Fri.Nov 01, 2024

article thumbnail

Booking.com Phishers May Leave You With Reservations

Krebs on Security

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Phishing 159
article thumbnail

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.

Spyware 137
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ô! China Hacks Canada too, Says CCCS

Security Boulevard

Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. The post Ô! China Hacks Canada too, Says CCCS appeared first on Security Boulevard.

Hacking 107
article thumbnail

LottieFiles confirmed a supply chain attack on Lottie-Player

Security Affairs

LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that threat actors have hacked the Lottie-Player software in a supply chain attack. Lottie-Player is a web component from LottieFiles designed to render Lottie animations , which are lightweight, vector-based animations in JSON format.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What are the key Threats to Global National Security?

IT Security Guru

In today’s interconnected world, national security concerns have evolved beyond traditional military threats. As technology advances, so do the methods and motivations of those who seek to disrupt global stability. Understanding these threats is crucial for nations looking to protect their citizens, economies, and overall stability. This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental con

article thumbnail

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

The Hacker News

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.

More Trending

article thumbnail

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

The Hacker News

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim.

article thumbnail

Turn your AirPods Pro 2 into hearing aids: Testing and tracking hearing health in iOS 18.1

Zero Day

Your hearing health is important to your mental or physical health. Now, Apple's new hearing health features can help you track, manage, and supplement it. Here's how.

67
article thumbnail

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns

The Hacker News

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.

article thumbnail

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

Security Boulevard

GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover. The post GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices appeared first on Security Boulevard.

IoT 75
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The best sports watches of 2024: Expert tested and reviewed

Zero Day

We tested the best sports watches that capture your metrics for recovery, sleep, and detailed training guidance without a coach. Here's how to choose the right one for you.

81
article thumbnail

The Case for AI Centers of Excellence

SecureWorld News

Marc S. Sokol aptly points out that "AI is not just about a ChatGPT-type solution." Discriminative AI, for example, has been around for years, progressing through Gartner's hype cycle—from inflated expectations to disillusionment, and now into the slope of enlightenment with numerous everyday applications. These typically address specific problems (e.g., fingerprint recognition) and are developed by your data scientists and business SMEs.

article thumbnail

The 30+ best Black Friday Apple deals 2024: Early sales available now

Zero Day

We found the best early Black Friday deals on Apple products like iPhones, iPads, MacBooks, AirPods, and more, so you can get a head start on your holiday shopping.

107
107
article thumbnail

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Malwarebytes

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Preorder Samsung's newest gaming monitor and get up to $225 off a Logitech accessory

Zero Day

Preordering one of Samsung's new Odyssey displays now on Amazon gets you a choice of free gear. But act fast because this deal ends the same day the monitors go on sale.

79
article thumbnail

EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

Heimadal Security

The European Commission has adopted new cybersecurity rules for critical infrastructure across the EU, taking a major step toward enhancing digital resilience. This implementing regulation under the updated NIS2 Directive specifies cybersecurity measures for essential sectors and outlines when companies must report significant incidents to national authorities.

article thumbnail

Passkeys are more popular than ever. This research explains why

Zero Day

Some 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.

123
123
article thumbnail

Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information

Graham Cluley

A disgruntled former Disney employee is facing charges that he hacked into the company's restaurant menu systems and wreaked havoc on its digital displays that could have potentially put lives at risk. Read more in my article on the Hot for Security blog.

Hacking 67
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Anthropic warns of AI catastrophe if governments don't regulate in 18 months

Zero Day

'The window for proactive risk prevention is closing fast,' the company warns. Here's why.

article thumbnail

PoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821

Penetration Testing

The researcher published the technical details and a proof-of-concept (PoC) exploit for CVE-2024-38821 (CVSS 9.1). This vulnerability, affecting versions of Spring WebFlux, allows attackers to access restricted resources under certain... The post PoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821 appeared first on Cybersecurity News.

article thumbnail

These Bluetooth speakers deliver rich lows and crisp highs for just about any genre of music

Zero Day

If you're looking for a set of wireless speakers that can punch up the bass without muddying the sound, the Creative Pebble X Plus is a real winner.

Wireless 103
article thumbnail

IoT Security Failures Can Be Sh*tty

Security Boulevard

It’s hard not to see IoT security failures in the news because they can be dramatic, and this week was no different. The Register reported that in Moscow a skyscraper-high plume of sewage had erupted, with speculation that Ukrainian hackers were behind it (the official explanation was that it was a gas release because of […] The post IoT Security Failures Can Be Sh*tty appeared first on Viakoo, Inc.

IoT 64
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

This $200 Android phone has no business being this good (and it's not a Samsung or Motorola)

Zero Day

Key features make the CMF Phone 1 one of the few budget phones I'd recommend to almost anyone. Just make sure your carrier supports it.

83
article thumbnail

October Recap: New AWS Sensitive Permissions and Services

Security Boulevard

As AWS continues to evolve, new services and permissions are frequently introduced to enhance functionality and security. This blog provides a comprehensive recap of new sensitive permissions and services added in October 2024. Our intention in sharing this is to flag the most important releases to keep your eye on and update your permissions and […] The post October Recap: New AWS Sensitive Permissions and Services appeared first on Security Boulevard.

64
article thumbnail

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

The Hacker News

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams.

article thumbnail

Microsoft’s Controversial Recall Feature Release Delayed Again

Security Boulevard

Microsoft is again delaying the release of its controversial Recall feature for new Windows Copilot+ PCs until December to get new security capabilities in place and hopefully avoid the industry backlash it faced when first introducing the tool in May. The post Microsoft’s Controversial Recall Feature Release Delayed Again appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The best smartwatches of 2024: Expert tested and reviewed

Zero Day

We tested the best smartwatches from Apple, Samsung, Google, and more, including the new Apple Watch Series 10. Here's how to choose the right one for you.

75
article thumbnail

LUNAR SPIDER Resurfaces: Financial Sector Targeted in Latest Malvertising Campaign

Penetration Testing

The EclecticIQ Threat Research Team recently unveiled a new malvertising campaign linked to the notorious LUNAR SPIDER group, a Russian-speaking, financially motivated cybercriminal organization known for deploying high-profile malware families... The post LUNAR SPIDER Resurfaces: Financial Sector Targeted in Latest Malvertising Campaign appeared first on Cybersecurity News.

Malware 59
article thumbnail

The best Android smartwatches in 2024: Expert tested and reviewed

Zero Day

From the Galaxy Watch Ultra to the Tag Heuer luxury smartwatch, we tested the best smartwatches for Android users to help you choose the right one.

75
article thumbnail

DEF CON 32 – Welcome to DEF CON 32

Security Boulevard

Authors/Presenters: The Dark Tangent Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Welcome to DEF CON 32 appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!