Thu.Aug 15, 2024

article thumbnail

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.

Hacking 352
article thumbnail

NIST Releases First Post-Quantum Encryption Algorithms

Schneier on Security

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?

Tech Republic Security

ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.

VPN 183
article thumbnail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

WIRED Threat Level

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Hacking 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

The Hacker News

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator.

article thumbnail

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

Security Affairs

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the new tool EDRKillShifter.

More Trending

article thumbnail

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

Malwarebytes

Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago* With a downgrade attack, the victim may have done all they can to keep their computer and software up t

Software 132
article thumbnail

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

The Hacker News

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.

Software 138
article thumbnail

DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure

Security Boulevard

DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks. The post DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure appeared first on Security Boulevard.

article thumbnail

Identity Threat Detection and Response Solution Guide

The Hacker News

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Maximize Network Security With AI and ML

Security Boulevard

There is an increased focus on how advances in artificial intelligence (AI) and machine learning (ML) can negatively impact network security. The post How to Maximize Network Security With AI and ML appeared first on Security Boulevard.

article thumbnail

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.

article thumbnail

ReliaQuest: Watch Out for Info-Stealers and RATs

Security Boulevard

ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language. The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.

Malware 112
article thumbnail

Dozens of Google products targeted by scammers via malicious search ads

Malwarebytes

In a previous blog , we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike.

Scams 107
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security

Security Boulevard

Security is enhanced with the introduction of dynamic zero-trust security, a method that continuously assesses the security posture of devices and users on the network. The post Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security appeared first on Security Boulevard.

article thumbnail

Save uBlock Origin: How to Bypass Google’s Chrome Update and Extend Support

Penetration Testing

Google Chrome has begun automatically detecting and warning users on the extensions page that Manifest v2-based extensions are nearing deprecation. Although these extensions have not yet been fully disabled, Google... The post Save uBlock Origin: How to Bypass Google’s Chrome Update and Extend Support appeared first on Cybersecurity News.

article thumbnail

Human Error – An Overlooked Aspect of Cyber Risk

Security Boulevard

Recent research shows that human error can account for 95% of all cybersecurity incidents. What’s more shocking is that only one-third of all companies offer cybersecurity awareness training for their employees. The post Human Error – An Overlooked Aspect of Cyber Risk appeared first on Security Boulevard.

article thumbnail

The i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese Cyber Espionage

Penetration Testing

A newly released report from Germany’s Federal Office for the Protection of the Constitution (BfV) unveils insights into the operations of the Chinese cybersecurity firm i-Soon. The second installment of... The post The i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese Cyber Espionage appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Enabling Cybersecurity Incident Response

Cisco Security

Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes. Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes.

article thumbnail

Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox

Penetration Testing

A serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE-2024-42472 (CVSS 10), allows malicious... The post Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox appeared first on Cybersecurity News.

article thumbnail

Insights and highlights from DEF CON 32

Pen Test Partners

TL; DR Event Dates : August 8-11, 2024, in Las Vegas. PTP Presentations : Windows Hello : Our Ceri Coburn (with Outsider Security’s Dirk-Jan Mollema) revealed vulnerabilities in biometric authentication. Maritime Security : Paul Brownridge discussed vulnerabilities in maritime systems and regulations. GPS Spoofing : Ken Munro highlighted the impact of GPS time manipulation on various systems.

article thumbnail

Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability

Penetration Testing

Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, rooted in the... The post Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability appeared first on Cybersecurity News.

Risk 76
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The best antivirus software of 2024

Zero Day

Malware is a constant threat to your safety and privacy, which means you need to protect your devices. We found the best antivirus software and apps that will help keep you safe and secure.

article thumbnail

CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks

Penetration Testing

Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, impact Zimbra Collaboration versions 9.0 and 10.0, potentially... The post CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks appeared first on Cybersecurity News.

Risk 76
article thumbnail

California residents can add their driver's license to Apple & Google Wallet. Here's how

Zero Day

The mobile version of your license can be used at certain airports and convenience stores and should mean quicker age verification.

Mobile 75
article thumbnail

Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability

Penetration Testing

Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data, including service account... The post Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to Align Infosec to Business Operations: Sam Curry’s Cybersecurity Playbook for Executives

Security Boulevard

This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team.

InfoSec 72
article thumbnail

Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways

Penetration Testing

SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate networks. It was... The post Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways appeared first on Cybersecurity News.

article thumbnail

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Security Boulevard

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and

article thumbnail

EastWind Campaign: New CloudSorcerer Attacks Target Russian Gov Using APT31 and APT27 Tactics

Penetration Testing

Kaspersky Labs has uncovered a series of sophisticated cyberattacks targeting Russian government organizations and IT companies, now dubbed the “EastWind” campaign. The attacks, which began in late July 2024, have... The post EastWind Campaign: New CloudSorcerer Attacks Target Russian Gov Using APT31 and APT27 Tactics appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.