Schneier on Security
NOVEMBER 14, 2024
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
Krebs on Security
NOVEMBER 14, 2024
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel , who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
NetSpi Technical
NOVEMBER 14, 2024
Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.
Tech Republic Security
NOVEMBER 14, 2024
Security researchers from AppOmni have uncovered millions of business records that are accessible to anyone through low-code website builder Microsoft Power Pages.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
NOVEMBER 14, 2024
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.
Security Boulevard
NOVEMBER 14, 2024
SANTA CLARA, Calif. — With great promise comes potential peril. And while artificial intelligence (AI) is looked upon as a panacea for enterprises, it also poses an existential security threat. “We stand at the intersection of human ingenuity and technological innovation, where the game of cybersecurity has evolved into a high-stakes match,” Nir Zuk, founder.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
NOVEMBER 14, 2024
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.
Penetration Testing
NOVEMBER 14, 2024
A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications. Rated... The post Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 14, 2024
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations.
Zero Day
NOVEMBER 14, 2024
The ISO lets you install Windows 11 24H2 in a virtual machine or directly on an Arm-based system, though your PC's age will determine how smoothly it goes.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
NOVEMBER 14, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.
Security Affairs
NOVEMBER 14, 2024
The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure. Days after D-Link announced it wouldn’t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link NAS devices, that threat actors started attempting to exploit. The vulnerability CVE-2024-10914 is a command injection issue that impacts D-Link DNS-320 , DNS-320LW, DNS-325 and DNS-340L up to 20241028.
The Hacker News
NOVEMBER 14, 2024
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said.
WIRED Threat Level
NOVEMBER 14, 2024
Experts expect Donald Trump’s next administration to relax cybersecurity rules on businesses, abandon concerns around human rights, and take an aggressive stance against the cyber armies of US adversaries.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
NOVEMBER 14, 2024
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.
Zero Day
NOVEMBER 14, 2024
Dell's XPS 8960 surpasses the Mac Mini at being one of the best desktops for content creation and gaming. Plus, it's recently been discounted.
The Hacker News
NOVEMBER 14, 2024
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
Zero Day
NOVEMBER 14, 2024
Businesses using open-source projects like Kubernetes are being targeted more often by patent trolls. Now the open source community is launching a counter-offensive and looking for volunteers.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
SecureWorld News
NOVEMBER 14, 2024
Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. Here are the key takeaways from the report.
Zero Day
NOVEMBER 14, 2024
The iPhone 15 Pro comes with a host of improvements over its predecessor, but there are still some notable reasons to buy the iPhone 14 Pro.
Security Affairs
NOVEMBER 14, 2024
China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.
Zero Day
NOVEMBER 14, 2024
Want an AI voice assistant that can naturally converse with you in 10 different languages - for free? Download the Gemini app.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
NOVEMBER 14, 2024
Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.
Malwarebytes
NOVEMBER 14, 2024
A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online. In February, 2024, a cybercriminal offered the records for sale on a data breach forum claiming the information came from pureincubation[.]com. Cybercriminal offering to sell Pure Incubation data Pure Incubation was founded in 2012, and the company later rebranded to DemandScience.
Penetration Testing
NOVEMBER 14, 2024
In a world where ransomware has evolved to use complex encryption algorithms, ShrinkLocker—a newly discovered ransomware variant—takes a retro approach. Martin Zugec, a security researcher at Bitdefender, recently analyzed ShrinkLocker... The post Bitdefender Releases Decryptor for ShrinkLocker Ransomware appeared first on Cybersecurity News.
Zero Day
NOVEMBER 14, 2024
Phone scams are on the rise, but Pixel users are getting an extra line of defense, thanks to AI.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
NOVEMBER 14, 2024
Authors/Presenters: Timm Lauser, Jannis Hamborg Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Redefining V2G: How To Use Your Vehicle As Game Controller appeared first on Security Boulevard.
Zero Day
NOVEMBER 14, 2024
New research from Slack says AI hype is 'cooling' due to these factors -- and could even cause social degradation amongst younger workers.
Security Affairs
NOVEMBER 14, 2024
China-linked threat actors breached U.S. broadband providers and gained access to private communications of a limited number of U.S. government officials. The FBI and CISA continues to investigate a large-scale cyber-espionage campaign by China-linked threat actors targeting U.S. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.
Zero Day
NOVEMBER 14, 2024
People are still opting for easy-to-guess passwords, says NordPass. Here's how to better protect your accounts and why you should.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
270 
Let's personalize your content