The Last Watchdog

OCTOBER 10, 2024

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286

Risk Cybercrime Identity Theft Phishing 286

Schneier on Security

OCTOBER 10, 2024

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Artificial Intelligence 259

Artificial Intelligence Data privacy Internet Internet 259

Tech Republic Security

OCTOBER 10, 2024

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

Cybersecurity 185

Cybersecurity 185

Trend Micro

OCTOBER 10, 2024

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

134

134

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

OCTOBER 10, 2024

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

Data breaches 196

Data breaches Accountability Financial Services Big data 196

Security Affairs

OCTOBER 10, 2024

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Hacking 138

Hacking Information Security 138

Security Boulevard

OCTOBER 10, 2024

Security Field Day 12 will take place October 16-17, 2024. You can watch the live-streaming video right here on the Techstrong family of sites or on the Tech Field Day website. The post Understanding Security Needs at Security Field Day 12 appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity 125

The Hacker News

OCTOBER 10, 2024

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.

124

124

Security Boulevard

OCTOBER 10, 2024

Qualys this week added a risk operations center (ROC) to its portfolio to make it simpler to identify potential threats to the business and centrally manage remediation efforts. The post Qualys Unfurls Risk Operations Center Platform appeared first on Security Boulevard.

Risk 122

Risk Security Awareness Cybersecurity 122

We Live Security

OCTOBER 10, 2024

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Scams 126

Scams 126

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

OCTOBER 10, 2024

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis.

Cybersecurity 118

Cybersecurity 118

Security Boulevard

OCTOBER 10, 2024

A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach. The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard.

Internet 115

Internet Internet DDOS Data breaches 115

The Hacker News

OCTOBER 10, 2024

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X.

Cybercrime 116

Cybercrime Media Accountability Malware 116

Security Affairs

OCTOBER 10, 2024

Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’ The attackers used unusual Unicode characters for variables and function names.

Data collection 126

Data collection Engineering Malware Hacking 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Duo's Security Blog

OCTOBER 10, 2024

Available now in Public Preview for all paid Duo subscriptions Seamlessly connect multiple identity providers to Duo Orchestrate secure access for multi-domain environments “Routing Rules just make sense, and it is great to see all of our users under one single Duo tenant.” — Head of IT, Biotechnology Organization Today, we are proud to announce the launch of Routing Rules for Duo Single Sign-On (SSO) into Public Preview.

Authentication 110

Authentication Accountability Engineering 110

Graham Cluley

OCTOBER 10, 2024

Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of a ransomware attack in February 2024, which had a database of names, addresses, social security numbers, dates of birth, and Comcast account details exposed. Read more in my article on the Hot for Security blog.

Ransomware 107

Ransomware Accountability Data breaches 107

Malwarebytes

OCTOBER 10, 2024

A non-profit that benefits millions of people has fallen victim to a data breach and a DDoS attack. Internet Archive, most known for its Wayback Machine , is a digital library that allows users to look at website snapshots from the past. It is often used for academic research and data analysis. Cybercriminals managed to breach the site and steal a user authentication database containing 31 million records.

Data breaches 110

Data breaches DDOS Internet Internet 110

eSecurity Planet

OCTOBER 10, 2024

Password management products that are competitors of Enpass offer plenty of features, strong security, and support for multiple devices and browsers. Some of the most common password manager features include multi-factor authentication, browser autofill, secure sharing, and strong password generators. I reviewed Enpass’s main competitors to determine the top performers with the best features, pricing, system support, and security.

Password Management 104

Password Management Passwords Accountability Authentication 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

OCTOBER 10, 2024

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents.

Risk 106

Risk 106

Security Boulevard

OCTOBER 10, 2024

A study by Pillar Security found that generative AI models are highly susceptible to jailbreak attacks, which take an average of 42 seconds and five interactions to execute, and that 20% of attempts succeed. The post Attacks on GenAI Models Can Take Seconds, Often Succeed: Report appeared first on Security Boulevard.

Risk 101

Risk Cybersecurity Network Security 101

The Hacker News

OCTOBER 10, 2024

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.

Marketing 105

Marketing Cybercrime 105

GlobalSign

OCTOBER 10, 2024

Secure your Kubernetes workloads with GlobalSign’s TLS certificates. Enhance security and ensure data integrity in your cloud-native environments.

105

105

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

OCTOBER 10, 2024

Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.

Cybersecurity 103

Cybersecurity 103

SecureWorld News

OCTOBER 10, 2024

The concept of product security, though simple to understand, can be complex when it comes to implementation. To embed an efficient product security framework, you need to explore the key points and have suitable tools. In this post, we cover: Product security definition Key differences between product security vs application security The main elements of efficient product cybersecurity frameworks The categories of tools that can enhance the security of your product What is product security?

Firewall 94

Firewall Backups Encryption Cyber threats 94

Zero Day

OCTOBER 10, 2024

Lenovo's ThinkPad X1 Carbon is a pro-level laptop with a light design and near-bezel-less display, and it's still 40% off following Amazon's October Prime Day.

98

98

Security Affairs

OCTOBER 10, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (

Authentication 108

Authentication Hacking Cybersecurity Software 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Zero Day

OCTOBER 10, 2024

Upgrading its capabilities to Imagen 3, Google Gemini's new skills are accessible to both free and paid users. Here are 3 ways to try them today.

98

98

Penetration Testing

OCTOBER 10, 2024

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws could allow attackers to launch... The post Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client appeared first on Cybersecurity News.

VPN 90

VPN Cybersecurity 90

Security Boulevard

OCTOBER 10, 2024

The increasing integration of AI and bandwidth-heavy applications is complicating network environments and making them a greater focus for C-suite leaders, according to a report by Extreme Networks. The post CIOs Sound Alarm on Network Security in AI Era appeared first on Security Boulevard.

Network Security 80

Network Security CISO Cybersecurity 80

Google Security

OCTOBER 10, 2024

Posted by Adrian Taylor, Security Engineer, Chrome Chrome’s user interface (UI) code is complex, and sometimes has bugs. Are those bugs security bugs? Specifically, if a user’s clicks and actions result in memory corruption, is that something that an attacker can exploit to harm that user? Our security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a

Password Management 77

Password Management Technology Engineering Passwords 77

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government