Schneier on Security
SEPTEMBER 25, 2024
Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.
Tech Republic Security
SEPTEMBER 25, 2024
U.K. IT pros are adopting a “Titanic mindset,” a study has found, as they are blind to the upcoming iceberg of their data recovery solution.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
SEPTEMBER 25, 2024
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
Penetration Testing
SEPTEMBER 25, 2024
A severe security flaw has been identified in the popular WordPress plugin The Events Calendar, affecting all versions up to and including 6.6.4. Designated as CVE-2024-8275, the vulnerability has been... The post Critical SQL Injection Vulnerability Discovered in ‘The Events Calendar’ WordPress Plugin (CVE-2024-8275) appeared first on Cybersecurity News.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
SEPTEMBER 25, 2024
Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter. More than 66 percent of 850 respondents have been targeted by a romance scam, and those that were ensnared paid a hefty price, with 10 percent of victims losing $10,000 and up.
Google Security
SEPTEMBER 25, 2024
Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding , a secure-by-design approach that prioritizes transitioning to memory-safe languages.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
SEPTEMBER 25, 2024
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
Fox IT
SEPTEMBER 25, 2024
Authors : Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from disk, especially ones well known to antivirus and Endpoint Detection and Reponse (EDR) vendors. Now, attackers focus on in-memory payload execution for both native and managed applications to evade defensive products.
The Hacker News
SEPTEMBER 25, 2024
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent.
Security Affairs
SEPTEMBER 25, 2024
Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play store. The malware was hidden in popular applications and game mods. Kaspersky researchers first spotted the Necro Trojan in 2019, the malicious code was in the free version of the popular PDF creator application CamScanner app.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
SEPTEMBER 25, 2024
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations.
Security Affairs
SEPTEMBER 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
The Hacker News
SEPTEMBER 25, 2024
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory.
Security Affairs
SEPTEMBER 25, 2024
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend due to a cyberattack that was detected on Sunday. As of the 2020 census, Arkansas City has a population of 11,974.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 25, 2024
Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs Phishing URLs are often long, confusing, or filled with random characters.
Security Boulevard
SEPTEMBER 25, 2024
Baffle today announced it has developed an ability to automatically encrypt data before it is stored in the Amazon Simple Storage Service (Amazon S3) cloud service. The post Baffle Extends Reach to Ecrypt AWS S3 Data as Ingested appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 25, 2024
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems.
Security Boulevard
SEPTEMBER 25, 2024
A cyberattack on a water facility in Arkansas City Kansas again raises the concern of CISA and other U.S. agencies about the ongoing threat by bad actors to municipal water systems and other critical infrastructure in the country. The post City Water Facility in Kansas Hit by Cyberattack appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
SEPTEMBER 25, 2024
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
SecureList
SEPTEMBER 25, 2024
While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve , which likely belong to a single cluster of activity.
We Live Security
SEPTEMBER 25, 2024
Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics
Security Boulevard
SEPTEMBER 25, 2024
The CEO of controversial messaging app Telegram says it will now make information about users suspected of crimes more easily available to law enforcement, a move that comes a month after he was arrested in France for allowing such activities on the service. The post CEO Durov Says Telegram Will Provide More Data to Governments appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
SEPTEMBER 25, 2024
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency.
SecureWorld News
SEPTEMBER 25, 2024
In 2024, a simple online search can lead to more than just information—it could expose you to the latest trend in cybercrime: malvertising. What was once a nuisance has now become a significant threat, with cybercriminals deploying increasingly sophisticated schemes to deceive consumers and corporate employees alike. Recent data highlights this alarming rise in malvertising incidents.
Cisco Security
SEPTEMBER 25, 2024
We believe Cisco is the only leader in the Forrester Wave that offers complete network security. Learn how Cisco microsegments everything. We believe Cisco is the only leader in the Forrester Wave that offers complete network security. Learn how Cisco microsegments everything.
SecureWorld News
SEPTEMBER 25, 2024
Today, the G7 Cyber Expert Group (CEG), chaired by the U.S. Department of the Treasury and the Bank of England, issued a statement addressing the cybersecurity risks posed by quantum computing. While quantum advancements promise groundbreaking changes, they also threaten the security of current encryption standards widely used in financial systems. The CEG recommends that financial authorities and institutions take immediate action to evaluate their cryptographic methods and plan for a transitio
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Zero Day
SEPTEMBER 25, 2024
I love my AirPods Max, which is why I'm so baffled by Apple's recent update. Here's how I want to see them improved before I'll be willing to upgrade.
Malwarebytes
SEPTEMBER 25, 2024
There’s an awful lot about you online that some awful groups want to exploit. The right combination of personal data points could help an identity thief fool a bank into opening a new, fraudulent line of credit in your name. Your alma mater, salary, and email address could help an online scammer craft the perfect phishing lure to trick you into donating to a bogus school fund.
Zero Day
SEPTEMBER 25, 2024
The Onyx Book Note Air 3 C offers a premium color pen-to-paper experience while bringing its own set of unique features to the table.
Security Boulevard
SEPTEMBER 25, 2024
Mobile phishing attacks are on the rise, with 82% of phishing sites now targeting mobile devices, marking a 7% increase over the past three years. The post Mobile Phishing Attacks Explode, Enterprise Devices Targeted appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
250 
Let's personalize your content