Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 216

Malware Cryptocurrency Internet Internet 216

The Hacker News

OCTOBER 14, 2024

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.

Software 129

Software Risk Cybersecurity 129

Schneier on Security

OCTOBER 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. The list is maintained on this page.

151

151

Security Affairs

OCTOBER 14, 2024

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. U.S.-based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack. The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024. “Between August 17 and August 19, a third party accessed and obtained certain information

Data breaches 133

Data breaches Financial Services Accountability Hacking 133

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

OCTOBER 14, 2024

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential. The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

Phishing 126

Phishing Cybersecurity 126

The Hacker News

OCTOBER 14, 2024

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.

123

123

Malwarebytes

OCTOBER 14, 2024

Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers. ABC news was able to confirm reports of this hack in robot vacuum cleaners of the type Ecovacs Deebot X2, which are manufactured in China. Ecovacs is considered the leading service robotics brand, and is a market leader in robot vacuums.

Hacking 122

Hacking Passwords Manufacturing Marketing 122

The Hacker News

OCTOBER 14, 2024

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.

Malware 121

Malware Cybersecurity 121

Security Affairs

OCTOBER 14, 2024

An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry out malicious activities. The three vulnerabilities exploited by the threat actor are: CVE-2024-9380 (CVSS score: 7.2) – an OS command injection vulnerability in the admin web console of Ivanti CSA

Authentication 128

Authentication Hacking Information Security 128

The Hacker News

OCTOBER 14, 2024

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.

Ransomware 120

Ransomware VPN Backups Accountability 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

OCTOBER 14, 2024

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for... The post Gmail Scam Alert: Hackers Spoof Google to Steal Credentials appeared first on Cybersecurity News.

Scams 124

Scams Cybersecurity 124

The Hacker News

OCTOBER 14, 2024

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth.

116

116

Security Boulevard

OCTOBER 14, 2024

When it comes to healthcare data security, HIPAA is the name everyone knows. It’s been around for decades, laying down the law on handling patient information. But what if I told you there’s another player in town? I’m talking about the HICP—the “Health Industry Cybersecurity Practices” publication. If you haven’t heard of it, you’re not […] The post HICP vs.

Healthcare 109

Healthcare Cybersecurity 109

Security Affairs

OCTOBER 14, 2024

Pokemon dev Game Freak confirmed that an August cyberattack led to source code leaks and designs for unpublished games online. Game Freak Inc. is a popular Japanese video game developer, founded on April 26, 1989, by Satoshi Tajiri, Ken Sugimori, and Junichi Masuda. It is primarily known as the main developer of the Pokémon video game series. The developer started in 1996 with the Pokémon Red and Blue for Nintendo Game Boy.

Data breaches 121

Data breaches Hacking Cyber Attacks Media 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

OCTOBER 14, 2024

Last week on Malwarebytes Labs: Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals Internet Archive suffers data breach and DDoS Google Search user interface: A/B testing shows security concerns remain AI girlfriend site breached, user fantasies stolen MoneyGram confirms customer data breach Exposing the Facebook funeral livestream scam (Lock and Code S05E21) Comcast and Truist Bank customers impacted by debt collector’s breach Large scale G

Data breaches 108

Data breaches Surveillance Insurance DDOS 108

Security Affairs

OCTOBER 14, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23113 (CVSS score 9.8) Fortinet Multiple Products Format String Vulnerability.

Authentication 113

Authentication Hacking Cybersecurity Software 113

Security Boulevard

OCTOBER 14, 2024

Two U.S. House committees want more information about the hack by China threat group Salt Typhoon into the networks of AT&T, Verizon, and Lumen while the White House reportedly is creating an emergency group to respond to expanding cyberattacks by the country. The post U.S. Lawmakers, White House Move to Stem China Cyberthreat appeared first on Security Boulevard.

Hacking 105

Hacking Wireless Security Awareness Cybersecurity 105

Security Affairs

OCTOBER 14, 2024

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. The Dutch police have announced the success of a new joint law enforcement operation that led to the shutdown of the dual dark web marketplace Bohemia/Cannabia. These are two of the largest and longest-running dark web platforms for the trade of illegal goods, drugs, and cybercrime services.

Marketing 124

Marketing Cybercrime DDOS Cryptocurrency 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

OCTOBER 14, 2024

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

Passwords 104

Passwords Authentication Hacking 104

Zero Day

OCTOBER 14, 2024

It's been a year since Oura revealed its Gen 3 Ring and it has rolled out several updates since that release. The new model delivers the same software and data, but its design is perfectly round with no flat spot.

Software 98

Software 98

The Hacker News

OCTOBER 14, 2024

The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing misconfigurations.

97

97

Zero Day

OCTOBER 14, 2024

The Apple Pencil Pro may seem like an expensive add-on after purchasing the latest iPad Pro or iPad Air, but fortunately, it's dropped to $90 following October Prime Day.

98

98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

OCTOBER 14, 2024

Trend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig. This Iranian-linked cyber espionage group has... The post Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure appeared first on Cybersecurity News.

Cybersecurity 95

Cybersecurity 95

Cisco Security

OCTOBER 14, 2024

Cisco has been helping government agencies address their unique security and compliance challenges for decades. We continue to progress with FedRAMP. Cisco has been helping government agencies address their unique security and compliance challenges for decades. We continue to progress with FedRAMP.

Government 107

Government Artificial Intelligence 107

Zero Day

OCTOBER 14, 2024

Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a brilliant 120Hz display and 24GB of RAM at a surprisingly low price point.

98

98

Penetration Testing

OCTOBER 14, 2024

Jetpack, a popular WordPress plugin developed by Automattic, has released a critical security update today, addressing a vulnerability that has the potential to impact millions of websites. Installed on over... The post Critical Security Vulnerability in Jetpack Plugin Affects Millions of WordPress Websites appeared first on Cybersecurity News.

Cybersecurity 90

Cybersecurity 90

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Zero Day

OCTOBER 14, 2024

If you need a lightweight portable battery that won't break the bank, check out the EcoFlow River 3, especially at only $159 right now.

Banking 97

Banking 97

Security Boulevard

OCTOBER 14, 2024

The DOJ created NexFundAI, a false cryptocurrency company and token, in a sting that nabbed 19 people and companies accused of scamming investors by falsely creating the illusion of activity around their crypto and then selling at the inflated price in what investigators call "pump and dump" and "market maker" schemes. The post DOJ Created NexFundAI Crypto Firm in Crypto Scamming Sting appeared first on Security Boulevard.

Scams 76

Scams Cryptocurrency Marketing Security Awareness 76

Zero Day

OCTOBER 14, 2024

Apple's high-frequency motion API supports unique data collection, and surprisingly enough, it has improved my golf game.

Data collection 98

Data collection 98

Security Boulevard

OCTOBER 14, 2024

DDoS botnet gained attention a few years ago due to its record-breaking attacks, but the emergence of new threats in 2024 illustrates the evolving tactics of cyber attackers. The cyber threat landscape is in constant flux, with vulnerabilities like Zyxel’s CVE-2023-28771 being exploited and MySQL servers coming under fire from variants like Ddostf and Mirai’s […] The post How DDoS Botent is used to Infect your Network?

DDOS 75

DDOS Cyber Attacks Cyber threats 75

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government