Wed.Sep 18, 2024

article thumbnail

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.

Scams 65
article thumbnail

Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds

Tech Republic Security

Security leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

The Hacker News

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).

IoT 145
article thumbnail

Build Your Network Skills With the 2024 Network Fundamentals Bundle — Only $39.99

Tech Republic Security

Perfect for IT professionals, ethical hackers, and beginners looking to gain practical, hands-on experience in network security and administration.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Walkie-Talkies Explode in New Attack on Hezbollah

WIRED Threat Level

In a second attack on Hezbollah members, two-way radios detonated around Lebanon on Wednesday, causing injuries and multiple deaths.

144
144
article thumbnail

Walmart customers scammed via fake shopping lists, threatened with arrest

Malwarebytes

Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lis ts , a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance and branding of the official Walmart site.

Scams 143

More Trending

article thumbnail

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

The Hacker News

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.

article thumbnail

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Trend Micro

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing 140
article thumbnail

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

The Hacker News

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.

article thumbnail

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

Security Affairs

Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Hacking 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

The Hacker News

Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats.

Internet 136
article thumbnail

Credential Flusher, understanding the threat and how to protect your login data

Security Affairs

Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is Credential Flusher, a method that allows hackers to steal login credentials directly from the victim’s web browser.

Passwords 134
article thumbnail

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

The Hacker News

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.

Malware 135
article thumbnail

Snapchat wants to put your AI-generated face in its ads

Malwarebytes

Snapchat is reserving the right to use your selfie images to power Cameos, Generative AI, and other experiences on Snapchat, including ads, according to our friends at 404 Media , The Snapchat Support page about its My Selfie feature says: “You’ll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you.

Media 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Why Pay A Pentester?

The Hacker News

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory.

Software 134
article thumbnail

News alert: INE Security’s cybersecurity training service earns 2024 SC Excellence Award

The Last Watchdog

Cary, NC, Sept.18, 2024, CyberNewsWire — INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry. The SC Awards , now in its 27th year, recognize the solutions, organizations, and individuals that have demonstrated outstanding achievement in advancing the security of information system

article thumbnail

Analysis Identifies Web Servers as Weakest Cybersecurity Link

Security Boulevard

An analysis of more than 39 million anonymized and normalized data points published today by Cycognito, a provider of platforms for discovering and testing attack surfaces, finds web servers accounted for more than a third (34%) of all the severe issues discovered. The post Analysis Identifies Web Servers as Weakest Cybersecurity Link appeared first on Security Boulevard.

article thumbnail

Did a Chinese University Hacking Competition Target a Real Victim?

WIRED Threat Level

Participants in a hacking competition with ties to China’s military were, unusually, required to keep their activities secret, but security researchers say the mystery only gets stranger from there.

Hacking 123
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

FBI Disrupts Another Massive Chinese-Linked Botnet

Security Boulevard

The FBI and other U.S. and international law enforcement agencies disrupted a massive botnet created by China-linked threat group Flax Typhoon that had pulled in more than 200,000 IoT and other connected devices over the past for years. The post FBI Disrupts Another Massive Chinese-Linked Botnet appeared first on Security Boulevard.

IoT 121
article thumbnail

Exotic SambaSpy is now dancing with Italian users

SecureList

Introduction In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishing emails written in both of the respective languages. However, for such a campaign, the malware’s code includes no particular checks to ensure it only runs in France and Spain.

Malware 118
article thumbnail

E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it

Security Boulevard

No More Barf-Green Bubbles? GSM Association is “excited” to bring Apple and Google closer together, but encryption is still lacking. The post E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it appeared first on Security Boulevard.

article thumbnail

News alert: SpyCloud study reveals ‘infostealer’ malware can be a precursor to a ransomware attack

The Last Watchdog

Austin, TX, Sept. 18, 2024, CyberNewsWire — SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, and session cookies from infected devices. SpyCloud’s latest findings reveal the staggering scale of identity exposure caused by infostealers, the influence this type of malware has had on the surge in ransomware i

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors

Security Boulevard

The North Korean-backed threat group UNC2970 is using spearphishing emails and WhatsApp messages to entice high-level executives in the energy and aerospace sectors to open a malicious ZIP file containing a fake job description and a previously unknown backdoor called MISTPEN. The post North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors appeared first on Security Boulevard.

article thumbnail

Recipe for Cybersecurity Success in the Restaurant Industry

SecureWorld News

The restaurant industry has increasingly become a target for cyberattacks as digital payment systems, loyalty programs, and online ordering become more prevalent. In recent years, several high-profile breaches have raised concerns about the security of customer data. If data is involved, threat actors want to get their hands on it and exploit it. Some notable cyber incidents in the past half-decade include: McDonald's (2021): The fast-food giant suffered a data breach that exposed customer and e

article thumbnail

Pulumi Adds Cloud Security Intelligence Tool to Portfolio

Security Boulevard

Pulumi today added a Pulumi Insights application for discovering cloud assets in addition to generally making available a previously launched tool for centralizing the management of cloud security. The post Pulumi Adds Cloud Security Intelligence Tool to Portfolio appeared first on Security Boulevard.

article thumbnail

News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets

The Last Watchdog

Boston, Mass., Sept. 18, 2024] — One Layer , the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform by energy provider Evergy, in a multi-year deal. Evergy has innovatively embraced Ericsson’s private LTE technology to elevate operational performance.

IoT 100
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Daniel Stori’s Turnoff.US: ‘Chat GPT Code Smell’

Security Boulevard

via the inimitable Daniel Stori at Turnoff.US ! Permalink The post Daniel Stori’s Turnoff.US: ‘Chat GPT Code Smell’ appeared first on Security Boulevard.

103
103
article thumbnail

Deal alert: Get a Shark handheld vacuum for $30 (50% off) right now

Zero Day

An extra coupon code brings down the already discounted Shark Cyclone PET handheld vacuum to only $30.

98
article thumbnail

AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach

Security Boulevard

AT&T agreed to pay $13 million to settle an FCC investigation into a data breach in January 2023 that put a focus on the evolving security landscape and the growing threat to customer data that organizations store in the cloud. The post AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach appeared first on Security Boulevard.

article thumbnail

I added 1TB of storage to my sluggish PC with this thumb-sized accessory

Zero Day

If you're dealing with a laggy PC, the PNY 1TB storage drive can speed up your system with added storage. And it dealt with my stress tests exceedingly well.

98
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.