Mon.Oct 28, 2024

article thumbnail

Criminals Are Blowing up ATMs in Germany

Schneier on Security

It’s low tech , but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.

Banking 228
article thumbnail

News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training

The Last Watchdog

Cary, NC, Oct. 28, 2024, CyberNewswire — As the year-end approaches, it’s common for enterprises to discover they still have funds that must be utilized. Often, these L&D dollars are “use or lose,” meaning they will be returned to the general fund if not invested. Recognizing this, INE Security is launching an initiative to guide organizations in investing in technical training before the year end.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Is Firefox Password Manager Secure?

Tech Republic Security

Like other password managers, there are risks and drawbacks to consider before trusting Firefox Password Manager with your credentials.

article thumbnail

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria Del Vecchio.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

The Hacker News

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin.

article thumbnail

Black Basta affiliates used Microsoft Teams in recent attacks

Security Affairs

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help them mitigate an ongoing spam attack.

More Trending

article thumbnail

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers.

article thumbnail

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

The Hacker News

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.

118
118
article thumbnail

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks —often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility.

B2B 126
article thumbnail

Russian Espionage Group Targets Ukrainian Military with Malware via Telegram

The Hacker News

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812.

Malware 118
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

NTT Data Taps Palo Alto Networks for MXDR Service

Security Boulevard

NTT Data today added a managed extended detection and response (MXDR) service that is based on a security operations center (SOC) platform from Palo Alto Networks. The post NTT Data Taps Palo Alto Networks for MXDR Service appeared first on Security Boulevard.

article thumbnail

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

The Hacker News

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview.

Malware 116
article thumbnail

PwC Survey Surfaces Lack of Focus on Cyber Resiliency

Security Boulevard

A global survey of 4,042 business and technology executives suggests that much work remains to be done to ensure the cyber resiliency of organizations and prioritize how resources are allocated based on the actual risk cybersecurity threats represent. The post PwC Survey Surfaces Lack of Focus on Cyber Resiliency appeared first on Security Boulevard.

article thumbnail

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

The Hacker News

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Best AI Security Tools: Top Solutions, Features & Comparisons

Tech Republic Security

Discover the best AI security tools in this article, with top solutions, key features, and expert comparisons to help organizations enhance their cybersecurity.

article thumbnail

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

The Hacker News

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage.

Phishing 112
article thumbnail

5 Best Practices for Data Privacy Compliance

Security Boulevard

With data breaches on the rise—over 3,200 incidents in the U.S. last year alone —businesses are increasingly under pressure to protect personal data and comply with evolving privacy regulations. The surge in breaches highlights a critical need for robust data privacy practices, not just to avoid regulatory penalties, but to protect the trust and confidence […] The post 5 Best Practices for Data Privacy Compliance appeared first on Centraleyes.

article thumbnail

CloudScout: Evasive Panda scouting cloud services

We Live Security

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

130
130
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Europol warns about counterfeit goods and the criminals behind them

Malwarebytes

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper, but they do come with a dark side. According to Europol’s report titled “ Uncovering the ecosystem of intellectual property crime , ”approximately 86 million fake items were seized in the European Union

article thumbnail

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

eSecurity Planet

Like last week, this week’s theme continues to be vulnerabilities, discovered months ago, that are still rearing their head. A July Microsoft SharePoint issue has been added to the Cybersecurity Infrastructure and Security Agency’s catalog of known exploitable vulnerabilities. Additionally, VMware released a patch for an already-patched vulnerability from last month due to an insufficient heap overflow fix.

Phishing 102
article thumbnail

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.

article thumbnail

Google Chromecast vs Roku: Which streaming device platform is right for you?

Zero Day

The Google Chromecast and Roku streaming devices are wildly popular among cord-cutters, but which one is right for you? We break down the differences and help you decide.

104
104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

The Hacker News

Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated.

article thumbnail

Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw

Penetration Testing

The researcher published the technical details and proof-of-concept (PoC) exploit code for CVE-2024-9264 – a critical vulnerability in Grafana—an open-source, multi-platform analytics, and visualization tool widely adopted by organizations to... The post Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw appeared first on Cybersecurity News.

article thumbnail

The Windows 11 24H2 bug list grows again: 9 reasons to avoid this update for now

Zero Day

Microsoft's official 24H2 update for Windows 11 has been saddled with one bug after another. Here's what you may find if you jump to the new version right now.

135
135
article thumbnail

CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published

Penetration Testing

A severe security vulnerability has been identified in the Xlight SFTP server, a popular Windows-based FTP and SFTP solution designed for secure, high-performance file transfer. Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Grab the 4TB Samsung T5 portable SSD for almost 50% off at Amazon

Zero Day

The Samsung T5 Evo 4TB portable SSD is almost $200 off at Amazon, saving you 46% on all the storage space you'll need for games, documents, photos, and videos. But you'll have to hurry, you might not see an SSD deal this good again until Black Friday.

126
126
article thumbnail

French ISP Free confirms data breach after hacker puts customer data up for auction

Graham Cluley

One of the largest internet providers in France, Free S.A.S, has confirmed that it recently suffered a cybersecurity breach after a hacker attempted to sell what purported to be stolen data from the organisation on the dark web. Read more in my article on the Hot for Security blog.

article thumbnail

A week in security (October 21 – October 27)

Malwarebytes

Last week on Malwarebytes Labs: 100 million US citizens officially impacted by Change Healthcare data breach Pinterest tracks users without consent, alleges complaint After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data LinkedIn bots and spear phishers target job seekers Upload a video selfie to get your Facebook or Instagram account back This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22) Internet Archi

article thumbnail

I switched from Intel to AMD - here's why I'm never going back

Zero Day

I find AMD's Ryzen CPUs far more reliable than any Intel-based system I've ever used. But that's not the only thing to make me a convert.

109
109
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.