Schneier on Security
NOVEMBER 14, 2024
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
Krebs on Security
NOVEMBER 14, 2024
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel , who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
NOVEMBER 14, 2024
A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US. In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites.
NetSpi Technical
NOVEMBER 14, 2024
Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Penetration Testing
NOVEMBER 14, 2024
A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications. Rated... The post Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack appeared first on Cybersecurity News.
SecureWorld News
NOVEMBER 14, 2024
Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. Here are the key takeaways from the report.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
NOVEMBER 14, 2024
SANTA CLARA, Calif. — With great promise comes potential peril. And while artificial intelligence (AI) is looked upon as a panacea for enterprises, it also poses an existential security threat. “We stand at the intersection of human ingenuity and technological innovation, where the game of cybersecurity has evolved into a high-stakes match,” Nir Zuk, founder.
Security Affairs
NOVEMBER 14, 2024
China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.
Malwarebytes
NOVEMBER 14, 2024
A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online. In February, 2024, a cybercriminal offered the records for sale on a data breach forum claiming the information came from pureincubation[.]com. Cybercriminal offering to sell Pure Incubation data Pure Incubation was founded in 2012, and the company later rebranded to DemandScience.
Security Affairs
NOVEMBER 14, 2024
The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure. Days after D-Link announced it wouldn’t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link NAS devices, that threat actors started attempting to exploit. The vulnerability CVE-2024-10914 is a command injection issue that impacts D-Link DNS-320 , DNS-320LW, DNS-325 and DNS-340L up to 20241028.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
NOVEMBER 14, 2024
NIST, the embattled agency that analyzes security vulnerabilities, has cleared the backlog of known CVEs that hadn't been processed but needs more time to clear the entire backlog of unanalyzed flaws. The post NIST Clears Backlog of Known Security Flaws but Not All Vulnerabilities appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 14, 2024
Security researchers from AppOmni have uncovered millions of business records that are accessible to anyone through low-code website builder Microsoft Power Pages.
BH Consulting
NOVEMBER 14, 2024
There was no doubting the one topic on almost everyone’s minds at IRISSCON 2024: AI. But a hallmark of the event since it was first held in 2009 is visiting speakers who aren’t afraid to challenge popular narratives. The result, as ever, was presentations strong on realism and common sense, short on sales hype and scaremongering. In one of the early sessions, Onur Korucu, managing partner of GovernID, spoke about how AI’s rapid progress is reshaping approaches to cybersecurity.
Penetration Testing
NOVEMBER 14, 2024
Synology, a leading provider of network-attached storage (NAS) solutions, has released urgent security updates to address multiple critical zero-day vulnerabilities discovered in its camera products. These flaws, which affect the... The post Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
NOVEMBER 14, 2024
Blinded by Silence: How Attackers Disable EDR Overview Endpoint Detection and Response systems (EDRs) are an essential part of modern cybersecurity strategies. EDR solutions gather and analyze data from endpoints to identify suspicious activities and provide real-time threat visibility. This allows security teams to respond quickly to incidents, investigate threats thoroughly, and mitigate the impact of potential breaches.
Penetration Testing
NOVEMBER 14, 2024
A newly discovered vulnerability in macOS could allow attackers to bypass critical security mechanisms and gain unauthorized access to sensitive files. This revelation comes from independent security researcher Mickey Jin,... The post macOS Security Compromised: Novel Exploit Bypasses Sandbox Protections appeared first on Cybersecurity News.
Security Boulevard
NOVEMBER 14, 2024
Authors/Presenters: Timm Lauser, Jannis Hamborg Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Redefining V2G: How To Use Your Vehicle As Game Controller appeared first on Security Boulevard.
The Hacker News
NOVEMBER 14, 2024
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
NOVEMBER 14, 2024
SecurityScorecard’s STRIKE Team uncovers the resurgence of Volt Typhoon, a state-sponsored advanced persistent threat (APT) actor leveraging compromised legacy devices to target critical infrastructure. A new report from SecurityScorecard’s STRIKE... The post Volt Typhoon APT Group Resurfaces: A Persistent Threat to Critical Infrastructure appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 14, 2024
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.
Penetration Testing
NOVEMBER 14, 2024
Administrator websites are facing a new threat as attackers actively exploit a critical vulnerability in the popular Chartify – WordPress Chart Plugin. This plugin, with over 2,000 active installations, is... The post CVE-2024-10571 (CVSS 9.8): Critical Flaw in WordPress Chart Plugin Under Active Attack appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 14, 2024
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Zero Day
NOVEMBER 14, 2024
Phone scams are on the rise, but Pixel users are getting an extra line of defense, thanks to AI.
The Hacker News
NOVEMBER 14, 2024
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
Zero Day
NOVEMBER 14, 2024
Dell's XPS 8960 surpasses the Mac Mini at being one of the best desktops for content creation and gaming. Plus, it's recently been discounted.
The Hacker News
NOVEMBER 14, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Zero Day
NOVEMBER 14, 2024
The ISO lets you install Windows 11 24H2 in a virtual machine or directly on an Arm-based system, though your PC's age will determine how smoothly it goes.
The Hacker News
NOVEMBER 14, 2024
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations.
Zero Day
NOVEMBER 14, 2024
Want an AI voice assistant that can naturally converse with you in 10 different languages - for free? Download the Gemini app.
The Hacker News
NOVEMBER 14, 2024
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
310 
Let's personalize your content