Thu.Oct 17, 2024

article thumbnail

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

Tech Republic Security

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

article thumbnail

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

Security Affairs

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access if exploited under specific conditions. A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. Only Kubernetes clusters with nodes using VM images from the Image Builder project and its Proxmox provider are impacted by this issue. “A security issue was discovered in the Kubernetes I

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NIS 2 Compliance Deadline Arrives: What You Need to Know

Tech Republic Security

The NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.

article thumbnail

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

Security Affairs

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately reported to VMware by Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) through the Trend Micro Zero Day Initiative (

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

Tech Republic Security

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

article thumbnail

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

The Hacker News

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133.

143
143

More Trending

article thumbnail

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

WIRED Threat Level

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.

Hacking 139
article thumbnail

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

The Hacker News

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web.

article thumbnail

Two Sudanese nationals indicted for operating the Anonymous Sudan group

Security Affairs

The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure, halting its cyber operations. The US Justice Department charged two Sudanese brothers (Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) with operating and controlling the cybercrime collective Anonymous Sudan that launched tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world

DDOS 130
article thumbnail

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

The Hacker News

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023.

DDOS 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GPS Jamming Is Screwing With Norwegian Planes

WIRED Threat Level

So much jamming is taking place in northeastern Norway, regulators no longer want to know.

127
127
article thumbnail

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

The Hacker News

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647.

article thumbnail

A glimmer of good news on the ransomware front, as encryption rates plummet

Graham Cluley

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day. Read more in my article on the Tripwire State of Security blog.

article thumbnail

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

The Hacker News

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04.

129
129
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Penetration Testing

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technology. This flaw, dubbed... The post HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published appeared first on Cybersecurity News.

article thumbnail

World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security

Security Boulevard

The World Economic Forum is advocating a shift in security thinking from secure by design to resilience by design in the face of the rapid development and expanding connectivity of emerging technologies like AI, quantum computing, and the Internet of Things. The post World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security appeared first on Security Boulevard.

article thumbnail

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

SecureList

On May 18, 2024, Kaspersky’s Global Research & Analysis Team (GReAT), with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world took part in the event, solving challenges based on real cases that Kaspersky GReAT encountered in its work, but a couple of challenges remained unsolved.

Software 119
article thumbnail

Hackers Turn to AI as Hardware Attacks Surge

Security Boulevard

There has been a sharp increase in the perceived value of AI technologies in hacking, according to a report from Bugcrowd platform, which surveyed 1,300 ethical hackers and security researchers. The post Hackers Turn to AI as Hardware Attacks Surge appeared first on Security Boulevard.

Hacking 118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

SMS MFA Misses the Medal: Choosing the Real Auth Champions

Duo's Security Blog

In the high-stakes arena of cybersecurity, multi-factor authentication (MFA) is the gold medal of safeguarding our online accounts. Just as Olympic champions need the latest technology and rigorous training to excel, our digital defenses require more advanced methods to fend off today’s sophisticated threats. SMS–based MFA leverages text messages (SMS) as one of the authentication factors to verify a user’s identity when attempting to log into a system.

article thumbnail

10 steps to safeguarding your privacy online

Webroot

The more devices, digital apps and online accounts you use, the more efficient and convenient your life becomes. But all that ease of use comes with a price. Your devices are constantly collecting your personal data to fine-tune your user experience. At the same time, hackers, and other cyber criminals are working round the clock to steal this sensitive information.

VPN 100
article thumbnail

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.

article thumbnail

'ConfusedPilot' Manipulates AI Tools, Exploiting Cloud Security Flaws

SecureWorld News

Researchers at the Spark Research Lab at the University of Texas at Austin have uncovered a new cyberattack method named ConfusedPilot , which has significant implications for cloud and data security. Led by Symmetry Systems CEO and professor Mohit Tiwari , the team identified the novel attack strategy , which exploits weaknesses in modern cloud infrastructure to manipulate authentication and access control systems.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

From Windows to Linux to ESXi: The Cicada3301 Ransomware Hits Them All

Penetration Testing

A sophisticated ransomware group, Cicada3301, has rapidly risen to prominence in the cybercrime landscape, targeting critical infrastructure sectors across the globe. First identified in June 2024, the Cicada3301 ransomware-as-a-service (RaaS)... The post From Windows to Linux to ESXi: The Cicada3301 Ransomware Hits Them All appeared first on Cybersecurity News.

article thumbnail

The top 5 iPhone 16 Pro features power users will love

Zero Day

Apple's iPhone 16 series ushers in significant updates to both software and hardware. Here are the features that pro users will care about the most.

article thumbnail

Patch Now! Grafana Hit by 9.9 Severity RCE Vulnerability (CVE-2024-9264)

Penetration Testing

A critical security vulnerability (CVE-2024-9264) has been discovered in Grafana, the popular open-source platform for monitoring and observability. This vulnerability, with a CVSS v3.1 score of 9.9, could allow attackers... The post Patch Now! Grafana Hit by 9.9 Severity RCE Vulnerability (CVE-2024-9264) appeared first on Cybersecurity News.

article thumbnail

These bone-conducting headphones deliver the best sound - and a cool trick for swimmers

Zero Day

The H20 Tri headphones are perfect for outdoor activities - and they deliver actual bass! Plus: You can leave your phone at home and still listen to your music on the go.

96
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

You’ve Heard the Security Service Edge (SSE) Story Before, but We Re-Wrote It!

Cisco Security

Tech components like MASQUE, QUIC and VPP allow Cisco to overcome the limitations of last-gen ZTNA and SSE solutions. Learn how Cisco is rewriting the ZTA story. Tech components like MASQUE, QUIC and VPP allow Cisco to overcome the limitations of last-gen ZTNA and SSE solutions. Learn how Cisco is rewriting the ZTA story.

91
article thumbnail

State of Cybersecurity: Complexity Drives Need for Channel Help

CompTIA on Cybersecurity

Cybersecurity considerations manifest in every layer of an organization’s technology stack.

article thumbnail

Cisco’s Firewall Solution Recognized as a Leader in Forrester Wave™

Cisco Security

Cisco is proud to be recognized as a leader in The Forrester Waveâ„¢: Enterprise Firewall Solutions, Q4 2024. Learn more about what sets Cisco apart. Cisco is proud to be recognized as a leader in The Forrester Waveâ„¢: Enterprise Firewall Solutions, Q4 2024. Learn more about what sets Cisco apart.

article thumbnail

Vendor Comparison: DIY Home Security Systems

Tech Republic Security

Attention remote workers! When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide, created by Mark W. Kaelin for TechRepublic Premium, provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying.

86
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.