Tech Republic Security

JULY 8, 2024

Last year, hackers breached an online forum used by OpenAI employees and stole confidential information about the firm’s AI systems.

Hacking 184

Hacking Artificial Intelligence Cybersecurity 184

Penetration Testing

JULY 8, 2024

The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code. The most severe vulnerability, CVE-2024-36138, is... The post CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 8, 2024

Operational technology users face challenges including communication between process engineering and cyber security teams, a growth in malware and ransomware, and insiders making basic technology mistakes.

Technology 184

Technology Engineering Ransomware Malware 184

The Hacker News

JULY 8, 2024

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

Ransomware 144

Ransomware Advertising Encryption Cybersecurity 144

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JULY 8, 2024

Endpoint detection and response (EDR) software is the best way to detect, investigate, and respond to advanced attacks. Endpoint detection and response software is a security solution that protects against malware and other threats.

Software 160

Software Malware Small Business 160

SecureList

JULY 8, 2024

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Government 141

Government Malware Data collection DNS 141

Security Affairs

JULY 8, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399 , to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to depl

Malware 138

Malware Software Cybersecurity Authentication 138

The Hacker News

JULY 8, 2024

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week.

Malware 138

Malware 138

Malwarebytes

JULY 8, 2024

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename, rockyou.txt. To cybercriminals the list has some value because it contains real-world passwords.

Passwords 135

Passwords Authentication Data breaches Accountability 135

The Hacker News

JULY 8, 2024

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.

Banking 137

Banking Cyber Attacks Malware 137

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

JULY 8, 2024

While many organizations are adopting AI at an alarming pace to gain efficiencies and lower operating costs through technology and headcount reduction, they may also be sacrificing their security. The post Human Vigilance is Required Amid AI-Generated Cybersecurity Threats appeared first on Security Boulevard.

Cybersecurity 133

Cybersecurity Technology Social Engineering Engineering 133

The Hacker News

JULY 8, 2024

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week.

Malware 134

Malware Accountability 134

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. RockYou2024 announcement: Source CyberNews The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the handle “ObamaCare.” The experts believe the c

Passwords 131

Passwords Data breaches Hacking Accountability 131

The Hacker News

JULY 8, 2024

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike.

CISO 127

CISO Cybersecurity Ransomware 127

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Thales Cloud Protection & Licensing

JULY 8, 2024

Passwordless 360°: Unblocking the Challenges of FIDO Key Management josh.pearson@t… Mon, 07/08/2024 - 23:25 Identity & Access Management Access Control Gregory Vigroux | Senior Product Manager More About This Author > With sensitive data and apps dispersed across fragmented computing environments, multi-factor authentication (MFA) has emerged as the best way to authenticate and protect our digital identities in the zero-trust security framework.

Authentication 127

Authentication Phishing Digital transformation Encryption 127

SecureWorld News

JULY 8, 2024

Online identities continue to be at risk of vulnerabilities. Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. This unprecedented leak has put the cybersecurity community and beyond on high alert—as if it was not already there—highlighting the ongoing need for robust digital security practices.

Passwords 127

Passwords Password Management Education Accountability 127

Bleeping Computer

JULY 8, 2024

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. [.

Phishing 126

Phishing 126

Penetration Testing

JULY 8, 2024

A proof-of-concept (PoC) exploit has been released, targeting a recently patched high-severity vulnerability (CVE-2024-22274) in the VMware vCenter Server. With a CVSS score of 7.2, the flaw allows attackers with administrative privileges to execute... The post VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover appeared first on Cybersecurity News.

Cybersecurity 126

Cybersecurity 126

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JULY 8, 2024

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

Artificial Intelligence 124

Artificial Intelligence 124

Bleeping Computer

JULY 8, 2024

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. [.

Data breaches 122

Data breaches Retail 122

Penetration Testing

JULY 8, 2024

In a recent revelation, hardware manufacturer ZOTAC faced a significant security lapse that compromised sensitive customer information. Due to inadequate security policies within its after-sales system, critical data related to returns and exchanges became... The post ZOTAC Security Breach Exposes Customer Data in Google Search appeared first on Cybersecurity News.

Manufacturing 118

Manufacturing Cybersecurity Data breaches 118

Bleeping Computer

JULY 8, 2024

Microsoft has finally released a spell check and autocorrect feature in Notepad for all Windows 11 users, forty-one years after the program was introduced in 1983. [.

117

117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Malwarebytes

JULY 8, 2024

Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: “Shopify systems have not experienced a security incident. The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.” The cybercriminal posting under the handle “888” claims the breach took place in 2024 and contains 179,87

Passwords 116

Passwords Data breaches Phishing Password Management 116

Security Boulevard

JULY 8, 2024

While there’s no one-size-fits-all option for securing the cloud, next-generation agents thrive in these fast-moving environments and serve as the critical component of any cloud security strategy. The post Unleashing the Power of Next-Gen Agents for Robust Cloud-Native Security appeared first on Security Boulevard.

Security Awareness 116

Security Awareness Cybersecurity 116

Bleeping Computer

JULY 8, 2024

Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024. [.

Software 114

Software 114

Security Boulevard

JULY 8, 2024

Even as manufacturers tackle convenience issues, the need for digital trust throughout EV infrastructure and ecosystems still remains. The post Balancing Security and Convenience with EV Charging appeared first on Security Boulevard.

Manufacturing 115

Manufacturing Digital transformation Security Awareness Risk 115

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Webroot

JULY 8, 2024

In recognition of its profound impact, July 16 is celebrated as Artificial Intelligence (AI) Appreciation Day. AI is one of the defining technologies of our era, and its adoption is skyrocketing. People are using AI tools like OpenAI’s ChatGPT and Microsoft Copilot for a wide range of personal applications. Indeed, AI is integrated into various aspects of our daily lives — from AI-powered apps that assist with language translation and personal finance management to tools that help with creative

Passwords 108

Passwords Artificial Intelligence Password Management Accountability 108

Security Boulevard

JULY 8, 2024

The supplier performance risk system (SPRS) is a database maintained by the DoD that “utilizes suppliers’ performance data in areas of product delivery and quality to rate performance and predict potential risk.” The post Why SPRS Matters and 4 Steps to Improve Your Security Posture appeared first on Security Boulevard.

Risk 109

Risk Security Awareness Government Cybersecurity 109

Identity IQ

JULY 8, 2024

RockYou2024: Nearly 10 Billion Passwords Exposed in Data Leak IdentityIQ In a cybersecurity incident that has sent shockwaves through the online community, nearly 10 billion unique passwords have been exposed in the “RockYou2024” data breach. This unprecedented leak is believed to be the largest ever recorded, posing significant risks to individual users and organizations globally.

Passwords 104

Passwords Identity Theft Data breaches Password Management 104

Trend Micro

JULY 8, 2024

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Technology 104

Technology Cybersecurity Cyber threats 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity