Thu.Oct 10, 2024

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286
article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Deloitte: Why Only a Quarter of Cybersecurity Professionals are Women

Tech Republic Security

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

article thumbnail

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Security Affairs

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Hacking 136
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Fidelity Data Breach Exposes Data of Over 77,000 Customers

Tech Republic Security

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

article thumbnail

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

137
137

More Trending

article thumbnail

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’ The attackers used unusual Unicode characters for variables and function names.

article thumbnail

Understanding Security Needs at Security Field Day 12

Security Boulevard

Security Field Day 12 will take place October 16-17, 2024. You can watch the live-streaming video right here on the Techstrong family of sites or on the Tech Field Day website. The post Understanding Security Needs at Security Field Day 12 appeared first on Security Boulevard.

article thumbnail

U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (

article thumbnail

Qualys Unfurls Risk Operations Center Platform

Security Boulevard

Qualys this week added a risk operations center (ROC) to its portfolio to make it simpler to identify potential threats to the business and centrally manage remediation efforts. The post Qualys Unfurls Risk Operations Center Platform appeared first on Security Boulevard.

Risk 122
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Telekopye transitions to targeting tourists via hotel booking scam

We Live Security

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Scams 119
article thumbnail

Internet Archive is Attacked and 31 Million Files Stolen

Security Boulevard

A user authentication database was stolen from the nonprofit , which also was been beset by a series of DDoS attacks, and a pro-Palestinian threat group has taken credit for the attacks and the data breach. The post Internet Archive is Attacked and 31 Million Files Stolen appeared first on Security Boulevard.

Internet 115
article thumbnail

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

The Hacker News

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.

119
119
article thumbnail

Harmonizing Access Control With Routing Rules

Duo's Security Blog

Available now in Public Preview for all paid Duo subscriptions Seamlessly connect multiple identity providers to Duo Orchestrate secure access for multi-domain environments “Routing Rules just make sense, and it is great to see all of our users under one single Duo tenant.” — Head of IT, Biotechnology Organization Today, we are proud to announce the launch of Routing Rules for Duo Single Sign-On (SSO) into Public Preview.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware attack leaks social security numbers of over 230,000 Comcast customers

Graham Cluley

Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of a ransomware attack in February 2024, which had a database of names, addresses, social security numbers, dates of birth, and Comcast account details exposed. Read more in my article on the Hot for Security blog.

article thumbnail

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

The Hacker News

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis.

article thumbnail

Internet Archive suffers data breach and DDoS

Malwarebytes

A non-profit that benefits millions of people has fallen victim to a data breach and a DDoS attack. Internet Archive, most known for its Wayback Machine , is a digital library that allows users to look at website snapshots from the past. It is often used for academic research and data analysis. Cybercriminals managed to breach the site and steal a user authentication database containing 31 million records.

article thumbnail

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

The Hacker News

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Top 6 Best Enpass Alternatives: Features & Reviews

eSecurity Planet

Password management products that are competitors of Enpass offer plenty of features, strong security, and support for multiple devices and browsers. Some of the most common password manager features include multi-factor authentication, browser autofill, secure sharing, and strong password generators. I reviewed Enpass’s main competitors to determine the top performers with the best features, pricing, system support, and security.

article thumbnail

Attacks on GenAI Models Can Take Seconds, Often Succeed: Report

Security Boulevard

A study by Pillar Security found that generative AI models are highly susceptible to jailbreak attacks, which take an average of 42 seconds and five interactions to execute, and that 20% of attempts succeed. The post Attacks on GenAI Models Can Take Seconds, Often Succeed: Report appeared first on Security Boulevard.

Risk 101
article thumbnail

Protecting Kubernetes Workloads with TLS Certificates

GlobalSign

Secure your Kubernetes workloads with GlobalSign’s TLS certificates. Enhance security and ensure data integrity in your cloud-native environments.

105
105
article thumbnail

6 Simple Steps to Eliminate SOC Analyst Burnout

The Hacker News

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents.

Risk 101
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The Lenovo laptop I recommend for hybrid workers is still $1,000 off

Zero Day

Lenovo's ThinkPad X1 Carbon is a pro-level laptop with a light design and near-bezel-less display, and it's still 40% off following Amazon's October Prime Day.

98
article thumbnail

Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

The Hacker News

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.

Marketing 100
article thumbnail

Product Security Explained: Definition, Tools, and Recommendations

SecureWorld News

The concept of product security, though simple to understand, can be complex when it comes to implementation. To embed an efficient product security framework, you need to explore the key points and have suitable tools. In this post, we cover: Product security definition Key differences between product security vs application security The main elements of efficient product cybersecurity frameworks The categories of tools that can enhance the security of your product What is product security?

article thumbnail

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

The Hacker News

Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to use Gemini to generate higher-quality AI images now - for free

Zero Day

Upgrading its capabilities to Imagen 3, Google Gemini's new skills are accessible to both free and paid users. Here are 3 ways to try them today.

98
article thumbnail

Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client

Penetration Testing

SonicWall has released security updates to address multiple vulnerabilities affecting its SMA 1000 series SSL-VPN appliances and the associated Connect Tunnel Windows client. These flaws could allow attackers to launch... The post Multiple Vulnerabilities Found in SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client appeared first on Cybersecurity News.

VPN 86
article thumbnail

CIOs Sound Alarm on Network Security in AI Era

Security Boulevard

The increasing integration of AI and bandwidth-heavy applications is complicating network environments and making them a greater focus for C-suite leaders, according to a report by Extreme Networks. The post CIOs Sound Alarm on Network Security in AI Era appeared first on Security Boulevard.

article thumbnail

Introducing Cisco’s AI Security Best Practice Portal

Cisco Security

Cisco's AI Security Portal contains resources to help you secure your AI implementation, whether you're a seasoned professional or new to the field. Cisco's AI Security Portal contains resources to help you secure your AI implementation, whether you're a seasoned professional or new to the field.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.