Tue.Jul 09, 2024

article thumbnail

Reverse-Engineering Ticketmaster’s Barcode System

Schneier on Security

Interesting : By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.

article thumbnail

Microsoft Patch Tuesday, July 2024 Edition

Krebs on Security

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.

Internet 267
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time

Tech Republic Security

Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.

Passwords 212
article thumbnail

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

The Hacker News

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The 6 Best Governance, Risk & Compliance (GRC) Tools for 2024

Tech Republic Security

What are the best GRC tools and how much do they cost? Use our guide to compare pricing and features of our recommended GRC platforms.

article thumbnail

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

The Hacker News

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling.

Risk 141

More Trending

article thumbnail

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

The Hacker News

Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.

article thumbnail

Avast released a decryptor for DoNex Ransomware and its predecessors

Security Affairs

Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. The experts revealed the weakness during the Recon 2024 conference. Avast also released a decryptor that allows victims to recover their files for free since March 2024. “All brands of the DoNex ransomware are supported by the decr

article thumbnail

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

The Hacker News

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.

Malware 137
article thumbnail

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Bleeping Computer

Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. [.

130
130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The Hacker News

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.

Malware 136
article thumbnail

Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW?

Security Boulevard

Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? The post Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW? appeared first on Security Boulevard.

Passwords 127
article thumbnail

HUMINT: Diving Deep into the Dark Web

The Hacker News

Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc.

article thumbnail

5 common Ticketmaster scams: How fraudsters steal the show

We Live Security

Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account

Scams 124
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Social Engineering Awareness Policy

Tech Republic Security

Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to.

article thumbnail

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

SecureList

Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for ideas on creating detection scenarios. With the number of scenarios becoming virtually unlimited, another question inevitably arises: “What do we detect first?

article thumbnail

Ticketmaster says stolen Taylor Swift Eras Tour tickets are useless

Malwarebytes

While cybercriminals are offering free tickets to Taylor Swift Eras Tour and other events , Ticketmaster is telling would-be purchasers that these tickets will prove to be worthless. Those who have claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour, and as proof have leaked 170k ticket barcodes.

article thumbnail

Hackers target WordPress calendar plugin used by 150,000 sites

Bleeping Computer

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. [.

111
111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ransomware attack on blood-testing service puts lives in danger in South Africa

Graham Cluley

A ransomware attack by the BlackSuit gang against South Africa's National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country. Read more in my article on the Hot for Security blog.

article thumbnail

Fujitsu confirms customer data exposed in March cyberattack

Bleeping Computer

Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. [.

article thumbnail

EXPOSED! The Terrifying Truth Behind 2022-2023 Data Breaches! How Safe Are You?

Quick Heal Antivirus

Today, a quiet war is raging — a war against data breaches. From big names to important institutions. The post EXPOSED! The Terrifying Truth Behind 2022-2023 Data Breaches! How Safe Are You? appeared first on Quick Heal Blog.

article thumbnail

New Blast-RADIUS attack bypasses widely-used RADIUS authentication

Bleeping Computer

Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The AI Fix #6: AI lobotomies, and bots scam scam bots

Graham Cluley

In episode six of The AI Fix, our hosts discover an unusual place to put a traffic cone, Mark learns why Americans should pretend to be from Brazil, and Graham discovers a way to make any situation much, much worse.

Scams 94
article thumbnail

How to Run a Cybersecurity Risk Assessment in 5 Steps

Tech Republic Security

Though cybersecurity is on every executive’s checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and it’s prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic.

article thumbnail

Windows 11 KB5040435 update released with 31 fixes, changes

Bleeping Computer

Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H3, which includes up to thirty-two improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. [.

article thumbnail

The Largest Cybersecurity Breach Exposing 10 Billion Passwords

ZoneAlarm

The RockYou2024 password leak has emerged as the largest known data breach in history, exposing approximately 10 billion passwords. Named after the infamous RockYou breach of 2009, this latest incident significantly surpasses its predecessor. In July 2024, a hacker using the alias “ObamaCare” uploaded the RockYou2024.txt file to a popular crime forum.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Evolve Bank says data breach impacts 7.6 million Americans

Bleeping Computer

Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. [.

article thumbnail

CVE-2024-38021: Zero-Click Vulnerability Discovered in Microsoft Outlook

Penetration Testing

Cybersecurity researchers at Morphisec have discovered a critical zero-click remote code execution (RCE) vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This vulnerability allows attackers to execute malicious code on a victim’s system without any... The post CVE-2024-38021: Zero-Click Vulnerability Discovered in Microsoft Outlook appeared first on Cybersecurity News.

article thumbnail

Chinese APT40 hackers hijack SOHO routers to launch attacks

Bleeping Computer

An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. [.

article thumbnail

The best tablets of 2024: Expert tested and reviewed

Zero Day

We reviewed the top tablets from Apple, Samsung, Amazon, and more to help you choose the best one for your needs.

76
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.