Fri.Oct 13, 2023

article thumbnail

Hacking the High School Grading System

Schneier on Security

Interesting New York Times article about high-school students hacking the grading system. What’s not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail—they have a grading floor under them, they know it, and that allows them to game the system. Several teachers whom I spoke with or who responded to my questionnaire mentioned policies stating that students cannot get lower than a 50 percent on any assignment, eve

Hacking 289
article thumbnail

How to Use the Scp Command to Securely Send a File from Your Desktop to a Server

Tech Republic Security

Learn how to use the scp command to transfer files securely with this step-by-step tutorial by expert Jack Wallen.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

The Hacker News

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said.

article thumbnail

Windscribe VPN Review (2023): Is It a Reliable VPN for You?

Tech Republic Security

We evaluate the features, performance, security, and pricing of Windscribe VPN to help you determine if it's a reliable VPN service for your needs.

VPN 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Explained: Quishing

Malwarebytes

Quishing is phishing using QR (Quick Response) codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns is not new, and because they can provide contactless access to a product or service they grew in popularity during the Covid-19 pandemic.

Phishing 139
article thumbnail

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) provides known IOCs, TTPs, and detection methods associated with the AvosLocker ransomware variant employed in recent attacks.

More Trending

article thumbnail

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive , that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan.

article thumbnail

ChatGPT at work: how chatbots help employees, but threaten business

SecureList

Workhorse Only a few months ago, ChatGPT and other chatbots based on large language models (LLMs) were still a novelty. Users enjoyed using them to compose poems and lyrics in the style of famous artists (which left Nick Cave, for example, decidedly unimpressed ), researchers debated blowing up data centers to prevent super AI from unleashing Armageddon, while security specialists persuaded a stubborn chatbot to give them phone-tapping and car-jacking instructions.

article thumbnail

Microsoft plans to kill off NTLM authentication in Windows 11

Bleeping Computer

Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future. [.

article thumbnail

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The Hacker News

The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities.

Hacking 129
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft: October Windows 10 security updates fail to install

Bleeping Computer

Microsoft says Windows 10 security updates released during this month's Patch Tuesday may fail to install with 0x8007000d errors, although initially displaying progress. [.

129
129
article thumbnail

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

The Hacker News

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware.

Malware 126
article thumbnail

23andMe hit with lawsuits after hacker leaks stolen genetics data

Bleeping Computer

Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. [.

article thumbnail

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The Hacker News

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky

Dark Reading

The Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours could expose organizations to attacks — or government surveillance.

article thumbnail

After hackers distribute malware in game updates, Steam adds SMS-based security check for developers

Graham Cluley

Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware. But have they chosen the best way to protect developers' accounts? Read more in my article on the Hot for Security blog.

Malware 117
article thumbnail

What the Hollywood Writers Strike Resolution Means for Cybersecurity

Dark Reading

The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.

article thumbnail

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

The Hacker News

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

PureVPN Review (2023): Features, Pricing & Security

Tech Republic Security

Read the comprehensive PureVPN review to learn about its features, pricing, security and more. Find out if PureVPN is the right VPN service for you.

VPN 114
article thumbnail

ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic

Dark Reading

The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach.

DDOS 113
article thumbnail

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

The Hacker News

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD.

article thumbnail

How MOVEit Is Likely to Shift Cyber Insurance Calculus

Dark Reading

Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Friday Five: The Top 10 Misconfigurations, Hacktivism in the Middle East, USPS Phishing Scams, & More

Digital Guardian

This past week was marked by an increase of DDoS attacks, hacktivism, elaborate phishing scams, and more. Catch up on all of these stories and more in this week’s Friday Five!

Scams 111
article thumbnail

CISA shares vulnerabilities, misconfigs used by ransomware gangs

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. [.

article thumbnail

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber attacks. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process.

article thumbnail

Hackers use Binance Smart Chain contracts to store malicious scripts

Bleeping Computer

Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How CompTIA Certifications Help Start and Advance Cybersecurity Careers

CompTIA on Cybersecurity

CompTIA can help IT professionals start and advance their careers. Here are 5 IT pros who were benefitted by CompTIA in their cybersecurity career journeys.

article thumbnail

Balada Injector Malware Hits More Than 17,000 WordPress Sites

Heimadal Security

A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper and Newsmag WordPress themes. Both themes are paid for and used by 155,500 websites.

Malware 104
article thumbnail

7 Best Penetration Testing Service Providers in 2023

eSecurity Planet

Penetration testing is a critically important cybersecurity practice, but one that many organizations lack the on-staff skills to do themselves. Fortunately, there are many pentesting services out there that can do the job for them across a range of budgets and needs. And many organizations that do have on-staff pentesting expertise want the objective view of an outsider to better discover vulnerabilities and weaknesses that hackers might otherwise find first, and so even the most advanced organ

article thumbnail

FBI, CISA: Beware of AvosLocker Ransomware Attacks

Heimadal Security

In a new joint cybersecurity advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released information on the AvosLocker ransomware gang, that has been linked to attacks against critical infrastructure sectors in the U.S., some of them detected as recently as May 2023. Beware of AvosLocker’s Techniques […] The post FBI, CISA: Beware of AvosLocker Ransomware Attacks appeared first on Heimdal Security Blog.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.