Fri.Jul 05, 2024

article thumbnail

Weekly Update 407

Troy Hunt

It's a long one this week, in part due to the constant flood of new breaches and disclosures I discuss. I regularly have disclosure notices forwarded to me by followers who find themselves in new breaches, and it's always fascinating to hear how they're worded. You get a real sense of how much personal ownership a company is taking, how much blame they're putting back on the hackers and increasingly, how much they've been written by lawyers.

article thumbnail

Protecting People, Not Just Data

Javvad Malik

As I sit here, reflecting on the recent news of the ransomware attack on pathology lab Synnovis, I can’t help but feel a sense of unease wash over me. It’s not just another headline or statistic; this time, it’s a bit more personal. My neighbour, Oliver Dowson , is one of the many individuals directly affected by this breach, his heart valve replacement surgery postponed indefinitely due to the fallout.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

10 Security Tips for Business Travellers This Summer

Tech Republic Security

Travelling for work can open employees up to a new host of security threats, including insecure Wi-Fi networks, infected public charging ports and Bluetooth attacks.

Big data 196
article thumbnail

Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak

Penetration Testing

On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this... The post Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak appeared first on Cybersecurity News.

DNS 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

The Hacker News

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.

DDOS 145
article thumbnail

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other employees, but they did not access the source code of the company’s systems.

More Trending

article thumbnail

Hackers compromised Ethereum mailing list and launched a crypto draining attack

Security Affairs

Hackers compromised Ethereum ‘s mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum’s mailing list provider and on the night of June 23, they sent an email to the 35,794 addresses. The email was sent from the address ‘updates@blog.ethereum.org’ and included a link to a malicious site running a crypto drainer. “This website had a crypto drainer running in the background, and if a user initiate

Phishing 143
article thumbnail

CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks

Penetration Testing

A recent discovery has unveiled a critical security vulnerability in MongoDB Compass, a widely-used graphical user interface (GUI) for querying, aggregating, and analyzing MongoDB data. This tool, known for its robust capabilities and cross-platform... The post CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks appeared first on Cybersecurity News.

Risk 137
article thumbnail

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

Security Affairs

Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over 380,000 internet-exposed hosts are still referencing the malicious polyfill.io domain. The polyfill.io domain was suspended last week following multiple reports of malicious activity. The domain Polyfill.io was used to host JavaScript code that added modern functionality to older browsers that do not support certain web standards.

Internet 137
article thumbnail

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Security Boulevard

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk. The post ‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought appeared first on Security Boulevard.

Risk 137
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

The Hacker News

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week.

Malware 136
article thumbnail

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Security Affairs

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load a malicious DLL.

Hacking 136
article thumbnail

The five most common pitfalls of cyber security awareness training

Security Boulevard

The post The five most common pitfalls of cyber security awareness training appeared first on Click Armor. The post The five most common pitfalls of cyber security awareness training appeared first on Security Boulevard.

article thumbnail

Blueprint for Success: Implementing a CTEM Operation

The Hacker News

The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk.

Risk 131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Understanding API Key Verification

Security Boulevard

As organizations look to improve their API security, two distinct approaches to API key verification have emerged — centralized and decentralized verification. The post Understanding API Key Verification appeared first on Security Boulevard.

article thumbnail

The World’s Most Popular 3D-Printed Gun Was Designed by an Aspiring Terrorist

WIRED Threat Level

Growing numbers of insurgents and extremists use the FGC-9. Forensic analysis of online platforms reveals the dark world of the man who created it—a self-described incel who supported the German far right.

126
126
article thumbnail

Cloudflare blames recent outage on BGP hijacking incident

Bleeping Computer

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. [.

DNS 124
article thumbnail

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

The Hacker News

Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Eldorado ransomware targets Windows, VMware ESXi VMs

Bleeping Computer

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. [.

article thumbnail

Extending the Reach and Capabilities of Digital Signing With Standards

Security Boulevard

Digital signatures are ideal for addressing today’s challenges, providing the robust security, flexibility and scalability that organizations require for a wide range of use cases. The post Extending the Reach and Capabilities of Digital Signing With Standards appeared first on Security Boulevard.

article thumbnail

Chrome to Block Entrust Certificates in November 2024

eSecurity Planet

Millions of websites could be displaying security warnings in Google Chrome starting this November. The cause? A recent announcement by Google Chrome regarding its trust in certificates issued by a major certificate authority (CA), Entrust. Website security is paramount in today’s digital age. That little lock icon in your browser address bar signifies a secure connection, protected by an SSL/TLS certificate.

article thumbnail

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion

Bleeping Computer

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. [.

102
102
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF

Security Boulevard

In today’s rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code (IaC) has emerged as a game-changer, enabling organizations to automate the provisioning and management of their infrastructure. Terraform, a leading IaC tool, has gained popularity for its simplicity, flexibility, […] The post Simplifying Infrastructure Management with Imperva’s Terraform Modul

article thumbnail

CVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes Systems to RCE

Penetration Testing

A critical vulnerability has been identified in HFS (HTTP File Server), a popular file-sharing software used to send and receive files over HTTP. The vulnerability, tracked as CVE-2024-39943, poses a significant threat to systems... The post CVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes Systems to RCE appeared first on Cybersecurity News.

article thumbnail

HealthEquity Hit by Data Breach: Protected Information Exposed

Heimadal Security

HealthEquity, a healthcare fintech company, is warning that it suffered a data breach after a partner’s account was compromised and used to access the company’s systems. Protected health information was stolen during the attack. Details About the Incident The company launched an investigation upon discovering the breach. It revealed that the partner had been compromised […] The post HealthEquity Hit by Data Breach: Protected Information Exposed appeared first on Heimdal Security Blog.

article thumbnail

Why API Discovery is Important for Financial Companies

Security Boulevard

Discover the role of APIs in the financial sector, and how API discovery ensures security, compliance, and efficiency in financial services. The post Why API Discovery is Important for Financial Companies appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Best Automated Patch Management Software in 2024

Heimadal Security

Did you know? — Recent research shows that 80% of cyberattacks happen due to unpatched software vulnerabilities. This highlights the critical role of automated patch management software in safeguarding systems. These tools not only streamline updates but also fortify your systems against evolving cyber threats. In this article, we’ll talk about the best automated patch […] The post Best Automated Patch Management Software in 2024 appeared first on Heimdal Security Blog.

article thumbnail

USENIX Security ’23 – Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing

Security Boulevard

Authors/Presenters:Brian Jay Tang, Kang G. Shin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing appeared first on Security Boulevard.

Mobile 72
article thumbnail

Cybersecurity in Healthcare: An In-Depth Guide by Heimdal®

Heimadal Security

Healthcare organizations are prime targets for cyber-attacks due to the sensitive nature of patient data. Heimdal®’s ‘Cybersecurity in Healthcare’ playbook aims to provide a comprehensive guide to protect healthcare systems from potential threats. In this guide, you’ll find: Detailed explanations: In-depth insights into the significance of cybersecurity in healthcare.

article thumbnail

Twilio’s Authy Breach: The Attack via an Unsecured API Endpoint

Security Boulevard

A recap of Twilio's Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance your security. The post Twilio’s Authy Breach: The Attack via an Unsecured API Endpoint appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.