Fri.Oct 06, 2023

article thumbnail

Deepfake Election Interference in Slovakia

Schneier on Security

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was posted during a 48-hour moratorium ahead of the polls opening, during which media outlets and politicians are supposed to stay silent.

Media 276
article thumbnail

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

Tech Republic Security

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.

Phishing 190
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews

WIRED Threat Level

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

article thumbnail

IPVanish VPN Review (2023): Features, Pricing, and Security

Tech Republic Security

Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.

VPN 146
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Genetics firm 23andMe says user data stolen in credential stuffing attack

Bleeping Computer

23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. [.

article thumbnail

Ransomware attack on MGM Resorts costs $110 Million

Security Affairs

Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors.

More Trending

article thumbnail

Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

Graham Cluley

A joint advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Fake friends and followers on social media – and how to spot them

We Live Security

One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them.

Media 135
article thumbnail

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Security Affairs

Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder. A remote, unauthenticated attacker can exploit the vulnerability to log in to susceptible systems using hard-coded credentials that cannot be changed.

article thumbnail

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

Security Boulevard

Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug). The post iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity, why a hotline number could be important?

Security Affairs

The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovative defense strategies. While the phone number for physical emergencies is already time-tested, the absence of a similar hotline for cybercrimes is a significant gap in our digital security.

article thumbnail

Multi-factor authentication has proven it works, so what are we waiting for?

Malwarebytes

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts. So we wholeheartedly agree with Amazon on this. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone.

article thumbnail

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Security Affairs

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. An attacker can trigger the vulnerability to execute code with elevated privileges. “A buffer overflow was discovered in the GNU C Library’s dynamic loader ld

Hacking 130
article thumbnail

7 Best Email Security Software & Tools in 2023

eSecurity Planet

Despite all the advances in cybersecurity, email remains the starting point for the vast majority of cyberattacks, as phishing, malware and social engineering remain effective attack techniques. That makes email security software a worthwhile investment for organizations of all sizes. We analyzed the market for email security tools and software to arrive at this list of 7 top email security solutions, including their standout features, limitations and ideal use cases, followed by issues prospect

Software 125
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

The Hacker News

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.

article thumbnail

Too Rich To Ransomware? MGM Brushes Off $100M in Losses

Dark Reading

MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.

article thumbnail

New OS Tool Tells You Who Has Access to What Data

The Hacker News

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization’s assets, maintain customer trust, and meet regulatory requirements.

article thumbnail

Friday Five: Emerging Threats, MFA Troubles, Phantom Hacker Scams, & More

Digital Guardian

Emerging cyber threats against Linux and Industrial Control Systems (ICSs), organizations’ pain points with identity and security management, and a rise in scamming took this week’s headlines. Catch up on these stories and more in this week’s Friday Five!

Scams 105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency

The Hacker News

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year.

article thumbnail

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Duo's Security Blog

When organizations started to embark on zero trust security back in 2020, it was in response to a dramatic and unforeseen change – the public health crisis. This made zero trust access a ‘must have’ exercise just to keep businesses operational. Securing remote user access became the first use case for adopting zero trust security principles. At the time, expediency rather than zero trust maturity became the guiding principle.

article thumbnail

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

The Hacker News

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures.

105
105
article thumbnail

Amazon Prime email scammer snatches defeat from the jaws of victory

Malwarebytes

More often than not, its our solemn duty on this site to keep you informed about the nature and tactics of dangerous, cunnning, and persistent cybercriminals. This is not one of those days. In fact, this is the oppposite of one of those days. This is about a passable spam email sent by a spammer who did the phishing equivalent of arriving at the airport three hours early for their flight, the day after it left.

Scams 102
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Suspected Crime Gang Hacks Israeli President's Telegram Account

Dark Reading

The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored.

Hacking 98
article thumbnail

10 Things You May Have Missed at CompTIA EMEA Member & Partner Conference 2023

CompTIA on Cybersecurity

From the networking to business-building sessions, to connecting with friends, the EMEA Member and Partner Conference 2023 had something for everyone.

98
article thumbnail

Lyca Mobile Affected by Cyberattack

Heimadal Security

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. The British company provides voice IP (VoIP) and mobile telecommunications services in 60 nations, including the US, UK, Germany, Australia, France, Italy, and the Netherlands. Details About the Attack The attack […] The post Lyca Mobile Affected by Cyberattack appeared first on Heimdal Security Blog.

Mobile 96
article thumbnail

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Dark Reading

Try these steps to create an operational resilience action plan that will satisfy financial regulators and help sustain business without disruption.

95
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Blackbaud agrees to $49.5 million settlement for ransomware data breach

Bleeping Computer

Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. [.

article thumbnail

PoC Exploits Released for Major Linux Flaw

Heimadal Security

On the majority of Linux distributions, proof-of-concept attacks for a high-severity vulnerability in the dynamic loader of the GNU C Library have previously been made public online. Details About the Vulnerability The security vulnerability is known as “Looney Tunables” and is tracked as CVE-2023-4911. The vulnerability occurs due to a buffer overflow weakness, and it […] The post PoC Exploits Released for Major Linux Flaw appeared first on Heimdal Security Blog.

article thumbnail

D.C. Board of Elections confirms voter data stolen in site hack

Bleeping Computer

The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. [.

Hacking 94
article thumbnail

DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe

We Live Security

The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine

81
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.