Schneier on Security
JULY 9, 2024
Interesting : By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
Krebs on Security
JULY 9, 2024
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 9, 2024
Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.
Bleeping Computer
JULY 9, 2024
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. [.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Tech Republic Security
JULY 9, 2024
What are the best GRC tools and how much do they cost? Use our guide to compare pricing and features of our recommended GRC platforms.
Security Boulevard
JULY 9, 2024
APT40, a threat group backed by China's government, quickly adapts POC exploits of popular software like Microsoft Exchange and Log4j to attack corporate and government networks in the U.S., Australia, and elsewhere, according to an alert issued by government security agencies around the world. The post China-Backed Threat Group Rapidly Exploits New Flaws: Agencies appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 9, 2024
Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? The post Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW? appeared first on Security Boulevard.
The Hacker News
JULY 9, 2024
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling.
Bleeping Computer
JULY 9, 2024
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. [.
The Hacker News
JULY 9, 2024
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 9, 2024
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [.
Security Affairs
JULY 9, 2024
Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. The experts revealed the weakness during the Recon 2024 conference. Avast also released a decryptor that allows victims to recover their files for free since March 2024. “All brands of the DoNex ransomware are supported by the decr
Quick Heal Antivirus
JULY 9, 2024
Today, a quiet war is raging — a war against data breaches. From big names to important institutions. The post EXPOSED! The Terrifying Truth Behind 2022-2023 Data Breaches! How Safe Are You? appeared first on Quick Heal Blog.
Bleeping Computer
JULY 9, 2024
Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 9, 2024
The Lockbit ransomware attack on Evolve Bank has compromised the personal information of over 7.6 million individuals. At the end of June, the LockBit gang announced that it had breached the systems of the Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” Despite the announcement, data leaked data from the group belongs to the Arkansas-based financial organization Evolve Bank & Trust.
The Hacker News
JULY 9, 2024
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
Tech Republic Security
JULY 9, 2024
Though cybersecurity is on every executive’s checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and it’s prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic.
Graham Cluley
JULY 9, 2024
A ransomware attack by the BlackSuit gang against South Africa's National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country. Read more in my article on the Hot for Security blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
JULY 9, 2024
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
Bleeping Computer
JULY 9, 2024
Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H3, which includes up to thirty-two improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. [.
The Hacker News
JULY 9, 2024
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.
SecureList
JULY 9, 2024
Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for ideas on creating detection scenarios. With the number of scenarios becoming virtually unlimited, another question inevitably arises: “What do we detect first?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JULY 9, 2024
Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. [.
Graham Cluley
JULY 9, 2024
In episode six of The AI Fix, our hosts discover an unusual place to put a traffic cone, Mark learns why Americans should pretend to be from Brazil, and Graham discovers a way to make any situation much, much worse.
Bleeping Computer
JULY 9, 2024
An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. [.
The Hacker News
JULY 9, 2024
Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JULY 9, 2024
Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. [.
ZoneAlarm
JULY 9, 2024
The RockYou2024 password leak has emerged as the largest known data breach in history, exposing approximately 10 billion passwords. Named after the infamous RockYou breach of 2009, this latest incident significantly surpasses its predecessor. In July 2024, a hacker using the alias “ObamaCare” uploaded the RockYou2024.txt file to a popular crime forum.
Bleeping Computer
JULY 9, 2024
Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H2, which includes up to thirty-one improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. [.
Malwarebytes
JULY 9, 2024
While cybercriminals are offering free tickets to Taylor Swift Eras Tour and other events , Ticketmaster is telling would-be purchasers that these tickets will prove to be worthless. Those who have claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour, and as proof have leaked 170k ticket barcodes.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
231 
Let's personalize your content