Krebs on Security
SEPTEMBER 18, 2024
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.
Tech Republic Security
SEPTEMBER 18, 2024
Security leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
SEPTEMBER 18, 2024
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).
Tech Republic Security
SEPTEMBER 18, 2024
Perfect for IT professionals, ethical hackers, and beginners looking to gain practical, hands-on experience in network security and administration.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
SEPTEMBER 18, 2024
Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lis ts , a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance and branding of the official Walmart site.
Trend Micro
SEPTEMBER 18, 2024
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
SEPTEMBER 18, 2024
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The Last Watchdog
SEPTEMBER 18, 2024
Cary, NC, Sept.18, 2024, CyberNewsWire — INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry. The SC Awards , now in its 27th year, recognize the solutions, organizations, and individuals that have demonstrated outstanding achievement in advancing the security of information system
The Hacker News
SEPTEMBER 18, 2024
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
Security Affairs
SEPTEMBER 18, 2024
Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
SEPTEMBER 18, 2024
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.
Security Boulevard
SEPTEMBER 18, 2024
An analysis of more than 39 million anonymized and normalized data points published today by Cycognito, a provider of platforms for discovering and testing attack surfaces, finds web servers accounted for more than a third (34%) of all the severe issues discovered. The post Analysis Identifies Web Servers as Weakest Cybersecurity Link appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 18, 2024
Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is Credential Flusher, a method that allows hackers to steal login credentials directly from the victim’s web browser.
SecureList
SEPTEMBER 18, 2024
Introduction In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishing emails written in both of the respective languages. However, for such a campaign, the malware’s code includes no particular checks to ensure it only runs in France and Spain.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 18, 2024
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats.
Malwarebytes
SEPTEMBER 18, 2024
Snapchat is reserving the right to use your selfie images to power Cameos, Generative AI, and other experiences on Snapchat, including ads, according to our friends at 404 Media , The Snapchat Support page about its My Selfie feature says: “You’ll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you.
The Hacker News
SEPTEMBER 18, 2024
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory.
Security Boulevard
SEPTEMBER 18, 2024
The FBI and other U.S. and international law enforcement agencies disrupted a massive botnet created by China-linked threat group Flax Typhoon that had pulled in more than 200,000 IoT and other connected devices over the past for years. The post FBI Disrupts Another Massive Chinese-Linked Botnet appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
SEPTEMBER 18, 2024
The restaurant industry has increasingly become a target for cyberattacks as digital payment systems, loyalty programs, and online ordering become more prevalent. In recent years, several high-profile breaches have raised concerns about the security of customer data. If data is involved, threat actors want to get their hands on it and exploit it. Some notable cyber incidents in the past half-decade include: McDonald's (2021): The fast-food giant suffered a data breach that exposed customer and e
Security Boulevard
SEPTEMBER 18, 2024
No More Barf-Green Bubbles? GSM Association is “excited” to bring Apple and Google closer together, but encryption is still lacking. The post E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it appeared first on Security Boulevard.
The Last Watchdog
SEPTEMBER 18, 2024
Austin, TX, Sept. 18, 2024, CyberNewsWire — SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, and session cookies from infected devices. SpyCloud’s latest findings reveal the staggering scale of identity exposure caused by infostealers, the influence this type of malware has had on the surge in ransomware i
Security Boulevard
SEPTEMBER 18, 2024
The North Korean-backed threat group UNC2970 is using spearphishing emails and WhatsApp messages to entice high-level executives in the energy and aerospace sectors to open a malicious ZIP file containing a fake job description and a previously unknown backdoor called MISTPEN. The post North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
SEPTEMBER 18, 2024
Boston, Mass., Sept. 18, 2024] — One Layer , the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform by energy provider Evergy, in a multi-year deal. Evergy has innovatively embraced Ericsson’s private LTE technology to elevate operational performance.
Security Boulevard
SEPTEMBER 18, 2024
Pulumi today added a Pulumi Insights application for discovering cloud assets in addition to generally making available a previously launched tool for centralizing the management of cloud security. The post Pulumi Adds Cloud Security Intelligence Tool to Portfolio appeared first on Security Boulevard.
Zero Day
SEPTEMBER 18, 2024
An extra coupon code brings down the already discounted Shark Cyclone PET handheld vacuum to only $30.
Security Boulevard
SEPTEMBER 18, 2024
via the inimitable Daniel Stori at Turnoff.US ! Permalink The post Daniel Stori’s Turnoff.US: ‘Chat GPT Code Smell’ appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Zero Day
SEPTEMBER 18, 2024
If you're dealing with a laggy PC, the PNY 1TB storage drive can speed up your system with added storage. And it dealt with my stress tests exceedingly well.
Security Boulevard
SEPTEMBER 18, 2024
AT&T agreed to pay $13 million to settle an FCC investigation into a data breach in January 2023 that put a focus on the evolving security landscape and the growing threat to customer data that organizations store in the cloud. The post AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach appeared first on Security Boulevard.
Zero Day
SEPTEMBER 18, 2024
The 2024 HP Envy x360 2-in-1 stands out from a sea of similar devices with its well-optimized hardware, vibrant displays, and low cost.
Security Boulevard
SEPTEMBER 18, 2024
Buckle up, buttercup, because we're about to dive into the sticky-sweet world of honeytokens! The post Honeytokens [Security Zines] appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
63 
Let's personalize your content