Schneier on Security
DECEMBER 29, 2023
Wow : To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location.
Krebs on Security
DECEMBER 29, 2023
KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 29, 2023
With cyberthreats and cyberattacks always on the rise, developing security and risk management skills could be one of the best moves for your business or career.
Bleeping Computer
DECEMBER 29, 2023
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 29, 2023
The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on var
Penetration Testing
DECEMBER 29, 2023
ForensicMiner ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex... The post ForensicMiner: PowerShell-based DFIR automation tool appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
DECEMBER 29, 2023
Invoke-SessionHunter Retrieve and display information about active user sessions on remote computers. No admin privileges are required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers.... The post Invoke-SessionHunter: Retrieve & display information about active user sessions on remote computers appeared first on Penetration Testing.
Security Affairs
DECEMBER 29, 2023
Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”). The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks.
Bleeping Computer
DECEMBER 29, 2023
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack that's now stored on the servers of a Boston cloud storage company. [.
Security Affairs
DECEMBER 29, 2023
An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors. The Cybernews research team has discovered that the Clash Base Designer Easy Copy app exposed its Firebase database and user-sensitive information. With 100,000 downloads on the Google Play store, the app enables Clash of Clans players to build a custom base layout and import it into the game.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
DECEMBER 29, 2023
It's been a quiet week, with even threat actors appearing to take some time off for the holidays. We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. [.
Heimadal Security
DECEMBER 29, 2023
Over 1.3 million customers across the U.S. are being alerted by mortgage servicing company LoanCare that a data breach at its parent company, Fidelity National Financial, may have compromised their private information. With 1.2 million loans and $390 billion in balances under management, LoanCare is a major player in the mortgage servicing industry, offering both […] The post Data Breach Impacts LoanCare Customers appeared first on Heimdal Security Blog.
The Hacker News
DECEMBER 29, 2023
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
Heimadal Security
DECEMBER 29, 2023
Katholische Hospitalvereinigung Ostwestfalen (KHO), a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in the early morning of December 24, 2023, and it drastically impacted the systems that supports the operations of three […] The post Lockbit Ransomware Attack Affects Three German Hospitals appeared first on Heimdal Security Blog.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
DECEMBER 29, 2023
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.
Malwarebytes
DECEMBER 29, 2023
Ransomware gangs care about one thing: Stealing money. Over time, their craven, cybercriminal efforts have toppled businesses, destabilized hospitals, and ruined lives. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery alone—are getting bolder, meaner, and uglier. As Allan Liska, intelligence analyst at Recorded Future, recently said on the Lock and Code podcast , times have changed.
WIRED Threat Level
DECEMBER 29, 2023
It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.
The Hacker News
DECEMBER 29, 2023
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
DECEMBER 29, 2023
Detect & stop black hat hackers with honeytokens. Placed in datasets, these mimic real data, triggering alerts upon interaction. Bolster your cybersecurity now! The post How Honeytokens Can Detect and Stop Black Hat Computer Hackers appeared first on Security Boulevard.
Schneier on Security
DECEMBER 29, 2023
They’re short unique strings : Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t dug into the details enough to know how they can be guaranteed to be collision-free.
Security Boulevard
DECEMBER 29, 2023
Understanding MFA: A Security Necessity for Small Businesses In an age where cyber threats loom larger than ever, Multi-Factor Authentication (MFA) emerges as a vital safeguard for small businesses. MFA, which adds additional layers of security beyond the traditional username and password, is no longer a luxury but a necessity in the modern digital landscape. … MFA For Small Businesses: How to Leverage Multi-Factor Authentication Read More » The post MFA For Small Businesses: How to Leverage Mul
Security Boulevard
DECEMBER 29, 2023
The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things (IoT) and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant ground in this regard are MQTT (Message Queuing Telemetry Transport) and [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
DECEMBER 29, 2023
Seceon has a long history of innovating our cybersecurity platform and its powerful detection and response capabilities. Seceon was founded in 2015 and since then has been recognized The post Seceon Innovations in 2023 – A Look Back on a Big Year appeared first on Seceon. The post Seceon Innovations in 2023 – A Look Back on a Big Year appeared first on Security Boulevard.
Security Boulevard
DECEMBER 29, 2023
Authors/Presenters: Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghin, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Security Boulevard
DECEMBER 29, 2023
Welcome to the TuxCare Weekly Blog Wrap-Up – your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the importance of safeguarding your valuable data and ensuring the smooth operation of your Linux infrastructure. That’s why […] The post Weekly Blog Wrap-Up (December 25- December 28 , 2023) appeared first on TuxCare.
Security Boulevard
DECEMBER 29, 2023
By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to the blockchain’s infrastructure, enabling seamless interactions between smart contracts and external applications.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
DECEMBER 29, 2023
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Xinghui Wu, Shiqing Ma, Chao Shen, Chenhao Lin, Qian Wang, Qi Li, Yuan Rao ‘KENKU: Towards Efficient And Stealthy Black-box Adversarial Attacks Against ASR Systems’ appeared first on
Security Boulevard
DECEMBER 29, 2023
In today’s interconnected, cloud-based world, user credentials are the keys that grant entry to the house that stores an organization’s digital treasure. Just as burglars pick the lock on a physical house, cybercriminals use stolen credentials to gain unauthorized access to a company’s systems and networks. Similarly, cybercriminals can purchase high volumes of stolen credentials […] The post Combo Lists & the Dark Web: Understanding Leaked Credentials appeared first on Flare | Cyber Th
Security Boulevard
DECEMBER 29, 2023
via the comic artistry and dry wit of Randall Munroe , creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Hydrothermal Vents’ appeared first on Security Boulevard.
Expert insights. Personalized for you.
279 
Let's personalize your content