Schneier on Security

NOVEMBER 27, 2024

The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers. Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker

Government 292

Government Spyware Mobile Hacking 292

Tech Republic Security

NOVEMBER 27, 2024

Blue Yonder, a prominent supply chain software provider, has been targeted in a ransomware attack, leading to disruption at major retail outlets.

Ransomware 181

Ransomware Retail Software Cyber Attacks 181

Malwarebytes

NOVEMBER 27, 2024

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation.

Ransomware 135

Ransomware Healthcare Risk Encryption 135

We Live Security

NOVEMBER 27, 2024

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.

144

144

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

NOVEMBER 27, 2024

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.

Firmware 144

Firmware Cybersecurity 144

Security Affairs

NOVEMBER 27, 2024

Virtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize Operations) is a comprehensive cloud management and operations platform developed by VMware.

Hacking 123

Hacking Information Security 123

Security Affairs

NOVEMBER 27, 2024

The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America. Russian-based cybercrime group RomCom (aka UAT-5647 , Storm-0978 , Tropical Scorpius , UAC-0180, UNC2596 ) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America.

Cybercrime 117

Cybercrime Hacking Government Information Security 117

The Hacker News

NOVEMBER 27, 2024

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.

Cyber Attacks 142

Cyber Attacks 142

Penetration Testing

NOVEMBER 27, 2024

Aqua Nautilus researchers have uncovered a major Distributed Denial-of-Service (DDoS) campaign led by a threat actor operating under the name Matrix. This operation, detected through honeypot activities, showcases a concerning... The post 35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat appeared first on Cybersecurity News.

DDOS 122

DDOS IoT Cybersecurity Malware 122

The Hacker News

NOVEMBER 27, 2024

Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now.

Cyber Attacks 137

Cyber Attacks 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

NOVEMBER 27, 2024

Interpol led 19 African countries in a massive anti-cybercriminal effort dubbed "Operation Serengeti" that shut down a range of scams and attacks that bled $193 million from 35,000 victims. More than 1,000 people were arrested and more than 134,000 malicious infrastructures shut down. The post Interpol, African Nations Arrest 1,006 in Sweeping ‘Operation Serengeti’ appeared first on Security Boulevard.

Scams 100

Scams Ransomware Cybersecurity Malware 100

The Hacker News

NOVEMBER 27, 2024

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720.

125

125

Penetration Testing

NOVEMBER 27, 2024

Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of 9.9. This... The post CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix appeared first on Cybersecurity News.

Cybersecurity 111

Cybersecurity 111

Zero Day

NOVEMBER 27, 2024

Hulu's Black Friday deal drops the price of a monthly subscription to the streaming service from $7.99 to $0.99 a month for your first year. Don't miss out.

105

105

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

SecureWorld News

NOVEMBER 27, 2024

Even if you leave your desktop computer at home, you'll probably stay connected when you're vacationing—you can check your phone on the beach or on a mountaintop. Travelers often rely on technology to enhance vacations, like by sharing photos online or finding lodging on an app. As you embark upon your next adventure, remain cyber safe following some simple practices to keep your vacation plans free from cybercriminal meddling.

Cybersecurity 95

Cybersecurity Wireless Accountability Internet 95

Zero Day

NOVEMBER 27, 2024

Ultra-wideband (UWB) is a feature that has many potential benefits for Android owners. This phone has it, and it's on sale now.

105

105

Security Boulevard

NOVEMBER 27, 2024

Exabeam has allied with Wiz to gain access to security data collected from a cloud-native application protection platform (CNAPP). The post Exabeam Allies With Wiz to Integrate CNAPP With SIEM Platform appeared first on Security Boulevard.

Data collection 101

Data collection Cybersecurity 101

Penetration Testing

NOVEMBER 27, 2024

A comprehensive analysis by TRAC Labs has shed light on the SMOKEDHAM backdoor, a malicious tool leveraged by the financially motivated threat actor UNC2465. Active since 2019, SMOKEDHAM plays a... The post SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns appeared first on Cybersecurity News.

Ransomware 95

Ransomware Cybersecurity Malware 95

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

NOVEMBER 27, 2024

With web browsers being the primary gateway to the internet, any security lapse can lead to broad opportunities for significant data breaches and operational disruptions. The post Protecting Web-Based Work: Connecting People, Web Browsers and Security appeared first on Security Boulevard.

Data breaches 96

Data breaches Internet Internet Cyber Attacks 96

Security Affairs

NOVEMBER 27, 2024

Virtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize Operations) is a comprehensive cloud management and operations platform developed by VMware.

Hacking 98

Hacking 98

Zero Day

NOVEMBER 27, 2024

Thanks to a new team-up between Spotify and Google, you can request songs by title, artist, album, genre, or playlist. Here's how to get started.

94

94

Penetration Testing

NOVEMBER 27, 2024

The 2024 holiday shopping season is witnessing an alarming rise in fraudulent e-commerce activity. According to Netcraft, fake online stores have surged by 110% between August and October, capitalizing on... The post Black Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower Cybercrime appeared first on Cybersecurity News.

Cybercrime 90

Cybercrime Cybersecurity 90

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Zero Day

NOVEMBER 27, 2024

Super God Mode collects all the core Windows apps, features, and settings and serves them to you in one single series of folders. It's glorious.

94

94

Penetration Testing

NOVEMBER 27, 2024

A critical vulnerability in the open-source file-sharing web application ProjectSend, identified as CVE-2024-11680, is being actively exploited in the wild, according to a report by VulnCheck. Despite a patch being... The post CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited, PoC Published appeared first on Cybersecurity News.

Cybersecurity 82

Cybersecurity 82

Zero Day

NOVEMBER 27, 2024

The Asus Vivobook S 15 is a fantastic ultraportable laptop with fast performance and a brilliant OLED screen. It's on sale for Black Friday.

93

93

Security Affairs

NOVEMBER 27, 2024

Data Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast amounts of highly sensitive data, and regulations exist to ensure and verify tha

Data privacy 73

Data privacy Risk Government Healthcare 73

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Zero Day

NOVEMBER 27, 2024

It's very much one of those 'too good to be true' offers for most people, but for the right customer, the one-cent iPhone dream can be realized with this Boost Mobile promo.

Mobile 91

Mobile 91

Penetration Testing

NOVEMBER 27, 2024

NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide. First observed in late 2023, XorBot has evolved significantly, introducing advanced... The post XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices appeared first on Cybersecurity News.

IoT 83

IoT Internet Internet Cybersecurity 83

Zero Day

NOVEMBER 27, 2024

Various Ubisoft games could crash if you attempt to run them in the Windows 11 2024 update. Here's what to do if you're affected.

89

89

Penetration Testing

NOVEMBER 27, 2024

In a recent study from the University of Oxford, sociologist Qiaoyu Luo explores the industrialisation of cybercrime in China, revealing a highly organised and profit-driven ecosystem. The report sheds light... The post Cybercrime as an Industry: A Deep Dive into the Organizational Structure of Chinese Cybercrime appeared first on Cybersecurity News.

Cybercrime 80

Cybercrime Cybersecurity 80

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity