Schneier on Security

AUGUST 2, 2024

Here’s a disaster that didn’t happen : Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog discussed what could have happened : The implications of someone finding this leaked token could be extremely severe.

Software 259

Software Cybersecurity 259

The Last Watchdog

AUGUST 2, 2024

Philadelphia, PA, Aug. 1, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition , a premium version of its widely-used VECTR platform for purple teams and adversary management program reporting and benchmarking. VECTR Enterprise is designed to support organizations that want to mature and communicate the success of their purple team exercises with benchmarking and executive reporting features.

Risk 147

Risk Penetration Testing CISO System Administration 147

Tech Republic Security

AUGUST 2, 2024

Australian regulators allege that cyber security failures at Optus and Medibank contributed to data breaches in 2022, leading to theft of sensitive customer data.

Data breaches 181

Data breaches Hacking 181

Bleeping Computer

AUGUST 2, 2024

Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled [.

143

143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

AUGUST 2, 2024

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism.

Cyber Attacks 130

Cyber Attacks Malware Cybersecurity 130

Bleeping Computer

AUGUST 2, 2024

Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. [.

Cybersecurity 125

Cybersecurity 125

The Hacker News

AUGUST 2, 2024

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a one-time tunnel that acts as a conduit to relay traffic from an attacker-controlled server to a local machine through Cloudflare's infrastructure.

Malware 123

Malware Cybersecurity 123

Security Affairs

AUGUST 2, 2024

Investors have sued CrowdStrike because the cybersecurity firm made false claims about its Falcon platform. Investors have sued CrowdStrike because the company made false and misleading claims on the testing of its Falcon platform. In July, a faulty update released by CrowdStrike Falcon caused Windows systems to display a BSoD screen. The incident caused widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations.

Software 124

Software Marketing Hacking Cybersecurity 124

Security Boulevard

AUGUST 2, 2024

Opal Security this week updated its privilege posture management platform to provide the ability to detect irregular access to an IT environment and manage privileges by groups. The post Opal Security Extends Scope and Reach of Platform for Managing Privileges appeared first on Security Boulevard.

Data privacy 116

Data privacy Security Awareness Phishing Cybersecurity 116

The Hacker News

AUGUST 2, 2024

In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country.

Cybercrime 117

Cybercrime 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

AUGUST 2, 2024

Pragmatic politics: Anger as Putin gets back two notorious cybercriminals The post Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin appeared first on Security Boulevard.

Social Engineering 116

Social Engineering Cyber Attacks Data privacy Engineering 116

The Hacker News

AUGUST 2, 2024

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.

DDOS 115

DDOS Cybersecurity 115

Malwarebytes

AUGUST 2, 2024

The Federal Bureau of Investigation (FBI) issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact the target and pretend to be employees of a cryptocurrency exchange.

Cryptocurrency 109

Cryptocurrency Scams Identity Theft Accountability 109

The Hacker News

AUGUST 2, 2024

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.

Cyber Attacks 108

Cyber Attacks Government Technology 108

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

AUGUST 2, 2024

Social Security numbers, death certificates, voter applications, and other personal data were accessible on the open internet, highlighting the ongoing challenges in election security.

Internet 105

Internet Internet 105

The Hacker News

AUGUST 2, 2024

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

Phishing 111

Phishing Malware 111

Heimadal Security

AUGUST 2, 2024

For many cybersecurity professionals, there comes a time when you need to weigh up outsourcing security to a Managed Security Service Provider (MSSP), versus keeping those tasks in-house by building your own Security Operations Center (SOC). So, we will be discussing MSSP vs. SOC. There are several reasons you might be comparing using an MSSP […] The post MSSP vs.

Cybersecurity 103

Cybersecurity 103

The Hacker News

AUGUST 2, 2024

Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.

Manufacturing 105

Manufacturing Accountability Software Risk 105

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Quick Heal Antivirus

AUGUST 2, 2024

This post is based on a true incident faced by a friend last week. The story is developing. The post Pay attention to your bank’s messages. It might save you from a credit card fraud appeared first on Quick Heal Blog.

Banking 98

Banking Scams Phishing 98

SecureBlitz

AUGUST 2, 2024

In this post, I will show you 3 ways online IDEs are revolutionizing the technology landscape. Online Integrated Development Environments (IDEs) are a key component of the fast expansion of the technological environment. Without the need to install software locally, online IDEs are web-based systems that give developers a full suite of tools for authoring, […] The post 3 Ways Online IDEs Are Revolutionizing the Technology Landscape appeared first on SecureBlitz Cybersecurity.

Technology 89

Technology Software Cybersecurity 89

Bleeping Computer

AUGUST 2, 2024

A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. [.

Software 88

Software 88

SecureBlitz

AUGUST 2, 2024

This post will show you how to view your saved passwords on any device. Managing passwords has become a crucial aspect of our online lives in our increasingly digital world. With the multitude of accounts we create for various services, it's no wonder many of us opt to save our passwords for convenience. However, there […] The post How To View Your Saved Passwords on Any Device [Mac, Windows, Android & iOS] appeared first on SecureBlitz Cybersecurity.

Passwords 88

Passwords Accountability Cybersecurity 88

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

SecureWorld News

AUGUST 2, 2024

The United Arab Emirates (UAE) is taking significant strides to enhance its cybersecurity framework with the introduction of three new policies focused on cloud computing, data security, IoT security, and cybersecurity operations centers. Mohammed Hamad Al-Kuwaiti, the chair of the UAE Cybersecurity Council, announced these initiatives in a statement to the Emirates News Agency (WAM), underscoring the nation's commitment to securing its digital infrastructure.

Cybersecurity 88

Cybersecurity IoT Cyber threats Internet 88

Heimadal Security

AUGUST 2, 2024

More than 35,000 registered domains have been hijacked by threat actors in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. Cybercriminals utilize inadequate ownership verification at DNS providers and configuration flaws at the registrant level in Sitting Ducks attacks.

DNS 85

DNS Accountability Cybersecurity 85

The Hacker News

AUGUST 2, 2024

In today's digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it's time for a change.

Cybersecurity 87

Cybersecurity Cyber threats 87

Penetration Testing

AUGUST 2, 2024

In the ever-evolving landscape of cybersecurity, staying ahead of threats requires more than just antivirus software and firewalls. It demands a comprehensive understanding of the tactics, techniques, and procedures (TTPs) employed by malicious actors.... The post OpenCTI: Empowering Cyber Threat Intelligence Management appeared first on Cybersecurity News.

Cyber threats 88

Cyber threats Antivirus Firewall Software 88

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

CompTIA on Cybersecurity

AUGUST 2, 2024

There’s a lot to digest from three days of making connections and gaining insights at ChannelCon 2024 in Atlanta. In case you couldn’t make it—or even if you did—here are 10 things you should know.

80

80

Security Boulevard

AUGUST 2, 2024

Secrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets. The post What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets appeared first on Akeyless. The post What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets appeared first on Security Boulevard.

Data breaches 78

Data breaches 78

Bleeping Computer

AUGUST 2, 2024

U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [.

Ransomware 76

Ransomware Cryptocurrency 76

Zero Day

AUGUST 2, 2024

You can pick up an Apple Watch Series 9 for just $329 at Walmart, but is it worth the upgrade? We break down the features of the Apple Watch 9 and the Watch Series 8 to help you decide which is the best fit.

98

98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government