Thu.Nov 14, 2024

article thumbnail

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Schneier on Security

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

article thumbnail

An Interview With the Target & Home Depot Hacker

Krebs on Security

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel , who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Retail 235
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

1.1 Million UK NHS Employee Records Exposed From Microsoft Power Pages Misconfiguration

Tech Republic Security

Security researchers from AppOmni have uncovered millions of business records that are accessible to anyone through low-code website builder Microsoft Power Pages.

article thumbnail

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US. In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.

Passwords 145
article thumbnail

Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack

Penetration Testing

A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications. Rated... The post Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack appeared first on Cybersecurity News.

More Trending

article thumbnail

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

article thumbnail

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity

WIRED Threat Level

Experts expect Donald Trump’s next administration to relax cybersecurity rules on businesses, abandon concerns around human rights, and take an aggressive stance against the cyber armies of US adversaries.

Spyware 142
article thumbnail

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

The Hacker News

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.

article thumbnail

Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices

Security Affairs

The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure. Days after D-Link announced it wouldn’t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link NAS devices, that threat actors started attempting to exploit. The vulnerability CVE-2024-10914 is a command injection issue that impacts D-Link DNS-320 , DNS-320LW, DNS-325 and DNS-340L up to 20241028.

DNS 122
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme

The Hacker News

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.

Phishing 138
article thumbnail

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

article thumbnail

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

The Hacker News

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.

Malware 135
article thumbnail

Palo Alto Networks Issues AI Red Alert

Security Boulevard

SANTA CLARA, Calif. — With great promise comes potential peril. And while artificial intelligence (AI) is looked upon as a panacea for enterprises, it also poses an existential security threat. “We stand at the intersection of human ingenuity and technological innovation, where the game of cybersecurity has evolved into a high-stakes match,” Nir Zuk, founder.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

TikTok Pixel Privacy Nightmare: A New Case Study

The Hacker News

Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations.

article thumbnail

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. Here are the key takeaways from the report.

article thumbnail

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

The Hacker News

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said.

Scams 134
article thumbnail

This Pixel phone feature listens in on calls to protect you from scams

Zero Day

Phone scams are on the rise, but Pixel users are getting an extra line of defense, thanks to AI.

Scams 116
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA Flags Critical Palo Alto Network Flaws Actively Exploited in the Wild

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.

article thumbnail

This Dell desktop gives you more versatility than either the M4 MacBook Pro or Mac Mini

Zero Day

Dell's XPS 8960 surpasses the Mac Mini at being one of the best desktops for content creation and gaming. Plus, it's recently been discounted.

111
111
article thumbnail

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

The Hacker News

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.

article thumbnail

Microsoft releases Windows 11 ISO file for Arm, but older PCs may require extra effort

Zero Day

The ISO lets you install Windows 11 24H2 in a virtual machine or directly on an Arm-based system, though your PC's age will determine how smoothly it goes.

111
111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

5 BCDR Oversights That Leave You Exposed to Ransomware

The Hacker News

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.

article thumbnail

Gemini Live is available to all iOS and Android users now - for free. How to try it

Zero Day

Want an AI voice assistant that can naturally converse with you in 10 different languages - for free? Download the Gemini app.

111
111
article thumbnail

Major cyber attacks and data breaches of 2024

Security Boulevard

As 2024 draws to a close, the cybersecurity landscape continues to evolve, marked by both familiar adversaries and emerging threats with newer technologies and improved tactics. Rather than merely cataloguing breaches, we look into the anatomy of significant cyber attacks, associated vulnerabilities that led to such events, and relevant controls. We’ve chronicled key developments month […] The post Major cyber attacks and data breaches of 2024 appeared first on Security Boulevard.

article thumbnail

Open source fights back: 'We won't get patent-trolled again'

Zero Day

Businesses using open-source projects like Kubernetes are being targeted more often by patent trolls. Now the open source community is launching a counter-offensive and looking for volunteers.

107
107
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Bitdefender Releases Decryptor for ShrinkLocker Ransomware

Penetration Testing

In a world where ransomware has evolved to use complex encryption algorithms, ShrinkLocker—a newly discovered ransomware variant—takes a retro approach. Martin Zugec, a security researcher at Bitdefender, recently analyzed ShrinkLocker... The post Bitdefender Releases Decryptor for ShrinkLocker Ransomware appeared first on Cybersecurity News.

article thumbnail

Employees are hiding their AI use from their managers. Here's why

Zero Day

New research from Slack says AI hype is 'cooling' due to these factors -- and could even cause social degradation amongst younger workers.

105
105
article thumbnail

Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own

Penetration Testing

Synology, a leading provider of network-attached storage (NAS) solutions, has released urgent security updates to address multiple critical zero-day vulnerabilities discovered in its camera products. These flaws, which affect the... The post Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own appeared first on Cybersecurity News.

article thumbnail

OpenAI is working on a AI agent that can do tasks for you, like booking flights

Zero Day

Autonomous AI agents may be closer than you think.

105
105
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.