Joseph Steinberg

JULY 23, 2024

CyberSecurity Expert Witness and Board Member , Joseph Steinberg, will, tomorrow, Wednesday, July 24th, 2024, speak with the public as part of a panel of experts from Columbia University, discussing both the recent CrowdStrike-Microsoft cybersecurity incident, and the incident’s ongoing global impact. On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 million devices running Microsoft Windows, disrupting air travel, hospitals, gov

Artificial Intelligence 286

Artificial Intelligence Cybersecurity Government Technology 286

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that.top was the most common suffix in phishing websites over the past year, second only to domains ending in “ com.” Image: Shutterstock.

Phishing 283

Phishing DNS Scams Technology 283

Schneier on Security

JULY 23, 2024

It’s heavily redacted , but still interesting. Many more ODNI documents here.

232

232

Tech Republic Security

JULY 23, 2024

Australia is among the APAC governments forging closer ties with the private sector due to the realisation that the public sector can no longer fight the increase in cyber criminals alone.

Government 171

Government Ransomware 171

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JULY 23, 2024

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.

Social Engineering 135

Social Engineering Advertising Marketing Surveillance 135

Tech Republic Security

JULY 23, 2024

Bitwarden’s affordability and extensive MFA options give it the slight edge over Dashlane’s uber-polished password management experience. Read more below.

Password Management 136

Password Management Passwords 136

The Hacker News

JULY 23, 2024

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today.

Malware 136

Malware Hacking 136

Security Affairs

JULY 23, 2024

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to survive multiple cleanup attempts.

Malware 134

Malware Firewall Information Security Hacking 134

The Hacker News

JULY 23, 2024

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1).

131

131

Tech Republic Security

JULY 23, 2024

Legacy security measures, while offering a baseline level of protection, heavily rely on predefined signatures and a narrow definition of the “abnormal.” They often follow a reactive approach, can be siloed, limiting information sharing, and lack the scalability to handle the terabytes of data generated by today’s complex IT systems. This is where artificial intelligence.

Artificial Intelligence 110

Artificial Intelligence 110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Graham Cluley

JULY 23, 2024

It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers. Read more in my article on the Hot for Security blog.

DDOS 119

DDOS 119

The Hacker News

JULY 23, 2024

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January.

Malware 122

Malware Cyber Attacks Cybersecurity 122

Graham Cluley

JULY 23, 2024

British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies. Read more in my article on the Hot for Security blog.

Ransomware 117

Ransomware Data breaches Malware 117

Bleeping Computer

JULY 23, 2024

CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [.

Malware 130

Malware 130

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Pen Test Partners

JULY 23, 2024

I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it. Shipping security is something we know quite a bit about, having been asked to hack a large number of ships by their owners, to help improve their security.

Hacking 116

Hacking Manufacturing Engineering Software 116

The Hacker News

JULY 23, 2024

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said.

Malware 118

Malware 118

Security Boulevard

JULY 23, 2024

Cloud security startup Wiz reportedly is rejecting Google's $23 billion acquisition bid, with the CEO saying the Israeli company will now focus on going public and reach the point of having $1 billion in recurring revenue. The post Wiz Walks Away From $23 Billion Google Bid appeared first on Security Boulevard.

Cybersecurity 114

Cybersecurity Network Security 114

We Live Security

JULY 23, 2024

ESET research reveals how the success of Hamster Kombats has attracted malicious actors trying to abuse interest in the game for monetary gain.

127

127

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

JULY 23, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY.

Malware 115

Malware Phishing Government 115

WIRED Threat Level

JULY 23, 2024

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.

Malware 111

Malware Hacking 111

Malwarebytes

JULY 23, 2024

For more than a year , Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. This week, Google tossed much of that work aside. In an update about Google’s Privacy Sandbox , the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forwa

Advertising 112

Advertising Internet Internet Marketing 112

We Live Security

JULY 23, 2024

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

110

110

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JULY 23, 2024

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [.

105

105

The Hacker News

JULY 23, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.

Internet 107

Internet Internet Cybersecurity 107

Bleeping Computer

JULY 23, 2024

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [.

Cryptocurrency 105

Cryptocurrency Hacking 105

The Hacker News

JULY 23, 2024

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions.

Consumer Protection 102

Consumer Protection Advertising Media Risk 102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JULY 23, 2024

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. [.

Data breaches 99

Data breaches Wireless 99

Penetration Testing

JULY 23, 2024

Docker has issued a security advisory for a critical vulnerability affecting certain versions of Docker Engine. This vulnerability, identified as CVE-2024-41110, has a CVSS score of 10, indicating a critical severity. The issue allows... The post Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover appeared first on Cybersecurity News.

Engineering 98

Engineering Cybersecurity 98

Bleeping Computer

JULY 23, 2024

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware.

Malware 107

Malware Hacking 107

Penetration Testing

JULY 23, 2024

A significant vulnerability has been identified in Laravel v11.x, the popular PHP web framework renowned for building modern, elegant web applications. This vulnerability, designated as CVE-2024-40075, is an XML External Entity (XXE) flaw that... The post CVE-2024-40075: XXE Vulnerability Found in Laravel v11.x appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government