Krebs on Security
SEPTEMBER 25, 2024
The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.
Schneier on Security
SEPTEMBER 25, 2024
Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 25, 2024
U.K. IT pros are adopting a “Titanic mindset,” a study has found, as they are blind to the upcoming iceberg of their data recovery solution.
The Hacker News
SEPTEMBER 25, 2024
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
SEPTEMBER 25, 2024
A severe security flaw has been identified in the popular WordPress plugin The Events Calendar, affecting all versions up to and including 6.6.4. Designated as CVE-2024-8275, the vulnerability has been... The post Critical SQL Injection Vulnerability Discovered in ‘The Events Calendar’ WordPress Plugin (CVE-2024-8275) appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 25, 2024
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
SEPTEMBER 25, 2024
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs Phishing URLs are often long, confusing, or filled with random characters.
Security Boulevard
SEPTEMBER 25, 2024
The CEO of controversial messaging app Telegram says it will now make information about users suspected of crimes more easily available to law enforcement, a move that comes a month after he was arrested in France for allowing such activities on the service. The post CEO Durov Says Telegram Will Provide More Data to Governments appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 25, 2024
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems.
Security Boulevard
SEPTEMBER 25, 2024
Baffle today announced it has developed an ability to automatically encrypt data before it is stored in the Amazon Simple Storage Service (Amazon S3) cloud service. The post Baffle Extends Reach to Ecrypt AWS S3 Data as Ingested appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
SEPTEMBER 25, 2024
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory.
Penetration Testing
SEPTEMBER 25, 2024
The Hewlett Packard Enterprise (HPE) Product Security Response Team has issued a critical advisory concerning multiple command injection vulnerabilities (CVE-2024-42505, CVE-2024-42506, CVE-2024-42507) affecting Aruba Access Points running Instant AOS-8 and... The post CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 25, 2024
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations.
Zero Day
SEPTEMBER 25, 2024
I love my AirPods Max, which is why I'm so baffled by Apple's recent update. Here's how I want to see them improved before I'll be willing to upgrade.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
SEPTEMBER 25, 2024
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
SecureWorld News
SEPTEMBER 25, 2024
Today, the G7 Cyber Expert Group (CEG), chaired by the U.S. Department of the Treasury and the Bank of England, issued a statement addressing the cybersecurity risks posed by quantum computing. While quantum advancements promise groundbreaking changes, they also threaten the security of current encryption standards widely used in financial systems. The CEG recommends that financial authorities and institutions take immediate action to evaluate their cryptographic methods and plan for a transitio
The Hacker News
SEPTEMBER 25, 2024
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
Malwarebytes
SEPTEMBER 25, 2024
A new variation of a hoax that has been doing the rounds on Facebook for years has crossed over to Instagram. We’re seeing this post on Instagram Stories a lot suddenly over the last few days. The post is usually posted as a shareable screenshot on Instagram Stories, but it’s also been spotted on Facebook and Threads as a copy-and-paste text. “Repub Goodbye Meta AI.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
SEPTEMBER 25, 2024
Mobile phishing attacks are on the rise, with 82% of phishing sites now targeting mobile devices, marking a 7% increase over the past three years. The post Mobile Phishing Attacks Explode, Enterprise Devices Targeted appeared first on Security Boulevard.
Malwarebytes
SEPTEMBER 25, 2024
Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter. More than 66 percent of 850 respondents have been targeted by a romance scam, and those that were ensnared paid a hefty price, with 10 percent of victims losing $10,000 and up.
Zero Day
SEPTEMBER 25, 2024
The Onyx Book Note Air 3 C offers a premium color pen-to-paper experience while bringing its own set of unique features to the table.
Security Boulevard
SEPTEMBER 25, 2024
A cyberattack on a water facility in Arkansas City Kansas again raises the concern of CISA and other U.S. agencies about the ongoing threat by bad actors to municipal water systems and other critical infrastructure in the country. The post City Water Facility in Kansas Hit by Cyberattack appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
SEPTEMBER 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
SecureWorld News
SEPTEMBER 25, 2024
In 2024, a simple online search can lead to more than just information—it could expose you to the latest trend in cybercrime: malvertising. What was once a nuisance has now become a significant threat, with cybercriminals deploying increasingly sophisticated schemes to deceive consumers and corporate employees alike. Recent data highlights this alarming rise in malvertising incidents.
Security Affairs
SEPTEMBER 25, 2024
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend due to a cyberattack that was detected on Sunday. As of the 2020 census, Arkansas City has a population of 11,974.
Veracode Security
SEPTEMBER 25, 2024
For assessing and reporting on the risks associated with your applications, you know you need Application Security Posture Management (ASPM). However, this quickly evolving space has many variables that security leaders may not realize. Here’s how you can elevate your security strategy by optimizing ASPM tools in a way that minimizes risks, enhances operational efficiency, and builds a robust security-aware culture in your organization.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Zero Day
SEPTEMBER 25, 2024
Amazon's Prime Big Deal Days sale will run Oct. 8-9, with deals on top tech, flagship devices, and more. Here's what to know.
Penetration Testing
SEPTEMBER 25, 2024
In a crucial security release, GitLab has addressed a severe vulnerability (CVE-2024-45409) in its Community Edition (CE) and Enterprise Edition (EE) platforms, impacting all self-managed installations. Administrators are strongly encouraged... The post GitLab backports fix for CVE-2024-45409 to older versions appeared first on Cybersecurity News.
Zero Day
SEPTEMBER 25, 2024
The social platform's report - its first in three years - reveals, among other things, that five million hateful posts were removed, but only 2,361 profiles were banned. Here's what else we learned.
The Hacker News
SEPTEMBER 25, 2024
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
229 
Let's personalize your content