Mon.Oct 21, 2024

article thumbnail

AI and the SEC Whistleblower Program

Schneier on Security

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue, they have no problem abusing taxpayers and making things worse for them in the long term.

article thumbnail

ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

Tech Republic Security

CISA advisor Nicole Perlroth closed out ISC2 Security Congress’ keynotes with a wake-up call for security teams to watch for nation-state-sponsored attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Doc

article thumbnail

Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

Malwarebytes

Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at website snapshots from the past. It is often used for academic research and data analysis.

Internet 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Internet Archive was breached twice in a month

Security Affairs

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from people who received replies to their old Internet Archive removal requests, warning that the organization

Internet 135
article thumbnail

The 6 Best Antivirus Software Providers for Mac in 2024

Tech Republic Security

Macs may need additional antivirus protection in a business environment or high-risk use case. Bitdefender is the best overall Mac antivirus provider when it comes to protection, usability, and performance.

Antivirus 147

More Trending

article thumbnail

Australia’s New Scam Prevention Laws: What You Need to Know

Tech Republic Security

Australia's Scam Prevention Framework aims to protect consumers by holding tech, banking, and telecom sectors accountable, with fines up to $50 million.

Scams 144
article thumbnail

The end of the i386 kernel and images

Kali Linux

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Images and releases will no longer be created for this platform. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. These terms apply more generally to any Debian-based Linux distribution. amd64 refers to the x86-64 architecture, ie. the 64-bit version of the x86 instructi

article thumbnail

US Government Says Relying on Chinese Lithium Batteries Is Too Risky

WIRED Threat Level

A new document shows the Department of Homeland Security is concerned that Chinese investment in lithium batteries to power energy grids will make them a threat to US supply chain security.

article thumbnail

Google Voice scams: What are they and how do I avoid them?

We Live Security

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Scams 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.

article thumbnail

Stealer here, stealer there, stealers everywhere!

SecureList

Introduction Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked by information stealers in 2023.

Passwords 123
article thumbnail

Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’

Security Boulevard

Chinese researchers used a D-Wave quantum computer to crack a 22-bit encryption key, which can be used as a cautionary tale for what may lie ahead with future quantum systems but doesn't threaten the classical encryption being widely used today. The post Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’ appeared first on Security Boulevard.

article thumbnail

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

The Hacker News

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Phishing Attacks Snare Security, IT Leaders

Security Boulevard

Despite 80% of IT leaders expressing confidence that their organization won’t fall for phishing attacks, nearly two-thirds admitted they’ve clicked on phishing links themselves. This overconfidence is coupled with concerning behaviors, as 36% of IT leaders have disabled security measures on their systems, undermining organizational defenses. These were among the chief results of an Arctic.

Phishing 122
article thumbnail

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

The Hacker News

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external.

article thumbnail

Cybersecurity Action Month: When Awareness Must Lead to Action

IT Security Guru

October is widely regarded as Cybersecurity Awareness Month. While awareness is crucial in our increasingly perilous cyber landscape – where threats to both organisations and individuals are growing in scale and sophistication – action is now paramount. Recent research indicates that 95% of IT leaders believe cyber attacks are more advanced than ever, largely due to the accessibility of AI technologies.

article thumbnail

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

Trend Micro

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What Is Secure Access Service Edge?

Tech Republic Security

There has been plenty of hype around secure access service edge. Some even say it is replacing legacy network and security architectures. Drew Robb, writing for TechRepublic Premium, lays out what it is, how it fits within the security and networking landscape, whether it is replacing SD-WAN, its benefits, its challenges, and how to implement.

article thumbnail

DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications

Security Boulevard

Authors/Presenters: Peiyu Wang Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely []DEF CON 32] 2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications appeared first on Security Boulevard.

Hacking 109
article thumbnail

Understanding the Zero Trust Security Model to Safeguard Digital Infrastructure

Digital Guardian

Zero Trust is a cybersecurity model requiring verification of all internal and external access attempts, eliminating trust to prevent breaches. Learn more about what goes into a zero trust security model and zero trust network access (ZTNA) in this blog.

article thumbnail

This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)

Malwarebytes

This week on the Lock and Code podcast … On the internet, you can be shown an online ad because of your age, your address, your purchase history, your politics, your religion, and even your likelihood of having cancer. This is because of the largely unchecked “data broker” industry. Data brokers are analytics and marketing companies that collect every conceivable data point that exists about you, packaging it all into profiles that other companies use when deciding who should see their adv

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Survey Surfaces Depth and Scope of Identity Management Challenge

Security Boulevard

A survey of 510 IT security and risk practitioners finds 93% have access to a comprehensive inventory of human and non-human identities across their IT environments, with 85% having a clear line of visibility and monitoring into who is doing what. However, just under half (45%) also noted there has been some type of unauthorized. The post Survey Surfaces Depth and Scope of Identity Management Challenge appeared first on Security Boulevard.

Risk 93
article thumbnail

A week in security (October 14 – October 20)

Malwarebytes

Last week on Malwarebytes Labs: Unauthorized data access vulnerability in macOS is detailed by Microsoft 23andMe will retain your genetic information, even if you delete the account “Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them Tor Browser and Firefox users should update to fix actively exploited vulnerability AI scammers target Gmail accounts, say they have your death certificate Election season raises fears for nearly a third of people w

article thumbnail

Data Breach Statistics [2024] : Penalties and Fines for Major regulations

Security Boulevard

In today’s data-driven world, data breaches are one of the most significant threats facing organizations, with the financial impact varying widely across industries. The cost of a data breach is often determined by the nature of the data involved and the regulatory landscape governing the industry. Sectors like healthcare and financial services, which handle highly […] The post Data Breach Statistics [2024] : Penalties and Fines for Major regulations first appeared on Accutive Security.

article thumbnail

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

SecureWorld News

Acquiring a security solution can be a complex process. Most organizations undergo a justification process to secure funding for the purchase. Some focus on the solution's problem-solving capabilities, suitability, and efficacy. In contrast, more mature organizations quantify risk, comparing the original risk against the cost of the solution and the residual risk after deployment to decide whether to proceed with the purchase.

Risk 99
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident

Penetration Testing

Rackspace, a leading provider of managed cloud services, announced a security incident related to a zero-day vulnerability discovered in a third-party utility bundled with the ScienceLogic EM7 (SL1) monitoring platform.... The post CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident appeared first on Cybersecurity News.

article thumbnail

Cisco Faces Security Incident as Hacker Claims Breach of DevHub Portal

SecureWorld News

On October 15, 2024, Cisco issued a public statement acknowledging reports of an alleged security incident involving the unauthorized access of specific Cisco data and data belonging to its customers. While Cisco has maintained that no breach of its core systems occurred, the evolving situation highlights companies' persistent challenges in balancing transparency and security.

article thumbnail

My favorite iPhone car mount charger just got a cool upgrade (and it supports Qi2)

Zero Day

ESR's new Qi2 car mount can wirelessly charge your iPhone at 15W while staying cool, thanks to its CryoBoost feature.

article thumbnail

Exploring paths to a cybersecurity career

CompTIA on Cybersecurity

Data breaches should stay in the past. Explore paths to a cybersecurity career by diving into CompTIA's State of Cybersecurity 2025 report.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.