Troy Hunt

JULY 31, 2024

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" &

Scams 324

Scams Passwords Malware Accountability 324

Schneier on Security

JULY 31, 2024

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Internet 288

Internet Internet Malware 288

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-frie

DNS 272

DNS Internet Internet Phishing 272

The Last Watchdog

JULY 31, 2024

Web browser security certainly hasn’t been lacking over the past 25 years. Related: Island valued at $3.5 billion Advancements have included everything from sandboxing and web applications firewalls (WAFs,) early on, to secure web gateways (SWGs) and Virtual Desktop Infrastructure (VDIs,) more recently. Yet profound browser exposures persist — and this has led to the arrival of enterprise browsers , which will be in the spotlight as Black Hat USA 2024 gets underway next week in Las Vegas.

Threat Detection 130

Threat Detection Firewall Engineering Authentication 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 31, 2024

The CVE-2024-37085 vulnerability is present in VMware ESXi hypervisors and has been used to deploy ransomware, according to Microsoft.

Ransomware 164

Ransomware Cybersecurity 164

Bleeping Computer

JULY 31, 2024

Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. [.

DDOS 142

DDOS 142

Security Boulevard

JULY 31, 2024

There has been a dramatic rise in email attacks and ransomware incidents, with an Acronis report noting a staggering 293% increase in email attacks in the first half of 2024 compared to the same period in 2023. The post Email Attacks Surge, Ransomware Threat Remains Elevated appeared first on Security Boulevard.

Ransomware 134

Ransomware Social Engineering Engineering Security Awareness 134

Bleeping Computer

JULY 31, 2024

A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. [.

Banking 132

Banking Accountability Malware Mobile 132

Security Boulevard

JULY 31, 2024

An analysis published today by Cribl, a data management platform provider, suggests that the amount of data being processed and analyzed by cybersecurity teams is increasing exponentially. The post Report: Amount of Data Being Analyzed by Cybersecurity Teams Rises appeared first on Security Boulevard.

Cybersecurity 133

Cybersecurity Security Awareness 133

The Hacker News

JULY 31, 2024

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud.

Malware 134

Malware Passwords Accountability 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JULY 31, 2024

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The IT giant released iOS 17.6 and iPadOS 17.6 to address dozens of security vulnerabilities, including authentication and policy bypasses, information disclosure and denial-of-service (DoS) issues, and bugs that can lead to memory leaks and unexpected a

Authentication 138

Authentication Hacking Mobile Information Security 138

Trend Micro

JULY 31, 2024

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.

Media 123

Media Cyber threats Phishing Malware 123

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts. The Cleafy TIR team discovered the previously undetected malware at the end of May 2024.

Banking 141

Banking Accountability Malware Mobile 141

Tech Republic Security

JULY 31, 2024

Data breaches were 50% more common in Australia than the global average in 2023, according to new research from Rubrik.

Data breaches 141

Data breaches Backups Ransomware 141

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 31, 2024

OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients.

Banking 135

Banking Ransomware Healthcare Cyber Attacks 135

The Hacker News

JULY 31, 2024

Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV).

126

126

NetSpi Technical

JULY 31, 2024

Per GCP IAM documentation , Google Groups are valid principals for IAM policy bindings in Google Cloud. Google also recommends using Groups when granting roles in GCP, as opposed to users. Groups can include groups outside of organizations like devs@googlegroups.com or groups in an Organization like admins@yourorg.com. Google Groups can be managed via [link] and optionally through the Google Cloud Console.

Risk 123

Risk Internet Internet 123

The Hacker News

JULY 31, 2024

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS owing to the use of the same content delivery network (CDN) oss.eriakos[.]com.

Scams 126

Scams 126

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 31, 2024

Is Delta the First of Many? Airline calls in attorneys Boies Schiller Flexner to claw back its cash. The post CrowdStrike Sued? — Delta Dials David Boies appeared first on Security Boulevard.

Software 123

Software Risk Government Malware 123

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT. ESET researchers detected nine notable phishing campaigns during May 2024 in Poland, Romania, and Italy.

Phishing 134

Phishing Malware Accountability Hacking 134

Security Boulevard

JULY 31, 2024

The stakes have rarely been higher. As cybersecurity experts make their way to the one-armed bandits and scorching heat in Las Vegas for Black Hat USA 2024 next week, the specter of the CrowdStrike Inc. debacle looms large. More than a dozen vendors contacted by Techstrong insist the worldwide outage has created a level of. The post Black Hat Preview: CrowdStrike, Disinformation Lead The Narrative appeared first on Security Boulevard.

Cybersecurity 121

Cybersecurity CISO Mobile Network Security 121

eSecurity Planet

JULY 31, 2024

Endpoint protection solutions safeguard network endpoints against cyberthreats using a selection of management tools, including endpoint detection and response (EDR), endpoint protection platform (EPP), and antivirus (AV). AV software blocks malware, EPP passively prevents threats, and EDR actively mitigates network attacks. When threats circumvent EPP’s preventative procedures, EDR is frequently paired with EPP to control the damage.

Antivirus 117

Antivirus Threat Detection Malware Software 117

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JULY 31, 2024

A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors' personal and financial information. [.

Advertising 116

Advertising 116

We Live Security

JULY 31, 2024

Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide

Cyber Risk 113

Cyber Risk Insurance Risk 113

Security Boulevard

JULY 31, 2024

Federated learning enables better fraud detection while simultaneously guaranteeing data privacy and security, aligning with our common needs. The post Join the Fight: Calling Fintech Leaders to Unite With Federated Learning for Superior Fraud Detection appeared first on Security Boulevard.

Data privacy 112

Data privacy Security Awareness Cybersecurity 112

Penetration Testing

JULY 31, 2024

A vulnerability in VMware’s ESXi virtualization platform continues to leave thousands of servers exposed to ransomware attacks, despite active exploitation by cybercriminals and warnings from major security organizations. Researchers from the Shadowserver Foundation have... The post VMware ESXi Vulnerability Exposes Thousands of Servers to Ransomware appeared first on Cybersecurity News.

Ransomware 121

Ransomware Cybersecurity 121

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

JULY 31, 2024

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East.

Malware 113

Malware Software 113

Security Boulevard

JULY 31, 2024

U.S. ports, shipping companies and critical pipelines have repeatedly sustained cyberattacks, with increasing severity and consequences. The post Maritime Cybersecurity: Avoiding the Next DALI appeared first on Security Boulevard.

Cybersecurity 110

Cybersecurity Technology Security Awareness 110

Bleeping Computer

JULY 31, 2024

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. [.

Authentication 110

Authentication Malware 110

The Hacker News

JULY 31, 2024

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years.

Malware 110

Malware Cybersecurity 110

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government