Schneier on Security
OCTOBER 29, 2024
The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.
Penetration Testing
OCTOBER 29, 2024
A new critical vulnerability has been discovered in CyberPanel, a popular open-source web hosting control panel, by security researcher DreyAnd. The flaw, a zero-click pre-authentication root remote code execution (RCE),... The post 22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published appeared first on Cybersecurity News.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
OCTOBER 29, 2024
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform.
Security Affairs
OCTOBER 29, 2024
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
OCTOBER 29, 2024
Dimon’s dollars (not yours): No, Chase Bank isn’t going to let you cash bad checks. It’s fraud—no matter what X and TikTok tell you. The post TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan appeared first on Security Boulevard.
Security Affairs
OCTOBER 29, 2024
A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
OCTOBER 29, 2024
The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies.
Security Boulevard
OCTOBER 29, 2024
Starlink encountered a high-profile outage in April that caused service to go down for several hours. The reason was an expired digital certificate. Digital certificates have emerged as the currency of digital trust in the hyper-connected world of today. These electronic credentials enable devices to recognize, trust and interoperate with each other.
Malwarebytes
OCTOBER 29, 2024
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS. Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.
Security Affairs
OCTOBER 29, 2024
Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.” The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
OCTOBER 29, 2024
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K.
Zero Day
OCTOBER 29, 2024
If you're looking for a small form-factor PC that doesn't skimp on performance, the Herk Orion might be just what you need.
Trend Micro
OCTOBER 29, 2024
In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.
Zero Day
OCTOBER 29, 2024
Not everyone needs a $1,000 phone. If you're on a tight budget or you're shopping for the kids, the NUU N10 is a truly impressive budget handset.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
OCTOBER 29, 2024
Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution.
Tech Republic Security
OCTOBER 29, 2024
Malvertising is a shortened mash-up of “malicious advertising.” In a nutshell, malvertising is a relatively new cyberattack method in which bad actors inject malicious code into digital ads. These malicious ads are difficult to detect, and are served to internet users using legitimate advertising networks and publishing platforms, such as the Google Search Network.
Zero Day
OCTOBER 29, 2024
Companies will invest heavily in AI agents as the world of work changes forever. Research suggests one executive is the key to unlocking value from these transformations.
We Live Security
OCTOBER 29, 2024
You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
OCTOBER 29, 2024
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.
Penetration Testing
OCTOBER 29, 2024
Security researchers at 0patch have discovered a new zero-day vulnerability in Microsoft Windows, exposing users to potential credential theft. This revelation comes on the heels of Microsoft’s attempts to patch... The post 0patch Uncovers and Patches New Windows Zero-Day Vulnerability, Microsoft Scrambles to Re-Fix Flaw appeared first on Cybersecurity News.
SecureList
OCTOBER 29, 2024
Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to victims through websites hosting cracked games. Our recent research into the adware landscape revealed that this malicious CAPTCHA is spreading through a variety of online resources that have nothing to d
Zero Day
OCTOBER 29, 2024
The self-paced 'Prompting Essentials' course requires no previous experience and is available now. You also receive a certificate you can share on LinkedIn.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Affairs
OCTOBER 29, 2024
A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally.
Zero Day
OCTOBER 29, 2024
At WebexOne, Cisco unveiled transformative AI and XR upgrades to Webex, highlighting a shift from conferencing to a comprehensive platform for immersive, intelligent collaboration.
Penetration Testing
OCTOBER 29, 2024
Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation. Threat actors are leveraging these vulnerabilities, tracked as CVE-2024-51567, CVE-2024-51568,... The post PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel appeared first on Cybersecurity News.
Zero Day
OCTOBER 29, 2024
If you're getting serious about photography and ready to upgrade, the Canon EOS R100 is one of the best places to start.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Penetration Testing
OCTOBER 29, 2024
A recent security advisory from the SQUID project has highlighted a critical Denial-of-Service (DoS) vulnerability, tracked as CVE-2024-45802 (CVSS 7.5), in Squid, a popular open-source caching proxy server. Squid, widely... The post Denial-of-Service Vulnerability Found in Squid Proxy Server (CVE-2024-45802) appeared first on Cybersecurity News.
Zero Day
OCTOBER 29, 2024
The compact design and powerful chip make Apple's new Mac Mini ideal for mainstream users who already have a keyboard, monitor, and mouse. But for me, the cons outweigh the pros. Here's why.
Graham Cluley
OCTOBER 29, 2024
In episode 22 of "The AI Fix", our hosts encounter a bowl of buttermilk king crab ice cream prepared by a baby hippo, a TV station finds an even better way to generate programme ideas than using a tank full of manatees, and Elon Musk does the world's most expensive Blade Runner cosplay. Graham discovers a robot tongue and ponders the implications of AIs with an appetite, and Mark explains ASCII smuggling — a prompt injection attack that uses completely invisible characters.
Zero Day
OCTOBER 29, 2024
Rolling Square's InCharge XS charges via USB-C, USB-A, and iPhone Lightning in one versatile cable that's compact enough to fit on your keychain.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
287 
Let's personalize your content