Tech Republic Security

MAY 15, 2024

Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.

VPN 172

VPN 172

The Hacker News

MAY 15, 2024

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

Engineering 140

Engineering 140

Security Boulevard

MAY 15, 2024

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense. The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Phishing 134

Phishing Social Engineering Data privacy Authentication 134

The Hacker News

MAY 15, 2024

Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.

Software 132

Software 132

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Trend Micro

MAY 15, 2024

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.

Malware 142

Malware 142

The Hacker News

MAY 15, 2024

The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024.

Social Engineering 130

Social Engineering Ransomware Engineering 130

The Hacker News

MAY 15, 2024

Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the Federal Bureau of Investigation (FBI).

Cybercrime 126

Cybercrime 126

Security Boulevard

MAY 15, 2024

The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the past 15 years, with about 100,000. The post 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers appeared first on Security Boulevard.

Malware 120

Malware Cybersecurity Network Security 120

The Hacker News

MAY 15, 2024

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities [.

Malware 123

Malware Cybersecurity 123

We Live Security

MAY 15, 2024

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

124

124

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

The Hacker News

MAY 15, 2024

Here’s How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public.

Cyber Risk 122

Cyber Risk Risk 122

Security Affairs

MAY 15, 2024

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum. BreachForums is a cybercrime forum used by threat actors to purchase, sell, and exchange stolen data, including credentials, and personal and financial information. The authorities also seized the Telegram page for the hacking forum The website currently displays a message that informs visitors it was seized by law enforcement.

Hacking 112

Hacking Cybercrime Information Security 112

The Hacker News

MAY 15, 2024

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft.

119

119

Security Affairs

MAY 15, 2024

Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader. Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact Adobe Acrobat and Reader software.

Software 110

Software Hacking Information Security 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

MAY 15, 2024

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.

117

117

Digital Shadows

MAY 15, 2024

"Black Basta" ransomware group uses new email spam and vishing to spread malware. Learn more about protective measures for your organization.

Social Engineering 119

Social Engineering Engineering Ransomware Malware 119

The Hacker News

MAY 15, 2024

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware.

Scams 113

Scams Malware 113

Security Boulevard

MAY 15, 2024

In Microsoft’s May 2024 Patch Tuesday, the company reported significant updates aimed at enhancing the security of various systems by addressing a total of 61 vulnerabilities. This update is crucial, as it includes patches for one critical vulnerability and three zero-day vulnerabilities, with two of these zero-days actively exploited in the wild. The updates also encompass earlier fixes for six.

104

104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MAY 15, 2024

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now.

104

104

Bleeping Computer

MAY 15, 2024

Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. [.

Data breaches 106

Data breaches VPN 106

The Hacker News

MAY 15, 2024

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, has been awaiting trial in the Netherlands on money laundering charges.

Cryptocurrency 104

Cryptocurrency 104

Bleeping Computer

MAY 15, 2024

The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. [.

Hacking 120

Hacking 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

MAY 15, 2024

Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers , will make it possible to alert users across both iOS and Android if a device is unknowingly being used to track them. The alert would be pushed to the users device and would say “[Item] Found Moving With You.

Manufacturing 99

Manufacturing Mobile Engineering Internet 99

Penetration Testing

MAY 15, 2024

Cybersecurity firm Rapid7 has uncovered a widespread malvertising campaign that is actively targeting individuals searching for popular utilities like WinSCP and PuTTY. This sophisticated attack uses malicious ads on common search engines like Bing,... The post New Malvertising Campaign Leads to Ransomware Through Trojanized Installers of WinSCP and PuTTY appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Ransomware Engineering Cybersecurity 98

Security Affairs

MAY 15, 2024

One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison. Alexey Pertsev (29), one of the main developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison for helping launder more than $2 billion worth of cryptocurrency. The mixers are essential components for cybercriminals that use them for money laundering, it was used to launder the funds stolen from the victims.

Cryptocurrency 95

Cryptocurrency Hacking Cybercrime Information Security 95

SecureWorld News

MAY 15, 2024

Google has been forced to release an emergency security update for its Chrome browser just days after patching a previous Zero-Day vulnerability that was being actively exploited in the wild. This marks the sixth actively exploited Chrome Zero-Day addressed so far in 2024. The latest high-severity flaw is tracked as CVE-2024-4761 and stems from an out-of-bounds write vulnerability in Chrome's V8 JavaScript engine.

Mobile 92

Mobile Engineering Cybersecurity Risk 92

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MAY 15, 2024

Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. [.

Data breaches 84

Data breaches 84

Graham Cluley

MAY 15, 2024

Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time-passcodes via a secretive online service. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Cybersecurity 86

Cybersecurity Data breaches Phishing Mobile 86

Bleeping Computer

MAY 15, 2024

Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. [.

Technology 85

Technology Mobile 85

Penetration Testing

MAY 15, 2024

The Git project, a cornerstone of software development, has recently addressed a series of critical security vulnerabilities that could expose users to remote code execution (CVE-2024-32002, CVE-2024-32004) and unauthorized data manipulation. Critical Flaws Discovered:... The post Git Patches Critical RCE Vulnerabilities – CVE-2024-32002 & CVE-2024-32004 appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Software 84

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft