Tue.Oct 29, 2024

article thumbnail

Law Enforcement Deanonymizes Tor Users

Schneier on Security

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.

287
287
article thumbnail

22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published

Penetration Testing

A new critical vulnerability has been discovered in CyberPanel, a popular open-source web hosting control panel, by security researcher DreyAnd. The flaw, a zero-click pre-authentication root remote code execution (RCE),... The post 22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

The Hacker News

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform.

article thumbnail

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.

VPN 128
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan

Security Boulevard

Dimon’s dollars (not yours): No, Chase Bank isn’t going to let you cash bad checks. It’s fraud—no matter what X and TikTok tell you. The post TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan appeared first on Security Boulevard.

Banking 128
article thumbnail

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally.

More Trending

article thumbnail

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

The Hacker News

The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies.

article thumbnail

DigiCert – It’s a Matter of Trust

Security Boulevard

Starlink encountered a high-profile outage in April that caused service to go down for several hours. The reason was an expired digital certificate. Digital certificates have emerged as the currency of digital trust in the hyper-connected world of today. These electronic credentials enable devices to recognize, trust and interoperate with each other.

121
121
article thumbnail

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

Malwarebytes

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS. Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.

Mobile 114
article thumbnail

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.” The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers.

Malware 117
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

The Hacker News

The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K.

104
104
article thumbnail

I converted a mini PC running Windows 11 into a Linux workstation, and it blew me away

Zero Day

If you're looking for a small form-factor PC that doesn't skimp on performance, the Herk Orion might be just what you need.

140
140
article thumbnail

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Trend Micro

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.

article thumbnail

This $99 Android phone is no Pixel 9 Pro, but performs way better than handsets twice the price

Zero Day

Not everyone needs a $1,000 phone​. If you're on a tight budget or you're shopping for the kids, the NUU N10 is a truly impressive budget handset.

122
122
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

The Hacker News

Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution.

article thumbnail

Everything You Need to Know about the Malvertising Cybersecurity Threat

Tech Republic Security

Malvertising is a shortened mash-up of “malicious advertising.” In a nutshell, malvertising is a relatively new cyberattack method in which bad actors inject malicious code into digital ads. These malicious ads are difficult to detect, and are served to internet users using legitimate advertising networks and publishing platforms, such as the Google Search Network.

article thumbnail

Agentic AI is the top strategic technology trend for 2025

Zero Day

Companies will invest heavily in AI agents as the world of work changes forever. Research suggests one executive is the key to unlocking value from these transformations.

article thumbnail

Don't become a statistic: Tips to help keep your personal data off the dark web

We Live Security

You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it

96
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.

VPN 97
article thumbnail

0patch Uncovers and Patches New Windows Zero-Day Vulnerability, Microsoft Scrambles to Re-Fix Flaw

Penetration Testing

Security researchers at 0patch have discovered a new zero-day vulnerability in Microsoft Windows, exposing users to potential credential theft. This revelation comes on the heels of Microsoft’s attempts to patch... The post 0patch Uncovers and Patches New Windows Zero-Day Vulnerability, Microsoft Scrambles to Re-Fix Flaw appeared first on Cybersecurity News.

article thumbnail

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

SecureList

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to victims through websites hosting cracked games. Our recent research into the adware landscape revealed that this malicious CAPTCHA is spreading through a variety of online resources that have nothing to d

Adware 94
article thumbnail

Google's new AI course will teach you to write more effective prompts - in 5 steps

Zero Day

The self-paced 'Prompting Essentials' course requires no previous experience and is available now. You also receive a certificate you can share on LinkedIn.

105
105
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally.

article thumbnail

WebexOne 2024: Cisco's vision for the future of immersive collaboration

Zero Day

At WebexOne, Cisco unveiled transformative AI and XR upgrades to Webex, highlighting a shift from conferencing to a comprehensive platform for immersive, intelligent collaboration.

96
article thumbnail

PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel

Penetration Testing

Three critical remote code execution (RCE) vulnerabilities impacting CyberPanel, a widely used web hosting control panel, are under active exploitation. Threat actors are leveraging these vulnerabilities, tracked as CVE-2024-51567, CVE-2024-51568,... The post PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel appeared first on Cybersecurity News.

article thumbnail

The camera I recommend to most new photographers is not a Nikon or Panasonic

Zero Day

If you're getting serious about photography and ready to upgrade, the Canon EOS R100 is one of the best places to start.

111
111
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Denial-of-Service Vulnerability Found in Squid Proxy Server (CVE-2024-45802)

Penetration Testing

A recent security advisory from the SQUID project has highlighted a critical Denial-of-Service (DoS) vulnerability, tracked as CVE-2024-45802 (CVSS 7.5), in Squid, a popular open-source caching proxy server. Squid, widely... The post Denial-of-Service Vulnerability Found in Squid Proxy Server (CVE-2024-45802) appeared first on Cybersecurity News.

article thumbnail

4 reasons why a maxed-out M4 Mac Mini can't replace my Mac Studio

Zero Day

The compact design and powerful chip make Apple's new Mac Mini ideal for mainstream users who already have a keyboard, monitor, and mouse. But for me, the cons outweigh the pros. Here's why.

94
article thumbnail

The AI Fix #22: Probing AI tongues and ASCII smuggling attacks

Graham Cluley

In episode 22 of "The AI Fix", our hosts encounter a bowl of buttermilk king crab ice cream prepared by a baby hippo, a TV station finds an even better way to generate programme ideas than using a tank full of manatees, and Elon Musk does the world's most expensive Blade Runner cosplay. Graham discovers a robot tongue and ponders the implications of AIs with an appetite, and Mark explains ASCII smuggling — a prompt injection attack that uses completely invisible characters.

79
article thumbnail

This 4-in-1 keychain charger makes traveling with electronics a lot easier

Zero Day

Rolling Square's InCharge XS charges via USB-C, USB-A, and iPhone Lightning in one versatile cable that's compact enough to fit on your keychain.

98
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.