Mon.Oct 23, 2023

article thumbnail

Child Exploitation and the Crypto Wars

Schneier on Security

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

article thumbnail

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Krebs on Security

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or perform

Internet 293
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

The Last Watchdog

Cisco’s $28 billion acquisition of Splunk comes at an inflection point of security teams beginning to adopt to working with modern, cloud-native data lakes. Related: Dasera launches new Snowflake platform For years, Splunk has been the workhorse SIEM for many enterprise Security Operation Centers (SOCs). However, security teams have challenges with Splunk’s steeply rising costs.

article thumbnail

Gartner’s Top 10 Strategic Technology Trends for 2024

Tech Republic Security

Artificial intelligence garners the spotlight, taking the top three positions.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web In early October, Resecurity’s HUNTER (HUMINT) unit identified hundreds of millions of personally identifiable information (PII) records belonging to Indian residents, including Aadhaar cards, being offered for sale on the Dark Web.

article thumbnail

Get a Lifetime Subscription of FastestVPN for just $30

Tech Republic Security

In the market for a new VPN? The top-rated FastestVPN has been reduced to just $29.97 for a lifetime subscription if you get it by October 23rd.

VPN 167

More Trending

article thumbnail

How to Enable Passkeys For Your Google Account

Tech Republic Security

Enable passkeys today for fast and secure access to your Google accounts. And Google Workspace administrators may allow people in their organization to use passkeys, too.

article thumbnail

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

Security Affairs

Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

article thumbnail

How to Remove an Apple ID from an iPhone

Tech Republic Security

Learn how to remove an Apple ID from your iPhone easily with this step-by-step guide.

Mobile 148
article thumbnail

Don’t use AI-based apps, Philippine defense ordered its personnel

Security Affairs

The Philippine defense ordered its personnel to stop using AI-based applications to generate personal portraits. The Philippine defense warned of the risks of using AI-based applications to generate personal portraits and ordered its personnel to stop using them. On October 14, Defense Secretary Gilberto Teodoro Jr. issued the directive to ban the AI-based applications. “Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct. 14 memorandum, as Philippine forces have been working

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

1Password Detects Suspicious Activity Following Okta Support Breach

The Hacker News

Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed.

article thumbnail

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Security Affairs

Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. SolarWinds Access Rights Manager (ARM) is a software solution developed by IT management and monitoring software provider SolarWinds, it was designed to help organizations manage and monitor user access and permissions in their I

article thumbnail

Securing Kubernetes Ingress Controllers with SSL / TLS Certificates

GlobalSign

Increased adoption of Kubernetes controllers requires the right security measures. Let’s explore securing Kubernetes plug-ins with SSL / TLS.

136
136
article thumbnail

City of Philadelphia suffers a data breach

Security Affairs

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The incident was discovered on May 24, but further investigation revealed that threat actors have had access to the compromised email accounts at least since

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection

The Hacker News

The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team said.

Hacking 135
article thumbnail

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

Dark Reading

A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding.

Internet 135
article thumbnail

One login to rule them all: Should you sign in with Google or Facebook on other websites?

We Live Security

Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?

article thumbnail

Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

The Hacker News

The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts.

133
133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is an unspecified issue in the web user interface.

Passwords 132
article thumbnail

The outstanding stealth of Operation Triangulation

SecureList

Introduction In our previous blogpost on Triangulation , we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this operation was quite stealthy. This article details one important aspect of this attack – the stealth that was exercised by the threat actor behind it.

article thumbnail

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Security Affairs

The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, Málaga, Huelva, Alicante and Murcia and seized firearms, a katana, a baseball bat, four high-end cars, 80,000 euros in cash, a database with information on four millio

article thumbnail

Block Ads for a Special Price of Just $10/Year

Tech Republic Security

Block ads with a dual 3-year subscription plan of AdGuard VPN and AdGuard Ad Blocker, now available for just $29.97 through October 23.

VPN 126
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Bleeping Computer

Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. [.

123
123
article thumbnail

Network Data Loss Prevention (nDLP) - How Does it Differ from Endpoint Data Loss Prevention (eDLP)?

Digital Guardian

Looking for a nDLP vs. eDLP cheat sheet? In this blog, we break down how network data loss prevention (nDLP) differs from endpoint data loss prevention (eDLP) and vice versa.

119
119
article thumbnail

Google Chrome wants to hide your IP address

Malwarebytes

Google is working out some kinks in the project formerly known as Gnatcatcher , which will now be known under the more descriptive name “IP Protection.” Which means that Chrome is reintroducing a proposal to hide users' IP addresses, to make cross-site tracking more difficult. An Internet Protocol (IP) address is a unique number that’s assigned to your computer when it joins a network.

VPN 117
article thumbnail

Telling Small Businesses to Buy Cyber Insurance Isn't Enough

Dark Reading

To protect themselves from threats, companies also need proactive cybersecurity.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

US energy firm shares how Akira ransomware hacked its systems

Bleeping Computer

In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. [.

article thumbnail

Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile

Dark Reading

A spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.

Mobile 108
article thumbnail

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

The Hacker News

The threat actor known as DoNot Team has been linked to the use of a novel.NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so named for its resemblance to Vtyrei.

article thumbnail

Tips to Help Avoid Internet Fraud

Identity IQ

Tips to Help Avoid Internet Fraud IdentityIQ Today, where the internet plays a crucial role in our daily lives, it is essential to be vigilant and proactive in helping protect yourself from internet fraud. Online scams and fraudulent activities continue to evolve, targeting unsuspecting individuals and causing substantial financial and personal harm.

Internet 105
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.