Krebs on Security
NOVEMBER 21, 2024
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus.
Security Affairs
NOVEMBER 21, 2024
Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. “Today they are going to send me a report on the supposed hacking.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 21, 2024
This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant.
Security Affairs
NOVEMBER 21, 2024
The U.S. Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944 , 0ktapus ) with conspiracy to commit wire fraud. “Law enforcement today unsealed criminal charges against five defendants who allegedly targeted employees of companies nationwide with phishing text messages and then used the harvested employee cr
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
NOVEMBER 21, 2024
Ransomware attacks are increasingly targeting critical infrastructure — essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors.
Webroot
NOVEMBER 21, 2024
With the rise of online scams and privacy risks, virtual private networks (VPNs) are becoming more popular for day-to-day use. Or at least I feel like they are based on the number of ads I hear for them on my favorite podcasts. So maybe you’ve heard of VPNs but aren’t actually sure what they are. Simply put, a VPN creates a safe, anonymous pathway for the data you send and receive over a Wi-Fi network, allowing you to browse anonymously and access content as if you were in a different location.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
eSecurity Planet
NOVEMBER 21, 2024
Davin Jackson has joined the eSecurity Planet team as our cybersecurity expert and media personality, bringing with him nearly 20 years of experience in tech and cybersecurity. He has helped organizations of various sizes to improve their security against cyber threats. His licenses and certifications include GIAC Web Application Penetration Tester, GIAC Certified Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), and Certified Ethical Hacker, among others.
Security Boulevard
NOVEMBER 21, 2024
The hard truth is that security breaches often happen because of human mistakes from simple, everyday actions. It's not just employees unknowingly using unsecured Wi-Fi – it's phishing, weak passwords and a lack of awareness that open the door to attackers. The post The Crucial Influence of Human Factors in Security Breaches appeared first on Security Boulevard.
Penetration Testing
NOVEMBER 21, 2024
A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security researcher Ebrahim Shafiei identified the flaw (CVE-2024-52940)... The post CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published appeared first on Cybersecurity News.
Security Affairs
NOVEMBER 21, 2024
A threat actor had access to electronic patient record system of an unnamed French hospital, and the health data of 750,000 patients was compromised. An unnamed French hospital suffered a data breach that impacted more than 758,000 patients, a threat actor had access to the electronic patient record system of the organization. The threat actor claims that exposed records include name, first name, date of birth, gender, address, city, postal code, phone number(s), and email.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
NOVEMBER 21, 2024
For many experts, the verdict is that RBAC remains a big deal because it delivers on two crucial fronts: It keeps organizations secure while enabling them to remain agile and innovative. In an era of increasingly sophisticated cyberattacks, that’s a combination that’s hard to beat. The post Why RBAC is Still a Big Deal in 2024 appeared first on Security Boulevard.
Penetration Testing
NOVEMBER 21, 2024
A newly discovered vulnerability in Apache NiFi could inadvertently expose sensitive parameter values in debug logs, potentially compromising confidential information. The flaw, tracked as CVE-2024-52067, affects Apache NiFi versions 1.16.0... The post CVE-2024-52067: Sensitive Data Exposed in Apache NiFi Debug Logs appeared first on Cybersecurity News.
Tech Republic Security
NOVEMBER 21, 2024
Threat actors exploited two vulnerabilities in Intel-based machines. Google’s Threat Analysis Group discovered the flaws.
Penetration Testing
NOVEMBER 21, 2024
Red Hat and Microsoft join forces to bring the leading enterprise Linux distribution to Windows developers. In a move that promises to streamline hybrid cloud development and enhance developer flexibility,... The post Red Hat Enterprise Linux Lands on Windows Subsystem for Linux appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
NOVEMBER 21, 2024
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S.
Zero Day
NOVEMBER 21, 2024
If you use ChatGPT for writing, you'll be happy to hear this.
The Hacker News
NOVEMBER 21, 2024
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
Cisco Security
NOVEMBER 21, 2024
As cyber threats evolve, defending workloads in today’s multi-cloud environments requires more than traditional security. Attackers are no longer simply at the perimeter; they may already be inside, waiting to exploit vulnerabilities. This reality demands a shift from just keeping threats out to minimizing their impact when they breach.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
NOVEMBER 21, 2024
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.
We Live Security
NOVEMBER 21, 2024
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, as well as to Project Wood.
The Hacker News
NOVEMBER 21, 2024
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
Zero Day
NOVEMBER 21, 2024
Nvidia CEO Jensen Huang spends a lot of time stuffing documents into Google's impressive AI tool. Here's why.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
NOVEMBER 21, 2024
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars.
WIRED Threat Level
NOVEMBER 21, 2024
Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.
The Hacker News
NOVEMBER 21, 2024
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question.
Zero Day
NOVEMBER 21, 2024
More and more ex-Twitter/X users are seeking new online homes. I kicked the tires on these three nascent services. Here's what you need to know about them.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
NOVEMBER 21, 2024
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security.
Duo's Security Blog
NOVEMBER 21, 2024
Stepping up to a better, more feature-rich product or service can seem challenging. In the end though, it’s worth the effort, especially when it addresses areas of need. For example, my TV is 14 years old. Although the picture quality is still excellent and there are some decent capabilities I can use, it’s missing many of today’s modern features that deliver a much better viewing experience than what I have now.
Zero Day
NOVEMBER 21, 2024
Want a drone that'll do it all? The new DJI Air 3 is as close to an all-rounder as you'll get.
Cisco Security
NOVEMBER 21, 2024
As cyber threats evolve, defending workloads in today’s multi-cloud environments requires more than traditional security. Attackers are no longer simply at the perimeter; they may already be inside, waiting to exploit vulnerabilities. This reality demands a shift from just keeping threats out to minimizing their impact when they breach. Cisco Secure Workload is at the […] As cyber threats evolve, defending workloads in today’s multi-cloud environments requires more than traditional securit
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
248 
Let's personalize your content