Mon.May 06, 2024

article thumbnail

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

VPN 306
article thumbnail

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Schneier on Security

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.

280
280
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Udemy Report: Which IT Skills Are Most in Demand in Q1 2024?

Tech Republic Security

Informatica PowerCenter, Microsoft Playwright and Oracle Database SQL top Udemy’s list of most popular tech courses.

Big data 187
article thumbnail

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

WIRED Threat Level

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

Spyware 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google Steps Up The Battle Against Gmail Spam

Tech Republic Security

Additional enforcement means non-compliant email may be delivered to spam folders. Here’s what Google Workspace administrators and Gmail users need to know.

article thumbnail

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The Hacker News

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.

145
145

More Trending

article thumbnail

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

The Hacker News

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android.

Mobile 145
article thumbnail

El Salvador suffered a massive leak of biometric data

Security Affairs

Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over five million citizens of El Salvador on the Dark Web. Resecurity identified a massive leak of the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web , impacting more than 80% of the country’s population.

article thumbnail

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

The Hacker News

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.

Internet 143
article thumbnail

Financial cyberthreats in 2023

SecureList

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommend

Phishing 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

The Hacker News

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs.

Spyware 143
article thumbnail

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme. Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. BTC-e processed over $9 billion in transactions and served over one million users globally, including many in the United States.

article thumbnail

Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks

Penetration Testing

The very backbone of Virtual Private Networks (VPNs), praised for their ability to secure online activities, is under scrutiny following a breakthrough discovery by Dani Cronce and Lizzie Moratti from Leviathan Security Group. Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on Penetration Testing.

VPN 136
article thumbnail

Germany Warns Russia: Hacking Will Have Consequences

Security Boulevard

War of the words: Fancy Bear actions are “intolerable and unacceptable,” complains German foreign minister Annalena Baerbock. The post Germany Warns Russia: Hacking Will Have Consequences appeared first on Security Boulevard.

Hacking 135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

The Hacker News

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price?

133
133
article thumbnail

City of Wichita hit by a ransomware attack

Security Affairs

The City of Wichita in Kansas was forced to shut down its computer systems after a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. The security breach took place on May 5th, 2024, and immediately started its incident response procedure to prevent the threat from spreading.

article thumbnail

CVE-2024-34456: Trend Micro Patches Code Injection Vulnerability in Antivirus One

Penetration Testing

Trend Micro, a leading provider of cybersecurity solutions, has released an important update for its Antivirus One software, targeting a critical vulnerability that could have allowed attackers to inject malicious code. The issue tracked... The post CVE-2024-34456: Trend Micro Patches Code Injection Vulnerability in Antivirus One appeared first on Penetration Testing.

Antivirus 131
article thumbnail

City of Wichita shuts down IT network after ransomware attack

Bleeping Computer

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. [.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The hacker’s toolkit: 4 gadgets that could spell security trouble

We Live Security

Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

119
119
article thumbnail

Elevating Cybersecurity: How CybeReady Transforms Threat Intelligence for Businesses

Security Boulevard

Cyber threats are relentless, and the methods used by cybercriminals are constantly evolving. To strengthen your security posture, it’s crucial to have timely and actionable threat intelligence. However, while technology is vital to your defense, the human element remains a significant potential vulnerability. Consider how these two disparate items intertwine.

article thumbnail

Microsoft tests using MT/s for memory speed in Windows 11 Task Manager

Bleeping Computer

Microsoft is testing showing memory speeds as MT/s (mega-transfers per second) rather than MHz (megahertz) in the Windows 11 Task Manager. [.

115
115
article thumbnail

A week in security (April 29 – May 5)

Malwarebytes

Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online Wireless carriers fined $200 million after illegally sharing customer location data Malwarebytes Premium Security earns “Product of the Year” from AVLab FBI warn

Wireless 114
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Identity, Credential Misconfigurations Open Worrying Security Gaps

Security Boulevard

A report found more than 40 million exposures are impacting 11.5 million critical business entities, with more than half related to cloud platforms. The post Identity, Credential Misconfigurations Open Worrying Security Gaps appeared first on Security Boulevard.

article thumbnail

Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10

Malwarebytes

This week on the Lock and Code podcast… You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological experiment, in turns out that having the entirety of the internet in the palm of your hands could be … not so great.

Media 113
article thumbnail

Can You Outsmart Cybercriminals? Stay One Step Ahead with a Powerful Antivirus Solution!

Quick Heal Antivirus

Let’s face it: the digital landscape is a treacherous realm. Cyber attackers keep hunting for vulnerabilities, finding ways. The post Can You Outsmart Cybercriminals? Stay One Step Ahead with a Powerful Antivirus Solution! appeared first on Quick Heal Blog.

Antivirus 111
article thumbnail

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

Security Boulevard

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks. [.

110
110
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Cisco Hypershield – Our Vision to Combat Unknown Vulnerabilities

Cisco Security

By now, I hope you have had a chance to learn about the first-of-its-kind, groundbreaking solution we recently announced : Cisco Hypershield. As I covered in my previous blog , the unique architecture… Read more on Cisco Blogs Cisco Hypershield can help protect organizations agains unknown vulnerabilities by detecting and blocking unknown vulnerabilities in runtime workloads.

article thumbnail

Key Insights from the OpenText 2024 Threat Perspective

Webroot

As we navigate through 2024, the cyber threat landscape continues to evolve, bringing new challenges for both businesses and individual consumers. The latest OpenText Threat Report provides insight into these changes, offering vital insights that help us prepare and protect ourselves against emerging threats. Here’s what you need to know: The Resilience of Ransomware Ransomware remains a formidable adversary, with groups like LockBit demonstrating an uncanny ability to bounce back even after sig

article thumbnail

Bitcoin ATM Scams: What You Need to Know

Identity IQ

Bitcoin ATM Scams: What You Need to Know IdentityIQ Bitcoin, the popular digital currency, has opened new avenues for online transactions and investments. While its decentralized nature offers benefits, it has also created opportunities for scammers to exploit unsuspecting individuals. With the growing prevalence of Bitcoin ATMs (also known as Bitcoin kiosks), it’s essential to be aware of the potential scams and take necessary precautions.

Scams 98
article thumbnail

Cisco & Splunk: A Complete SOC Platform Purpose-Built for the AI-Driven Future

Cisco Security

Organizations come in all shapes and sizes. From big companies to small, local companies to multi-nationals, unregulated to highly regulated — the size and sophistication of organizations operating i… Read more on Cisco Blogs We're excited about the integration of Cisco XDR and Splunk Enterprise Security, creating a SecOps platform that can grow with customers as needs change.

96
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.