Mon.May 20, 2024

article thumbnail

IBM Sells Cybersecurity Group

Schneier on Security

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar. That was what seemed to be the problem at IBM.

article thumbnail

RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time

The Last Watchdog

The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance. Related: Browser attacks mount Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.

Internet 162
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Keylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide

Penetration Testing

A recent report from Positive Technologies Expert Security Center (PT ESC) reveals a concerning security breach impacting Microsoft Exchange Servers. The incident response team discovered a sophisticated keylogger embedded in the main page of... The post Keylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide appeared first on Penetration Testing.

article thumbnail

Two students uncovered a flaw that allows to use laundry machines for free

Security Affairs

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. CSC ServiceWorks is a company that provides laundry services and air vending solutions for multifamily housing, academic institutions, hospitality, and other commercial sectors. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance suppor

Mobile 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server

Penetration Testing

GitHub, the world’s leading software development platform, has disclosed a critical security vulnerability (CVE-2024-4985) in its self-hosted GitHub Enterprise Server (GHES) product. The vulnerability, which carries a maximum severity rating of 10 on the... The post CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server appeared first on Penetration Testing.

article thumbnail

Windows 11 Recall AI feature will record everything you do on your PC

Bleeping Computer

Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. [.

More Trending

article thumbnail

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. Recorded Future’s Insikt Group discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). The attackers, tracked as GitCaught, used a GitHub profile to impersonate legitimate software applications, including 1Password, Bartender 5, and Pixelmator Pro, to distribute malware such as

Malware 123
article thumbnail

Shifting the Security Mindset: From Network to Application Defense

Security Boulevard

Web application development and usage are at an all-time high, but businesses aren’t sure which APIs to monitor or how to protect them. The post Shifting the Security Mindset: From Network to Application Defense appeared first on Security Boulevard.

article thumbnail

Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

The Hacker News

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.

Malware 125
article thumbnail

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

IT Security Guru

Cybersecurity has never been more critical for businesses. In 2023, an astonishing 50 per cent of companies in the UK reported experiencing some form of cybersecurity breach or attack. This number highlights the widespread nature of digital threats. Today, common cyber threats include phishing, ransomware, and malware attacks, each capable of significantly disrupting operations and compromising sensitive data.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New BiBi Wiper version also destroys the disk partition table

Bleeping Computer

A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. [.

Malware 120
article thumbnail

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Security Boulevard

Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach.

article thumbnail

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR

Cisco Security

Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture. Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture.

article thumbnail

QNAP QTS zero-day in Share feature gets public RCE exploit

Bleeping Computer

An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [.

107
107
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

YouTube, The Backdrop Of A Scammer’s Play | Avast

Security Boulevard

You click on a cool-looking video on YouTube. It l ooks l egit, with a well-known spokesperson and everything. It may be worth checking out. However, it just so happens it lists a link to a m alicious landing page. The post YouTube, The Backdrop Of A Scammer’s Play | Avast appeared first on Security Boulevard.

105
105
article thumbnail

What is real-time protection and why do you need it? 

Malwarebytes

The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. Malwarebytes’ free version tackles and reactively resolves threats already on your system, but the real-time protection you get with Malwarebytes Premium Security goes one step further and actively monitors your computer’s files, processes, and system memory in real time to bloc

article thumbnail

LiteSpeed Cache Bug Exploit For Control Of WordPress Sites

Security Boulevard

In recent developments concerning WordPress security, a significant vulnerability has come to light in the widely used LiteSpeed Cache plugin. This LiteSpeed cache bug, labeled CVE-2023-40000, poses a substantial risk to WordPress site owners, as it allows threat actors to exploit websites, gaining unauthorized access and control. Let’s delve into the details of this vulnerability, […] The post LiteSpeed Cache Bug Exploit For Control Of WordPress Sites appeared first on TuxCare.

Risk 105
article thumbnail

Financial institutions ordered to notify customers after a breach, have an incident response plan

Malwarebytes

The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used in the event of a breach. The requirement is an adoption of amendments to Regulation S-P, which was enacted in 2000 to safeguard the financial information of consumers, requiring financial institution

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

The Hacker News

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively.

article thumbnail

Congress Demands Cyber Forensics on Ship After Deadly Bridge Strike

SecureWorld News

The tragic accident involving the container vessel Dali that struck a road bridge in Baltimore, Maryland, last month, killing six people, has taken a turn into the cyber realm. At a U.S. House Transportation Committee hearing on Thursday, lawmakers grilled federal investigators over the possibility of malicious code contributing to the disaster. Congressman Brandon Williams (R-NY) was particularly adamant that the National Transportation Safety Board (NTSB) needs to conduct an extremely thorough

article thumbnail

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

The Hacker News

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.

article thumbnail

Owner of Incognito dark web drugs market arrested in New York

Bleeping Computer

The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

The Hacker News

All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days.

article thumbnail

OmniVision discloses data breach after 2023 ransomware attack

Bleeping Computer

The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. [.

article thumbnail

A week in security (May 13 – May 19)

Malwarebytes

Last week on Malwarebytes Labs: Deleted iPhone photos show up again after iOS update Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it Notorious data leak site BreachForums seized by law enforcement Apple and Google join forces to stop unwanted tracking Update Chrome now! Google releases emergency security patch Why car location tracking needs an overhaul Last week on ThreatDown: Wi-Fi design flaw makes networks vulnerable to hijacking Black Basta ransomwar

article thumbnail

Thales & LuxTrust: A Partnership for Data Sovereignty and Compliance

Thales Cloud Protection & Licensing

Thales & LuxTrust: A Partnership for Data Sovereignty and Compliance madhav Tue, 05/21/2024 - 06:08 With the recent publication of Regulatory Technical Standards (RTS) under Digital Operational Resilience Act (DORA) by the European Supervisory Authorities (ESAs), the critical role of robust cryptography management in mitigating ICT risk has been firmly established.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Guide to Third Party Risk Management: Dealing with Vendor Vulnerabilities

Heimadal Security

A recent study by Cybersecurity Dive shows that nearly all companies (98%) use software integrations with third-party vendors that have suffered breaches in the past two years. Since not a single company can maintain ops integrity by solely relying on in-house developed software, the stakes are higher than ever. In this article, we’re going to […] The post Guide to Third Party Risk Management: Dealing with Vendor Vulnerabilities appeared first on Heimdal Security Blog.

Risk 76
article thumbnail

12 principles for improving devsecops

InfoWorld on Security

I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing applications, game-changing analytics capabilities, and more automated workflows. Let’s just say my team and I did a lot of teaching on agile development and nimble architectures.

article thumbnail

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11

Malwarebytes

This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and scroll. Over the years, the internet was accessible from increasingly more devices, like smartphones, smartwatches, and even smart fridges.

article thumbnail

49 Million Customers Impacted by API Security Flaw

Security Boulevard

How safe is your data? With the increasing reliance on online services, this question weighs heavily on everyone’s mind. The recent cyber incident serves as a wake-up call, exposing a vulnerability we often overlook: the security of APIs. A recent data breach at a well-renowned American technology company affected 49 million consumers and highlights an […] The post 49 Million Customers Impacted by API Security Flaw appeared first on Kratikal Blogs.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.