Krebs on Security
SEPTEMBER 18, 2024
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.
The Last Watchdog
SEPTEMBER 18, 2024
Cary, NC, Sept.18, 2024, CyberNewsWire — INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry. The SC Awards , now in its 27th year, recognize the solutions, organizations, and individuals that have demonstrated outstanding achievement in advancing the security of information system
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 18, 2024
Security leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.
The Last Watchdog
SEPTEMBER 18, 2024
Austin, TX, Sept. 18, 2024, CyberNewsWire — SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credentials, and session cookies from infected devices. SpyCloud’s latest findings reveal the staggering scale of identity exposure caused by infostealers, the influence this type of malware has had on the surge in ransomware i
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
SEPTEMBER 18, 2024
Perfect for IT professionals, ethical hackers, and beginners looking to gain practical, hands-on experience in network security and administration.
The Last Watchdog
SEPTEMBER 18, 2024
Boston, Mass., Sept. 18, 2024] — One Layer , the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform by energy provider Evergy, in a multi-year deal. Evergy has innovatively embraced Ericsson’s private LTE technology to elevate operational performance.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
SEPTEMBER 18, 2024
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
SecureList
SEPTEMBER 18, 2024
Introduction In May 2024, we detected a campaign exclusively targeting victims in Italy. We were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. For example, a certain type of malware might target users in France and Spain, with the phishing emails written in both of the respective languages. However, for such a campaign, the malware’s code includes no particular checks to ensure it only runs in France and Spain.
Penetration Testing
SEPTEMBER 18, 2024
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently uncovered zero-day vulnerability, CVE-2024-7965, in the V8 JavaScript engine. Analyzed by experts at BI.ZONE, this critical... The post PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 18, 2024
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Affairs
SEPTEMBER 18, 2024
Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.
The Hacker News
SEPTEMBER 18, 2024
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats.
WIRED Threat Level
SEPTEMBER 18, 2024
Participants in a hacking competition with ties to China’s military were, unusually, required to keep their activities secret, but security researchers say the mystery only gets stranger from there.
The Hacker News
SEPTEMBER 18, 2024
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
SEPTEMBER 18, 2024
No More Barf-Green Bubbles? GSM Association is “excited” to bring Apple and Google closer together, but encryption is still lacking. The post E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it appeared first on Security Boulevard.
WIRED Threat Level
SEPTEMBER 18, 2024
In a second attack on Hezbollah members, two-way radios detonated around Lebanon on Wednesday, causing injuries and multiple deaths.
Security Boulevard
SEPTEMBER 18, 2024
The North Korean-backed threat group UNC2970 is using spearphishing emails and WhatsApp messages to entice high-level executives in the energy and aerospace sectors to open a malicious ZIP file containing a fake job description and a previously unknown backdoor called MISTPEN. The post North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 18, 2024
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
SEPTEMBER 18, 2024
Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also called Ethereal Panda or RedJuliett).
Security Boulevard
SEPTEMBER 18, 2024
The FBI and other U.S. and international law enforcement agencies disrupted a massive botnet created by China-linked threat group Flax Typhoon that had pulled in more than 200,000 IoT and other connected devices over the past for years. The post FBI Disrupts Another Massive Chinese-Linked Botnet appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 18, 2024
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory.
Security Boulevard
SEPTEMBER 18, 2024
Pulumi today added a Pulumi Insights application for discovering cloud assets in addition to generally making available a previously launched tool for centralizing the management of cloud security. The post Pulumi Adds Cloud Security Intelligence Tool to Portfolio appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 18, 2024
Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is Credential Flusher, a method that allows hackers to steal login credentials directly from the victim’s web browser.
Malwarebytes
SEPTEMBER 18, 2024
Snapchat is reserving the right to use your selfie images to power Cameos, Generative AI, and other experiences on Snapchat, including ads, according to our friends at 404 Media , The Snapchat Support page about its My Selfie feature says: “You’ll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you.
Trend Micro
SEPTEMBER 18, 2024
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Security Boulevard
SEPTEMBER 18, 2024
Digital security has long relied on cryptographic systems that use complex mathematical problems (also known as algorithms) to keep sensitive data and transactions safe from unauthorized access. These algorithms were designed to be nearly impossible for classical computers to solve, ensuring robust protection and encryption for online activities like email communication, secure banking, and more. […] The post Post-Quantum Cryptography: The Future of Secure Communications and the Role of Standard
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
SEPTEMBER 18, 2024
Shopping online or attempting to get in touch with a store is a little bit like walking on a minefield: you might get lucky or take a wrong step and get scammed. Case in point, a malicious ad campaign is abusing Walmart Lis ts , a kind of virtual shopping list customers can share with family and friends, by embedding rogue customer service phone numbers with the appearance and branding of the official Walmart site.
Zero Day
SEPTEMBER 18, 2024
Need to keep an eye on something in your house or business, but can't be in two places at once? This free app makes it easy to set up a simple remote camera using any old Android phone.
Penetration Testing
SEPTEMBER 18, 2024
The Internet Research Task Force (IRTF) has released a new document, RFC 9620, aimed at drawing the attention of protocol and architecture developers to critical human rights issues. The document... The post RFC 9620: A Call for Human Rights in Internet Protocols appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 18, 2024
AT&T agreed to pay $13 million to settle an FCC investigation into a data breach in January 2023 that put a focus on the evolving security landscape and the growing threat to customer data that organizations store in the cloud. The post AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
222 
Let's personalize your content