Schneier on Security

JULY 15, 2024

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each sci

Hacking 331

Hacking 331

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 280

Accountability Cryptocurrency Passwords DNS 280

The Last Watchdog

JULY 15, 2024

In our digital age, managing passwords effectively is crucial not just for our security while we’re alive, but also for ensuring our digital legacies are secure after we’re gone. Related : Understanding digital footprints A recent study by All About Cookies sheds light on the alarming lack of preparation most internet users have for their digital assets.

Password Management 130

Password Management Passwords Accountability Banking 130

Bleeping Computer

JULY 15, 2024

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138

Malware Advertising Passwords 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 141

Backups Ransomware Antivirus DNS 141

Malwarebytes

JULY 15, 2024

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 135

Risk Cybersecurity 135

Security Affairs

JULY 15, 2024

Wired attributes the recently disclosed AT&T data breach to a hacker living in Turkey and reported the company paid a $370,000 ransom. An American hacker who lives in Turkey claimed responsibility for the recently disclosed AT&T data breach. The man also said the company paid a ransom to ensure that stolen data would be deleted, reported Wired.

Data breaches 136

Data breaches Wireless Mobile Hacking 136

Bleeping Computer

JULY 15, 2024

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [.

Antivirus 142

Antivirus Software Cybersecurity 142

Security Boulevard

JULY 15, 2024

While it's unclear how new, advanced technologies like AI and ML will ultimately change the data security landscape, now is not the time to stand still. The post How U.S. Businesses can Fight the Deepfake Threat appeared first on Security Boulevard.

Technology 124

Technology Social Engineering Engineering Security Awareness 124

Bleeping Computer

JULY 15, 2024

Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. [.

125

125

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JULY 15, 2024

In a significant development for cybersecurity, a new vulnerability has been detected in OpenSSH, the widely-used suite for secure network communications. This flaw poses a serious risk, potentially allowing malicious actors to remote code execution on affected systems. Understanding and mitigating this OpenSSH vulnerability is essential for secure data transfers and remote server management globally. […] The post Critical Vulnerability Discovered in OpenSSH Impacting Large User appeared first o

Risk 124

Risk Cybersecurity Cyber Attacks 124

The Hacker News

JULY 15, 2024

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.

Software 126

Software Cybersecurity 126

Security Boulevard

JULY 15, 2024

The Summer Olympic Games will be held in Paris this year, and while the athletes will be focused on breaking world records, there are plenty of opportunistic cyberthreat actors who will be focused on breaking into the event’s complex, fragmented digital environment. The post Olympic Gold at Risk: AI Cybercriminals Target 2024 Games. appeared first on Security Boulevard.

Risk 123

Risk Social Engineering Security Awareness Engineering 123

Graham Cluley

JULY 15, 2024

A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels. The hacking group, which calls itself NullBulge, posted on an underground hacking forum that it had hoped to postpone announcing the breach until it had accessed more information, "but our insider man got cold feet and kicked us out.

Hacking 114

Hacking Data breaches 114

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JULY 15, 2024

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect.

Marketing 123

Marketing Software Risk 123

We Live Security

JULY 15, 2024

Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

109

109

The Hacker News

JULY 15, 2024

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.

Banking 123

Banking Retail Phishing Authentication 123

SecureWorld News

JULY 15, 2024

The U.S. Commerce Department has announced a full ban on the sale of Kaspersky products in the United States, effective July 20, 2024. Kaspersky, a prominent cybersecurity company based in Moscow, Russia, has been at the center of controversy due to alleged ties with the Russian government. The announcement marks a critical juncture for cybersecurity professionals across the country.

Cybersecurity 106

Cybersecurity Antivirus Government Software 106

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

JULY 15, 2024

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit.

Cybersecurity 119

Cybersecurity 119

WIRED Threat Level

JULY 15, 2024

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Hacking 104

Hacking 104

Bleeping Computer

JULY 15, 2024

The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. [.

Ransomware 103

Ransomware 103

The Hacker News

JULY 15, 2024

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims.

Software 116

Software 116

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

JULY 15, 2024

Security researcher John Castro has uncovered a critical vulnerability (CVE-2024-6695) in Profile Builder, a widely used WordPress plugin with over 50,000 active installations. This flaw, rated 9.8 on the CVSS scale, could potentially allow... The post CVE-2024-6695 (CVSS 9.8) in Popular WordPress Plugin Exposes 50,000 Sites to Admin Hijacking appeared first on Cybersecurity News.

Cybersecurity 106

Cybersecurity 106

Digital Shadows

JULY 15, 2024

ReliaQuest identified a 20% rise in ransomware-affected organizations in Q2 2024. Despite disruptions, new groups are increasing activity.

Ransomware 111

Ransomware 111

Trend Micro

JULY 15, 2024

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers

Threat Detection 103

Threat Detection Risk 103

Duo's Security Blog

JULY 15, 2024

As identity-based attacks become more prevalent, the ability to fine-tune access at a granular level is not just an advantage — it's a necessity. Duo has been born at the forefront of this shift, offering SAML support since 2015 and OIDC since 2023, which has helped many of our customers secure applications with Duo’s best-in-class identity security controls.

Authentication 95

Authentication Architecture Engineering 95

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

JULY 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data.

Software 103

Software Cybersecurity 103

Bleeping Computer

JULY 15, 2024

The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. [.

Malware 82

Malware Hacking 82

Penetration Testing

JULY 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in OSGeo GeoServer GeoTools, a widely-used open-source software server for geospatial data. This flaw, identified as CVE-2024-36401,... The post CVE-2024-36401 (CVSS 9.8): Critical GeoServer Flaw Under Active Attack, PoC Available appeared first on Cybersecurity News.

Software 86

Software Cybersecurity 86

Bleeping Computer

JULY 15, 2024

Microsoft has provided a temporary workaround for a known issue preventing the Microsoft Photos app from launching on some Windows 11 systems. [.

91

91

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government