecchio.

Computers and Electronics 140

Computers and Electronics Banking Marketing Hacking 140

The Last Watchdog

OCTOBER 28, 2024

Cary, NC, Oct. 28, 2024, CyberNewswire — As the year-end approaches, it’s common for enterprises to discover they still have funds that must be utilized. Often, these L&D dollars are “use or lose,” meaning they will be returned to the general fund if not invested. Recognizing this, INE Security is launching an initiative to guide organizations in investing in technical training before the year end.

Cybersecurity 130

Cybersecurity Media Marketing Accountability 130

The Hacker News

OCTOBER 28, 2024

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812.

Malware 137

Malware 137

We Live Security

OCTOBER 28, 2024

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

137

137

The Hacker News

OCTOBER 28, 2024

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin.

Cybersecurity 137

Cybersecurity 137

Security Affairs

OCTOBER 28, 2024

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help them mitigate an ongoing spam attack.

Ransomware 137

Ransomware Malware Hacking Accountability 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 28, 2024

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview.

Malware 136

Malware 136

Security Boulevard

OCTOBER 28, 2024

A global survey of 4,042 business and technology executives suggests that much work remains to be done to ensure the cyber resiliency of organizations and prioritize how resources are allocated based on the actual risk cybersecurity threats represent. The post PwC Survey Surfaces Lack of Focus on Cyber Resiliency appeared first on Security Boulevard.

Technology 125

Technology Risk Cybersecurity Security Awareness 125

The Hacker News

OCTOBER 28, 2024

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.

136

136

Malwarebytes

OCTOBER 28, 2024

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper, but they do come with a dark side. According to Europol’s report titled “ Uncovering the ecosystem of intellectual property crime , ”approximately 86 million fake items were seized in the European Union

Cybercrime 133

Cybercrime Advertising Media Retail 133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

OCTOBER 28, 2024

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said.

Government 133

Government 133

WIRED Threat Level

OCTOBER 28, 2024

A report distributed by the US Department of Homeland Security warned that financially motivated cybercriminals are more likely to attack US election infrastructure than state-backed hackers.

Hacking 126

Hacking 126

The Hacker News

OCTOBER 28, 2024

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage.

Phishing 132

Phishing Cybersecurity 132

Zero Day

OCTOBER 28, 2024

For the smoothest, safest upgrade, take these steps before you update your iPhone.

122

122

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

OCTOBER 28, 2024

Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated.

Technology 118

Technology 118

SecureWorld News

OCTOBER 28, 2024

UnitedHealth Group recently confirmed that a ransomware attack on subsidiary Change Healthcare has compromised the personal information and healthcare data of more than 100 million individuals. The attackers accessed and exfiltrated vast amounts of personal and medical information, exploiting vulnerabilities to maximize the damage. UnitedHealth, one of the largest health insurers in the United States, had to undertake a lengthy investigation to confirm the scope of the breach, and its findings e

Healthcare 92

Healthcare Insurance Government Data breaches 92

Security Boulevard

OCTOBER 28, 2024

NTT Data today added a managed extended detection and response (MXDR) service that is based on a security operations center (SOC) platform from Palo Alto Networks. The post NTT Data Taps Palo Alto Networks for MXDR Service appeared first on Security Boulevard.

Security Awareness 122

Security Awareness Cybersecurity 122

Zero Day

OCTOBER 28, 2024

I can now do serious writing work easily and from anywhere - on my Apple Watch. Here's how you can, too.

116

116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

OCTOBER 28, 2024

A significant security vulnerability, CVE-2023-32197, has been identified in RKE2, Rancher’s Kubernetes distribution geared toward high-security environments, including the U.S. Federal Government. The vulnerability, rated with a high severity score... The post CVE-2023-32197 (CVSS 9.1): Critical RKE2 Flaw Exposes Windows Nodes to Privilege Escalation appeared first on Cybersecurity News.

Government 94

Government Cybersecurity 94

Zero Day

OCTOBER 28, 2024

I find AMD's Ryzen CPUs far more reliable than any Intel-based system I've ever used. But that's not the only thing to make me a convert.

109

109

Security Boulevard

OCTOBER 28, 2024

With data breaches on the rise—over 3,200 incidents in the U.S. last year alone —businesses are increasingly under pressure to protect personal data and comply with evolving privacy regulations. The surge in breaches highlights a critical need for robust data privacy practices, not just to avoid regulatory penalties, but to protect the trust and confidence […] The post 5 Best Practices for Data Privacy Compliance appeared first on Centraleyes.

Data privacy 116

Data privacy Data breaches 116

Zero Day

OCTOBER 28, 2024

If you're looking for a Linux distribution you can carry with you, PorteuX might be just the ticket to the freedom you've been looking for.

105

105

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

OCTOBER 28, 2024

A severe security vulnerability has been identified in the Xlight SFTP server, a popular Windows-based FTP and SFTP solution designed for secure, high-performance file transfer. Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

Authentication 98

Authentication Cybersecurity 98

Zero Day

OCTOBER 28, 2024

The self-paced 'Prompting Essentials' course requires no previous experience and is available now on Coursera.

105

105

Penetration Testing

OCTOBER 28, 2024

The researcher published the technical details and proof-of-concept (PoC) exploit code for CVE-2024-9264 – a critical vulnerability in Grafana—an open-source, multi-platform analytics, and visualization tool widely adopted by organizations to... The post Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Zero Day

OCTOBER 28, 2024

Microsoft's official 24H2 update for Windows 11 has been saddled with one bug after another. Here's what you may find if you jump to the new version right now.

104

104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity