Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 253

Accountability Cryptocurrency Passwords DNS 253

The Last Watchdog

JULY 15, 2024

In our digital age, managing passwords effectively is crucial not just for our security while we’re alive, but also for ensuring our digital legacies are secure after we’re gone. Related : Understanding digital footprints A recent study by All About Cookies sheds light on the alarming lack of preparation most internet users have for their digital assets.

Password Management 130

Password Management Passwords Accountability Banking 130

Malwarebytes

JULY 15, 2024

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 135

Risk Cybersecurity 135

Bleeping Computer

JULY 15, 2024

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138

Malware Advertising Passwords 138

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

JULY 15, 2024

AI-powered scams are becoming increasingly sophisticated, making distinguishing between legitimate and fraudulent communications harder. Learn about the different types of AI scams, their risks, and how to protect yourself from falling victim. The post What Happens When Scammers Get Their Hands on Artificial Intelligence? appeared first on Security Boulevard.

Artificial Intelligence 131

Artificial Intelligence Scams Risk 131

Bleeping Computer

JULY 15, 2024

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [.

Antivirus 142

Antivirus Software Cybersecurity 142

Bleeping Computer

JULY 15, 2024

Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. [.

125

125

The Hacker News

JULY 15, 2024

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.

Software 124

Software Cybersecurity 124

Security Boulevard

JULY 15, 2024

While it's unclear how new, advanced technologies like AI and ML will ultimately change the data security landscape, now is not the time to stand still. The post How U.S. Businesses can Fight the Deepfake Threat appeared first on Security Boulevard.

Technology 122

Technology Social Engineering Engineering Security Awareness 122

The Hacker News

JULY 15, 2024

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect.

Marketing 120

Marketing Software Risk 120

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

JULY 15, 2024

In a significant development for cybersecurity, a new vulnerability has been detected in OpenSSH, the widely-used suite for secure network communications. This flaw poses a serious risk, potentially allowing malicious actors to remote code execution on affected systems. Understanding and mitigating this OpenSSH vulnerability is essential for secure data transfers and remote server management globally. […] The post Critical Vulnerability Discovered in OpenSSH Impacting Large User appeared first o

Risk 122

Risk Cybersecurity Cyber Attacks 122

The Hacker News

JULY 15, 2024

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.

Banking 119

Banking Retail Phishing Authentication 119

Security Boulevard

JULY 15, 2024

The Summer Olympic Games will be held in Paris this year, and while the athletes will be focused on breaking world records, there are plenty of opportunistic cyberthreat actors who will be focused on breaking into the event’s complex, fragmented digital environment. The post Olympic Gold at Risk: AI Cybercriminals Target 2024 Games. appeared first on Security Boulevard.

Risk 121

Risk Social Engineering Security Awareness Engineering 121

Security Affairs

JULY 15, 2024

Wired attributes the recently disclosed AT&T data breach to a hacker living in Turkey and reported the company paid a $370,000 ransom. An American hacker who lives in Turkey claimed responsibility for the recently disclosed AT&T data breach. The man also said the company paid a ransom to ensure that stolen data would be deleted, reported Wired.

Data breaches 118

Data breaches Wireless Mobile Hacking 118

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JULY 15, 2024

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Hacking 116

Hacking 116

The Hacker News

JULY 15, 2024

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit.

Cybersecurity 116

Cybersecurity 116

Trend Micro

JULY 15, 2024

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers

Threat Detection 115

Threat Detection Risk 115

The Hacker News

JULY 15, 2024

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims.

Software 113

Software 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Graham Cluley

JULY 15, 2024

A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels. The hacking group, which calls itself NullBulge, posted on an underground hacking forum that it had hoped to postpone announcing the breach until it had accessed more information, "but our insider man got cold feet and kicked us out.

Hacking 102

Hacking Data breaches 102

Bleeping Computer

JULY 15, 2024

The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. [.

Ransomware 103

Ransomware 103

The Hacker News

JULY 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data.

Software 100

Software Cybersecurity 100

Penetration Testing

JULY 15, 2024

Security researcher John Castro has uncovered a critical vulnerability (CVE-2024-6695) in Profile Builder, a widely used WordPress plugin with over 50,000 active installations. This flaw, rated 9.8 on the CVSS scale, could potentially allow... The post CVE-2024-6695 (CVSS 9.8) in Popular WordPress Plugin Exposes 50,000 Sites to Admin Hijacking appeared first on Cybersecurity News.

Cybersecurity 106

Cybersecurity 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

We Live Security

JULY 15, 2024

Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

99

99

eSecurity Planet

JULY 15, 2024

Last week’s vulnerability news highlighted major flaws across industries, urging quick patch response. The majority of incidents involved malicious threat actors exploiting vulnerabilities in several software and systems. Gogs’ security issues caused command execution and file deletion. Microsoft patched 143 vulnerabilities. OpenSSH and PHP exposed an RCE issue, and RADIUS protocols became susceptible to MitM attacks.

Authentication 96

Authentication Backups Software Risk 96

Digital Shadows

JULY 15, 2024

ReliaQuest identified a 20% rise in ransomware-affected organizations in Q2 2024. Despite disruptions, new groups are increasing activity.

Ransomware 111

Ransomware 111

WIRED Threat Level

JULY 15, 2024

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.

Surveillance 97

Surveillance Government 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JULY 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in OSGeo GeoServer GeoTools, a widely-used open-source software server for geospatial data. This flaw, identified as CVE-2024-36401,... The post CVE-2024-36401 (CVSS 9.8): Critical GeoServer Flaw Under Active Attack, PoC Available appeared first on Cybersecurity News.

Software 86

Software Cybersecurity 86

Bleeping Computer

JULY 15, 2024

The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. [.

Malware 82

Malware Hacking 82

Penetration Testing

JULY 15, 2024

A severe security vulnerability has been identified in Setuptools, a widely-used library for packaging, distributing, and installing Python projects. This flaw, designated CVE-2024-6345 with a CVSS score of 8.8, exposes systems to remote code... The post Security Flaw CVE-2024-6345 in Setuptools Exposes Python Projects to RCE appeared first on Cybersecurity News.

Cybersecurity 83

Cybersecurity 83

Bleeping Computer

JULY 15, 2024

Microsoft has provided a temporary workaround for a known issue preventing the Microsoft Photos app from launching on some Windows 11 systems. [.

91

91

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft