Schneier on Security

AUGUST 29, 2024

The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia

Engineering 303

Engineering Internet Internet 303

Tech Republic Security

AUGUST 29, 2024

While Proton VPN’s strong focus on privacy is enticing, NordVPN’s fast-performing and all-around VPN service is the better overall package between the two.

VPN 135

VPN 135

Penetration Testing

AUGUST 29, 2024

A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a near-perfect CVSS score... The post CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE appeared first on Cybersecurity News.

Cybersecurity 137

Cybersecurity 137

Tech Republic Security

AUGUST 29, 2024

Threat actors are abusing Microsoft Sway to host QR Code phishing campaigns.

Phishing 178

Phishing 178

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ). using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 136

Surveillance Government Encryption Hacking 136

Tech Republic Security

AUGUST 29, 2024

Norton 360 Standard offers award-winning protection for your digital life — malware defense, cloud backup, and a VPN — for just $17.99 for a 15-month plan.

Backups 124

Backups VPN Malware Password Management 124

Security Affairs

AUGUST 29, 2024

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras.

Firmware 125

Firmware Malware Security Intelligence Authentication 125

Pen Test Partners

AUGUST 29, 2024

TL;DR Strong passwords : Use a password manager. Multi-factor authentication (MFA) : MFA requires multiple forms of identification, adding an extra layer of security. This makes it harder for unauthorised users to gain access even if they have your password. Phishing awareness : Stay alert to phishing attempts by scrutinising emails and messages that request personal information or direct you to suspicious websites.

Media 115

Media Accountability Password Management Passwords 115

The Hacker News

AUGUST 29, 2024

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets.

Cryptocurrency 116

Cryptocurrency Malware 116

Tech Republic Security

AUGUST 29, 2024

There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability.

129

129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Graham Cluley

AUGUST 29, 2024

Who doesn't fancy earning US $2.5 million? That's the reward that's on offer from US authorities for information leading to the arrest and/or conviction of the man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. Read more in my article on the Tripwire State of Security blog.

Malware 111

Malware 111

Penetration Testing

AUGUST 29, 2024

The QiAnXin Threat Intelligence Center has disclosed the technical details of a sophisticated cyber espionage campaign dubbed “Operation DevilTiger,” orchestrated by the elusive APT-Q-12 group, also known as “Pseudo Hunter.”... The post Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled appeared first on Cybersecurity News.

Cybersecurity 119

Cybersecurity 119

The Hacker News

AUGUST 29, 2024

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware.

Mobile 111

Mobile Malware Cybersecurity 111

Penetration Testing

AUGUST 29, 2024

Trend Micro researchers have identified a sophisticated malware campaign specifically targeting organizations in the Middle East. This campaign leverages a meticulously crafted tool masquerading as the legitimate Palo Alto GlobalProtect... The post Fake Palo Alto Tool Delivers Sophisticated Malware in Middle East Cyberattack appeared first on Cybersecurity News.

Malware 113

Malware Cybersecurity VPN 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

AUGUST 29, 2024

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware.

Hacking 111

Hacking Ransomware Cybersecurity 111

Penetration Testing

AUGUST 29, 2024

Fortinet’s FortiGuard Labs has unearthed a new variant of the notorious Snake Keylogger, delivered through a malicious Excel document in a phishing campaign. This keylogger, also known as “404 Keylogger”... The post New Snake Keylogger Variant Slithers Into Phishing Campaigns appeared first on Cybersecurity News.

Phishing 113

Phishing Cybersecurity Malware 113

The Hacker News

AUGUST 29, 2024

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus.

Malware 109

Malware Hacking Cybersecurity 109

Graham Cluley

AUGUST 29, 2024

2024 looks set to be the highest-grossing year yet for ransomware gangs, due - in no small part - to emboldened cybercriminals causing costly disruption at larger companies. Read more in my article on the Exponential-e blog.

Ransomware 103

Ransomware Malware 103

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 29, 2024

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.

108

108

Malwarebytes

AUGUST 29, 2024

In a previous blog post , we showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. We continue this series with another clever trick abusing Canva , a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page.

Scams 105

Scams Advertising Accountability Engineering 105

Security Affairs

AUGUST 29, 2024

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a high-severity flaw in the DHCPv6 relay agent. Cisco released security updates for NX-OS software that address multiple vulnerabilities. The most severe of the vulnerabilities fixed by the IT giant is a high-severity issue tracked as CVE-2024-20446. The vulnerability impacts the DHCPv6 relay agent of NX-OS, an attacker can trigger the flaw to cause a denial-of-service (DoS) condition. “This vulnerability is due t

Software 121

Software Hacking Risk Information Security 121

WIRED Threat Level

AUGUST 29, 2024

Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.

Accountability 98

Accountability 98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

AUGUST 29, 2024

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances.

Cryptocurrency 96

Cryptocurrency 96

Graham Cluley

AUGUST 29, 2024

Hackers who seized control of the official Instagram account of McDonald's claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency. Read more in my article on the Hot for Security blog.

Accountability 92

Accountability Cryptocurrency Hacking 92

The Hacker News

AUGUST 29, 2024

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report.

Phishing 95

Phishing 95

Penetration Testing

AUGUST 29, 2024

A zero-day vulnerability in Google Chrome (CVE-2024-5274) has been publicly disclosed, along with technical details and a proof-of-concept (PoC) exploit, potentially escalating the risk for users worldwide. This flaw, known... The post CVE-2024-5274: Chrome Zero-Day Exploited by APT29, PoC Exploit Published appeared first on Cybersecurity News.

Risk 93

Risk Cybersecurity 93

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

AUGUST 29, 2024

Texas Dow Employees Credit Union (TDECU) has alerted the Maine Attorney General's Office that it is notifying more than 500,000 members about a significant data breach. The breach, detailed in the notification , occurred due to a hack on the MOVEit file transfer software more than a year ago—on May 29, 2023—which was only discovered on July 30th. The incident involved the theft of files containing sensitive personal information, including names, dates of birth, Social Security numbers, bank acco

Data breaches 89

Data breaches Identity Theft Risk Ransomware 89

WIRED Threat Level

AUGUST 29, 2024

Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.

Spyware 83

Spyware Hacking 83

Penetration Testing

AUGUST 29, 2024

Recent findings by the Phylum Research Team have brought to light a resurgence of malicious activities on the npm registry, with multiple attack vectors originating from groups aligned with North... The post North Korean Cyberattacks Persist: Developers Targeted via npm appeared first on Cybersecurity News.

Cybersecurity 92

Cybersecurity Malware 92

Heimadal Security

AUGUST 29, 2024

Top cybersecurity companies play a pivotal role in addressing the financial impact of cybercrime, as evidenced by Cybersecurity Ventures’ forecast that in 2024, global cybercrime damage costs will reach $9.5 trillion USD annually, $793 billion USD monthly, and $182.5 billion USD weekly. As the need for strong security measures increases, the cybersecurity technology sector has […] The post Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One) appeared first on

Cybersecurity 76

Cybersecurity Cybercrime Technology 76

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government