Tech Republic Security

JULY 8, 2024

Last year, hackers breached an online forum used by OpenAI employees and stole confidential information about the firm’s AI systems.

Hacking 178

Hacking Artificial Intelligence Cybersecurity 178

Penetration Testing

JULY 8, 2024

The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code. The most severe vulnerability, CVE-2024-36138, is... The post CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 8, 2024

Operational technology users face challenges including communication between process engineering and cyber security teams, a growth in malware and ransomware, and insiders making basic technology mistakes.

Technology 178

Technology Engineering Ransomware Malware 178

WIRED Threat Level

JULY 8, 2024

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

Artificial Intelligence 145

Artificial Intelligence 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JULY 8, 2024

Endpoint detection and response (EDR) software is the best way to detect, investigate, and respond to advanced attacks. Endpoint detection and response software is a security solution that protects against malware and other threats.

Software 154

Software Malware Small Business 154

The Hacker News

JULY 8, 2024

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

Ransomware 144

Ransomware Advertising Encryption Cybersecurity 144

Malwarebytes

JULY 8, 2024

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename, rockyou.txt. To cybercriminals the list has some value because it contains real-world passwords.

Passwords 141

Passwords Authentication Data breaches Accountability 141

The Hacker News

JULY 8, 2024

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration.

Government 140

Government Cybersecurity 140

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. RockYou2024 announcement: Source CyberNews The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the handle “ObamaCare.” The experts believe the c

Passwords 137

Passwords Data breaches Hacking Accountability 137

The Hacker News

JULY 8, 2024

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.

Banking 137

Banking Cyber Attacks Malware 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

SecureList

JULY 8, 2024

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Government 133

Government Malware Data collection DNS 133

The Hacker News

JULY 8, 2024

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week.

Malware 137

Malware 137

Malwarebytes

JULY 8, 2024

Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: “Shopify systems have not experienced a security incident. The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.” The cybercriminal posting under the handle “888” claims the breach took place in 2024 and contains 179,87

Passwords 133

Passwords Data breaches Phishing Password Management 133

The Hacker News

JULY 8, 2024

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week.

Malware 135

Malware Accountability 135

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JULY 8, 2024

While many organizations are adopting AI at an alarming pace to gain efficiencies and lower operating costs through technology and headcount reduction, they may also be sacrificing their security. The post Human Vigilance is Required Amid AI-Generated Cybersecurity Threats appeared first on Security Boulevard.

Cybersecurity 133

Cybersecurity Technology Social Engineering Engineering 133

The Hacker News

JULY 8, 2024

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike.

CISO 128

CISO Cybersecurity Ransomware 128

Thales Cloud Protection & Licensing

JULY 8, 2024

Passwordless 360°: Unblocking the Challenges of FIDO Key Management josh.pearson@t… Mon, 07/08/2024 - 23:25 Identity & Access Management Access Control Gregory Vigroux | Senior Product Manager More About This Author > With sensitive data and apps dispersed across fragmented computing environments, multi-factor authentication (MFA) has emerged as the best way to authenticate and protect our digital identities in the zero-trust security framework.

Authentication 127

Authentication Phishing Digital transformation Encryption 127

Bleeping Computer

JULY 8, 2024

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. [.

Phishing 126

Phishing 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

JULY 8, 2024

A proof-of-concept (PoC) exploit has been released, targeting a recently patched high-severity vulnerability (CVE-2024-22274) in the VMware vCenter Server. With a CVSS score of 7.2, the flaw allows attackers with administrative privileges to execute... The post VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover appeared first on Cybersecurity News.

Cybersecurity 124

Cybersecurity 124

Bleeping Computer

JULY 8, 2024

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. [.

Data breaches 123

Data breaches Retail 123

Penetration Testing

JULY 8, 2024

In a recent revelation, hardware manufacturer ZOTAC faced a significant security lapse that compromised sensitive customer information. Due to inadequate security policies within its after-sales system, critical data related to returns and exchanges became... The post ZOTAC Security Breach Exposes Customer Data in Google Search appeared first on Cybersecurity News.

Manufacturing 116

Manufacturing Cybersecurity Data breaches 116

Bleeping Computer

JULY 8, 2024

Microsoft has finally released a spell check and autocorrect feature in Notepad for all Windows 11 users, forty-one years after the program was introduced in 1983. [.

117

117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 8, 2024

While there’s no one-size-fits-all option for securing the cloud, next-generation agents thrive in these fast-moving environments and serve as the critical component of any cloud security strategy. The post Unleashing the Power of Next-Gen Agents for Robust Cloud-Native Security appeared first on Security Boulevard.

Security Awareness 116

Security Awareness Cybersecurity 116

SecureWorld News

JULY 8, 2024

Online identities continue to be at risk of vulnerabilities. Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. This unprecedented leak has put the cybersecurity community and beyond on high alert—as if it was not already there—highlighting the ongoing need for robust digital security practices.

Passwords 115

Passwords Password Management Education Accountability 115

Security Boulevard

JULY 8, 2024

Even as manufacturers tackle convenience issues, the need for digital trust throughout EV infrastructure and ecosystems still remains. The post Balancing Security and Convenience with EV Charging appeared first on Security Boulevard.

Manufacturing 115

Manufacturing Digital transformation Security Awareness Risk 115

Bleeping Computer

JULY 8, 2024

Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024. [.

Software 114

Software 114

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JULY 8, 2024

The supplier performance risk system (SPRS) is a database maintained by the DoD that “utilizes suppliers’ performance data in areas of product delivery and quality to rate performance and predict potential risk.” The post Why SPRS Matters and 4 Steps to Improve Your Security Posture appeared first on Security Boulevard.

Risk 109

Risk Security Awareness Government Cybersecurity 109

Identity IQ

JULY 8, 2024

RockYou2024: Nearly 10 Billion Passwords Exposed in Data Leak IdentityIQ In a cybersecurity incident that has sent shockwaves through the online community, nearly 10 billion unique passwords have been exposed in the “RockYou2024” data breach. This unprecedented leak is believed to be the largest ever recorded, posing significant risks to individual users and organizations globally.

Passwords 104

Passwords Identity Theft Data breaches Password Management 104

Bleeping Computer

JULY 8, 2024

A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. [.

104

104

Security Boulevard

JULY 8, 2024

The need for robust authentication mechanisms has become paramount in the ever-evolving landscape of digital security. The post Navigating Authentication Challenges: A Closer Look at Contemporary CIAM appeared first on Security Boulevard.

Authentication 99

Authentication Social Engineering Engineering Security Awareness 99

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity