The Last Watchdog

OCTOBER 10, 2024

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 285

Risk Cybercrime Identity Theft Phishing 285

Schneier on Security

OCTOBER 10, 2024

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Artificial Intelligence 281

Artificial Intelligence Data privacy Internet Internet 281

Tech Republic Security

OCTOBER 10, 2024

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

Data breaches 174

Data breaches Accountability Financial Services Big data 174

Security Boulevard

OCTOBER 10, 2024

Qualys this week added a risk operations center (ROC) to its portfolio to make it simpler to identify potential threats to the business and centrally manage remediation efforts. The post Qualys Unfurls Risk Operations Center Platform appeared first on Security Boulevard.

Risk 118

Risk Security Awareness Cybersecurity 118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

OCTOBER 10, 2024

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

Cybersecurity 137

Cybersecurity 137

We Live Security

OCTOBER 10, 2024

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Scams 121

Scams 121

The Hacker News

OCTOBER 10, 2024

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.

110

110

Security Boulevard

OCTOBER 10, 2024

A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach. The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard.

Internet 111

Internet Internet DDOS Data breaches 111

Security Affairs

OCTOBER 10, 2024

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Hacking 110

Hacking Information Security 110

Security Boulevard

OCTOBER 10, 2024

Security Field Day 12 will take place October 16-17, 2024. You can watch the live-streaming video right here on the Techstrong family of sites or on the Tech Field Day website. The post Understanding Security Needs at Security Field Day 12 appeared first on Security Boulevard.

Cybersecurity 107

Cybersecurity 107

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

The Hacker News

OCTOBER 10, 2024

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis.

Cybersecurity 103

Cybersecurity 103

Malwarebytes

OCTOBER 10, 2024

A non-profit that benefits millions of people has fallen victim to a data breach and a DDoS attack. Internet Archive, most known for its Wayback Machine , is a digital library that allows users to look at website snapshots from the past. It is often used for academic research and data analysis. Cybercriminals managed to breach the site and steal a user authentication database containing 31 million records.

Data breaches 102

Data breaches DDOS Internet Internet 102

The Hacker News

OCTOBER 10, 2024

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X.

Cybercrime 101

Cybercrime Media Accountability Malware 101

Graham Cluley

OCTOBER 10, 2024

Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of a ransomware attack in February 2024, which had a database of names, addresses, social security numbers, dates of birth, and Comcast account details exposed. Read more in my article on the Hot for Security blog.

Ransomware 98

Ransomware Accountability Data breaches 98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

OCTOBER 10, 2024

Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’ The attackers used unusual Unicode characters for variables and function names.

Data collection 96

Data collection Engineering Malware Hacking 96

The Hacker News

OCTOBER 10, 2024

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.

Marketing 92

Marketing Cybercrime 92

Zero Day

OCTOBER 10, 2024

Lenovo's ThinkPad X1 Carbon is a pro-level laptop with a light design and near-bezel-less display, and it's still 40% off following Amazon's October Prime Day.

98

98

The Hacker News

OCTOBER 10, 2024

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents.

Risk 92

Risk 92

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Trend Micro

OCTOBER 10, 2024

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

90

90

The Hacker News

OCTOBER 10, 2024

Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.

Cybersecurity 87

Cybersecurity 87

Zero Day

OCTOBER 10, 2024

Upgrading its capabilities to Imagen 3, Google Gemini's new skills are accessible to both free and paid users. Here are 3 ways to try them today.

98

98

Penetration Testing

OCTOBER 10, 2024

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws could allow attackers to launch... The post Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client appeared first on Cybersecurity News.

VPN 86

VPN Cybersecurity 86

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Google Security

OCTOBER 10, 2024

Posted by Adrian Taylor, Security Engineer, Chrome Chrome’s user interface (UI) code is complex, and sometimes has bugs. Are those bugs security bugs? Specifically, if a user’s clicks and actions result in memory corruption, is that something that an attacker can exploit to harm that user? Our security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a

Password Management 86

Password Management Technology Engineering Passwords 86

Security Boulevard

OCTOBER 10, 2024

A study by Pillar Security found that generative AI models are highly susceptible to jailbreak attacks, which take an average of 42 seconds and five interactions to execute, and that 20% of attempts succeed. The post Attacks on GenAI Models Can Take Seconds, Often Succeed: Report appeared first on Security Boulevard.

Risk 80

Risk Cybersecurity Network Security 80

Zero Day

OCTOBER 10, 2024

Twelve South's HiRise 2 Deluxe wireless charger is a sophisticated charging solution for two devices at once.

Wireless 98

Wireless 98

Security Boulevard

OCTOBER 10, 2024

The increasing integration of AI and bandwidth-heavy applications is complicating network environments and making them a greater focus for C-suite leaders, according to a report by Extreme Networks. The post CIOs Sound Alarm on Network Security in AI Era appeared first on Security Boulevard.

Network Security 74

Network Security CISO Cybersecurity 74

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Zero Day

OCTOBER 10, 2024

Have a private document on your desktop OS? Here's how to keep it secure on Linux, MacOS, and Windows.

Encryption 98

Encryption 98

Security Affairs

OCTOBER 10, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (

Authentication 72

Authentication Hacking Cybersecurity Software 72

Zero Day

OCTOBER 10, 2024

Amazon's October Prime Day has officially ended, but there are still some last minute deals on laptops out there. We've rounded up the 30 best sales on devices from Apple, Lenovo, Dell, and more.

75

75

Penetration Testing

OCTOBER 10, 2024

A critical vulnerability, CVE-2024-9465, has been discovered in Palo Alto Networks’ Expedition tool by security researcher Zach Hanley of Horizon3.ai. This SQL injection flaw, with a CVSS score of 9.2,... The post CVE-2024-9465 (CVSS 9.2) SQLi Flaw in Palo Alto Expedition Revealed: Full Exploit & PoC Published appeared first on Cybersecurity News.

Cybersecurity 75

Cybersecurity 75

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk