Troy Hunt

NOVEMBER 20, 2024

I've spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch. Over the years, the service has evolved to use emerging new techniques to not just make things fast, but make them scale more under load, increase avail

Data breaches 168

Data breaches Passwords DDOS Accountability 168

Schneier on Security

NOVEMBER 20, 2024

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

Cybersecurity 209

Cybersecurity 209

Zero Day

NOVEMBER 20, 2024

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

Technology 137

Technology 137

The Hacker News

NOVEMBER 20, 2024

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

122

122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

NOVEMBER 20, 2024

Your boss has read about the power of generative AI and wants you to stop dithering about potential risks and start delivering results.

Digital transformation 128

Digital transformation Risk Artificial Intelligence Technology 128

The Hacker News

NOVEMBER 20, 2024

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.

Mobile 114

Mobile Banking 114

Security Affairs

NOVEMBER 20, 2024

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious w

Spyware 110

Spyware Hacking 110

Security Boulevard

NOVEMBER 20, 2024

The software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring.

Software 102

Software 102

Zero Day

NOVEMBER 20, 2024

Black Friday is a week away, and early deals are showing up. Over on B&H Photo Video, the HP Envy has received a big discount, dropping down to $1,100.

110

110

Malwarebytes

NOVEMBER 20, 2024

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.

Software 99

Software Engineering Risk Cybersecurity 99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

NOVEMBER 20, 2024

Qualys Threat Research Unit uncovers five local privilege escalation flaws, enabling unprivileged users to gain root access. The Qualys Threat Research Unit (TRU) has disclosed five critical vulnerabilities in the... The post Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

NOVEMBER 20, 2024

A mobile network operator has called in the help of Artificial Intelligence (AI) in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up, because Daisy won’t. Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an

Scams 94

Scams Artificial Intelligence Banking Media 94

Penetration Testing

NOVEMBER 20, 2024

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the... The post CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution appeared first on Cybersecurity News.

Cybersecurity 94

Cybersecurity 94

The Hacker News

NOVEMBER 20, 2024

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes.

Cybersecurity 94

Cybersecurity 94

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Zero Day

NOVEMBER 20, 2024

These handy gadgets make for useful gifts during the holidays. If your loved one likes to be prepared for anything, you can't go wrong with these EDC essentials.

98

98

The Hacker News

NOVEMBER 20, 2024

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.

Accountability 92

Accountability Malware 92

SecureWorld News

NOVEMBER 20, 2024

As International Fraud Awareness Week (November 17–23) unfolds, the U.S. Internal Revenue Service ( IRS) is highlighting the critical role taxpayers, businesses, and professionals play in combating tax fraud. With tax scams on the rise, the IRS Office of Fraud Enforcement and IRS Criminal Investigation are amplifying efforts to educate the public on recognizing and reporting fraudulent schemes.

Scams 87

Scams Identity Theft Education Phishing 87

Penetration Testing

NOVEMBER 20, 2024

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers... The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.

Software 87

Software Cybersecurity 87

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Zero Day

NOVEMBER 20, 2024

The emergency updates resolve two zero-day flaws that may have already been exploited in the wild.

116

116

Security Boulevard

NOVEMBER 20, 2024

BSODs begone! Redmond business leaders line up to say what’s new in Windows security. The post Microsoft Veeps Ignite Fire Under CrowdStrike appeared first on Security Boulevard.

Social Engineering 80

Social Engineering Security Awareness Engineering Risk 80

Zero Day

NOVEMBER 20, 2024

Freely available to anyone, Bluesky offers key advantages over X, Threads, and other social networks. Here are 8 ways to achieve social nirvana.

131

131

The Hacker News

NOVEMBER 20, 2024

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.

79

79

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Zero Day

NOVEMBER 20, 2024

The Amazfit BIP 5 provides an exhaustive list of health and fitness metrics through Zepp, the same app that much more expensive smartwatches use. Right now, it's on sale for $69.

81

81

WIRED Threat Level

NOVEMBER 20, 2024

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Media 99

Media 99

Zero Day

NOVEMBER 20, 2024

Do you want to build a website, but you're unsure where to start? You should start with a reputable hosting service. We've tested the top web hosting services that offer solid customer service and good value for the money.

81

81

Malwarebytes

NOVEMBER 20, 2024

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves. A co-worker who received such an email pointed it out to our team.

Scams 73

Scams Accountability Passwords Banking 73

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

NOVEMBER 20, 2024

Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in July 2024 when... The post FrostyGoop: New ICS Malware Exploits Modbus TCP Protocol appeared first on Cybersecurity News.

Malware 72

Malware Technology Cybersecurity 72

Security Boulevard

NOVEMBER 20, 2024

Scammers are using everything from fraudulent deals and fake ads to spoofed websites and brand impersonation to target online shoppers who are gearing up for Black Friday as the holiday buying season gets underway, according to cybersecurity firms. The post Black Friday Scammers are Hard at Work: Security Experts appeared first on Security Boulevard.

Cybersecurity 71

Cybersecurity Social Engineering Data privacy Scams 71

Penetration Testing

NOVEMBER 20, 2024

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the... The post WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts appeared first on Cybersecurity News.

Cybersecurity 72

Cybersecurity 72

Zero Day

NOVEMBER 20, 2024

Apple's latest iPhone 16 Pro sees major improvements, but do they warrant upgrading from the two-year-old iPhone 14 Pro? We'll help you decide.

89

89

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government