Troy Hunt

NOVEMBER 20, 2024

I've spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch. Over the years, the service has evolved to use emerging new techniques to not just make things fast, but make them scale more under load, increase avail

Data breaches 168

Data breaches Passwords DDOS Accountability 168

Schneier on Security

NOVEMBER 20, 2024

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

Cybersecurity 206

Cybersecurity 206

The Hacker News

NOVEMBER 20, 2024

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

130

130

Zero Day

NOVEMBER 20, 2024

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

Technology 137

Technology 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

NOVEMBER 20, 2024

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.

Mobile 122

Mobile Banking 122

Zero Day

NOVEMBER 20, 2024

Your boss has read about the power of generative AI and wants you to stop dithering about potential risks and start delivering results.

Digital transformation 132

Digital transformation Risk Artificial Intelligence Technology 132

Security Boulevard

NOVEMBER 20, 2024

Microsoft this week launched a raft of cybersecurity initiatives that address everything from making Windows platforms more secure to adding platforms that are more secure by design. The post Microsoft Adds Raft of Zero-Trust Tools and Platforms appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity Security Awareness 109

The Hacker News

NOVEMBER 20, 2024

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.

Accountability 104

Accountability Malware 104

Zero Day

NOVEMBER 20, 2024

Black Friday is a week away, and early deals are showing up. Over on B&H Photo Video, the HP Envy has received a big discount, dropping down to $1,100.

110

110

Security Boulevard

NOVEMBER 20, 2024

The software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring.

Software 102

Software 102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Malwarebytes

NOVEMBER 20, 2024

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.

Software 99

Software Engineering Risk Cybersecurity 99

Penetration Testing

NOVEMBER 20, 2024

Qualys Threat Research Unit uncovers five local privilege escalation flaws, enabling unprivileged users to gain root access. The Qualys Threat Research Unit (TRU) has disclosed five critical vulnerabilities in the... The post Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

NOVEMBER 20, 2024

A mobile network operator has called in the help of Artificial Intelligence (AI) in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up, because Daisy won’t. Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an

Scams 94

Scams Artificial Intelligence Banking Media 94

Penetration Testing

NOVEMBER 20, 2024

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the... The post CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

NOVEMBER 20, 2024

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes.

Cybersecurity 102

Cybersecurity 102

Zero Day

NOVEMBER 20, 2024

These handy gadgets make for useful gifts during the holidays. If your loved one likes to be prepared for anything, you can't go wrong with these EDC essentials.

98

98

SecureWorld News

NOVEMBER 20, 2024

As International Fraud Awareness Week (November 17–23) unfolds, the U.S. Internal Revenue Service ( IRS) is highlighting the critical role taxpayers, businesses, and professionals play in combating tax fraud. With tax scams on the rise, the IRS Office of Fraud Enforcement and IRS Criminal Investigation are amplifying efforts to educate the public on recognizing and reporting fraudulent schemes.

Scams 87

Scams Identity Theft Education Phishing 87

Zero Day

NOVEMBER 20, 2024

Freely available to anyone, Bluesky offers key advantages over X, Threads, and other social networks. Here are 8 ways to achieve social nirvana.

134

134

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

NOVEMBER 20, 2024

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers... The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.

Software 85

Software Cybersecurity 85

Zero Day

NOVEMBER 20, 2024

The emergency updates resolve two zero-day flaws that may have already been exploited in the wild.

116

116

Security Boulevard

NOVEMBER 20, 2024

BSODs begone! Redmond business leaders line up to say what’s new in Windows security. The post Microsoft Veeps Ignite Fire Under CrowdStrike appeared first on Security Boulevard.

Social Engineering 80

Social Engineering Engineering Security Awareness Risk 80

The Hacker News

NOVEMBER 20, 2024

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.

82

82

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Zero Day

NOVEMBER 20, 2024

Merging Android and ChromeOS is a bold first step, but turning Android into a true alternative to MacOS, iPadOS, and Windows requires Google to make some big moves.

114

114

WIRED Threat Level

NOVEMBER 20, 2024

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Media 100

Media 100

Zero Day

NOVEMBER 20, 2024

The Amazfit BIP 5 provides an exhaustive list of health and fitness metrics through Zepp, the same app that much more expensive smartwatches use. Right now, it's on sale for $69.

81

81

Malwarebytes

NOVEMBER 20, 2024

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves. A co-worker who received such an email pointed it out to our team.

Scams 73

Scams Accountability Passwords Banking 73

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Zero Day

NOVEMBER 20, 2024

Do you want to build a website, but you're unsure where to start? You should start with a reputable hosting service. We've tested the top web hosting services that offer solid customer service and good value for the money.

81

81

Security Affairs

NOVEMBER 20, 2024

Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums announcing they have stolen 44,000 Ford customer records.

Data breaches 70

Data breaches Cybercrime Media Hacking 70

Security Boulevard

NOVEMBER 20, 2024

Scammers are using everything from fraudulent deals and fake ads to spoofed websites and brand impersonation to target online shoppers who are gearing up for Black Friday as the holiday buying season gets underway, according to cybersecurity firms. The post Black Friday Scammers are Hard at Work: Security Experts appeared first on Security Boulevard.

Cybersecurity 71

Cybersecurity Social Engineering Data privacy Scams 71

Zero Day

NOVEMBER 20, 2024

Apple's latest iPhone 16 Pro sees major improvements, but do they warrant upgrading from the two-year-old iPhone 14 Pro? We'll help you decide.

89

89

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity