Tue.Oct 17, 2023

article thumbnail

Security Vulnerability of Switzerland’s E-Voting System

Schneier on Security

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system.

Malware 345
article thumbnail

SHARED INTEL Q&A: Everything the Cisco-Splunk merger tells us about the rise of SIEMs

The Last Watchdog

Cisco’s recent move to acquire SIEM stalwart Splunk for a cool $28 billion aligns with the rising urgency among companies in all sectors to better protect data — even as cyber threats intensify and disruptive advancements in AI add a wild card to this challenge. Related: Will Cisco flub Splunk? Cisco CEO Chuck Robbins hopes to boost the resiliency the network switching giant’s growing portfolio of security services.

Marketing 306
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Software Supply Chain Security Attacks Up 200%: New Sonatype Research

Tech Republic Security

Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.

Software 190
article thumbnail

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

What is the impact of ransomware on organizations? One employee’s mistake can cost a company millions of dollars. Studies show that human error is the root cause of more than 80% of all cyber breaches, whether malicious or unintended. The recent debilitating cyberattacks on casino and resort giants MGM and Caesars are no exception. How can just one employee mishap cost a company millions?

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware

Tech Republic Security

Microsoft OneDrive accounts for 26% of the overall usage of cloud storage apps to host malware, ahead of Microsoft PowerPoint and GitHub.

Malware 173
article thumbnail

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

The Hacker News

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account.

Passwords 138

More Trending

article thumbnail

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA). According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their servic

article thumbnail

Zero to Pentester

IT Security Guru

It’s rare for a young individual in high school to identify what they want to do for the rest of their life and then carry through with it without ever considering moving out of that field. Rewind to 2013—I’m in my 5th year of school, having passed my Scottish Highers and looking to University, alongside applying for some apprenticeships. I had my path laid out in my head, with an Arkwright scholarship with Heriot-Watt University.

Hacking 135
article thumbnail

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Security Affairs

Threat actors exploited the recently disclosed zero-day flaw (CVE-2023-20198) in a large-scale hacking campaign on Cisco IOS XE devices. Threat actors have exploited the recently disclosed critical zero-day vulnerability ( CVE-2023-20198 ) to compromise thousands of Cisco IOS XE devices, security firm VulnCheck warns. Cisco this week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks.

Internet 135
article thumbnail

Operation King TUT: The universe of threats in LATAM

We Live Security

ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting

134
134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Watch Out: Attackers Are Hiding Malware in 'Browser Updates'

Dark Reading

Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.

Malware 134
article thumbnail

Is Collaboration The Key To Aussie Tech Challenges?

Tech Republic Security

As Australian organisations and government departments continue to struggle with IT resourcing, a new wave of collaboration potentially represents the solution.

article thumbnail

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

The Hacker News

A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.

132
132
article thumbnail

Cyber Security Awareness Month – Answering Google’s Most Commonly Asked Questions

Thales Cloud Protection & Licensing

Cyber Security Awareness Month – Answering Google’s Most Commonly Asked Questions madhav Wed, 10/18/2023 - 05:25 This month is Cyber Security Awareness Month , highlighting how far security education needs to go in order to enable a secure interconnected world. Technology continues to improve our lives – but at the same time the risks continue to grow.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

The Hacker News

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure.

Malware 129
article thumbnail

Secure Web Browsing – How to Remove the Headache

Jane Frankland

Data breaches have surged globally this year. By mid-year, there’s been a staggering 156% growth in the total number compared to the previous quarter, with a whopping 855 accounts worldwide being leaked every minute. Sadly, no matter your company size, industry, or geographic location, one thing is clear – these alarming statistics underscore the need for heightened cyber vigilance.

article thumbnail

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

The Hacker News

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.

Software 125
article thumbnail

Insiders Say X’s Crowdsourced Anti-Disinformation Tool Is Making the Problem Worse

WIRED Threat Level

X is promoting Community Notes to solve its disinformation problems, but some former employees and people who currently contribute notes say it’s not fit for that purpose.

Media 121
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack

The Hacker News

Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said. "The data was used for registration purposes back then.

article thumbnail

Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised

Dark Reading

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.

121
121
article thumbnail

Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge

The Hacker News

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security.

Internet 121
article thumbnail

Amazon Quietly Wades Into the Passkey Waters

Dark Reading

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Cisco IOS XE vulnerability widely exploited in the wild

Malwarebytes

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking Operating System (IOS) that enables model-driven programmability, application hosting, and configuration management, helping to automate day-to-day tasks.

Internet 112
article thumbnail

‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites

Dark Reading

The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.

113
113
article thumbnail

Should You Always Use a VPN?

Identity IQ

Should You Always Use a VPN? IdentityIQ Using a virtual private network (VPN) can help keep you safe and anonymous online. It’s a good idea to always keep your VPN active for maximum protection, but there are certain scenarios when you might need to temporarily shut it off. Here’s what you need to know about VPNs. What Is a VPN? A VPN is a service that keeps your internet connection and identity anonymous, helping you maintain privacy.

VPN 111
article thumbnail

What Payroll Documents Do You Need to Pay Employees?

Tech Republic Security

This is a comprehensive list of payroll documents needed to legally pay employees and how to obtain them.

Software 110
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Top 6 Mistakes in Incident Response Tabletop Exercises

Dark Reading

Avoid these errors to get the greatest value from your incident response training sessions.

105
105
article thumbnail

Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies

The Hacker News

Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It's important to understand that financial records can be a veritable treasure trove for digital pirates. A security breach not only puts customers' personal information in jeopardy but also enables fraudsters to drain company funds and exploit clients.

article thumbnail

Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack

Dark Reading

Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.

103
103
article thumbnail

Deciphering the Omnibus for Medical Device Security

NetSpi Executives

Table of Contents TL;DR Key Milestones in the Consolidated Appropriations Act of 2023 (Omnibus) Summary of Updates Relevant to Medical Device Security What to Include in the Plan for the FDA Breach Notification Guidelines and Incident Reporting Key Considerations when Implementing Omnibus Requirements Updated Definition of a Cyber Device How the U.S.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.