Thu.Apr 04, 2024

article thumbnail

Surveillance by the New Microsoft Outlook App

Schneier on Security

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

article thumbnail

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Phishing 255
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

WIRED Threat Level

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

Internet 145
article thumbnail

YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows

Penetration Testing

Yubico has released a security advisory and patch (version 1.2.6) for its YubiKey Manager GUI software. A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

The Hacker News

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.

144
144
article thumbnail

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Security Affairs

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to the target implementation.

Hacking 143

More Trending

article thumbnail

Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7

Tech Republic Security

Cyber security operatives have been warned to look at the specific ransomware threats facing their country and industry, while closing down common pathways being used by skilled access brokers.

article thumbnail

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

The Hacker News

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said.

Phishing 138
article thumbnail

Jackson County hit by ransomware, declares state of emergency

Malwarebytes

On April 2, 2024, Jackson County tweeted that it had identified significant disruptions within its IT systems, “potentially attributable to a ransomware attack” Jackson County is one of 114 counties in Missouri, with a population of approximately 718,000 people, mostly in Kansas City. We have identified significant disruptions within our IT systems, potentially attributable to a ransomware attack.

article thumbnail

New HTTP/2 DoS attack can crash web servers with a single connection

Bleeping Computer

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [.

138
138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

Security Affairs

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of vulnerabilities addressed by the company is reported below: CVE Description CVSS Vector CVE-2024-21894 A heap overflow vulnerability in IPSec componen

article thumbnail

AI Deepfakes Rising as Risk for APAC Organisations

Tech Republic Security

A cyber security expert from Tenable has called on large tech platforms to do more to identify AI deepfakes for users, while APAC organisations may need to include deepfakes in risk assessments.

Risk 133
article thumbnail

US cancer center City of Hope: data breach impacted 827149 individuals

Security Affairs

US cancer center City of Hope suffered a data breach that impacted 800,000 individuals, personal and health information was compromised. City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized for its comprehensive cancer care, innovative research, and compassionate patient support services.

article thumbnail

Building a Cybersecurity Business: Harsh Truths I Wish I’d Known

Jane Frankland

Recently, a friend of mine who’s just started her own cybersecurity business asked me what I wished I’d known before starting my own business, two decades ago. Having swapped backstories with other “successful” entrepreneurs — including all those not so glamorous aspects — I couldn’t help but write this for her, and for others who are starting out or scaling.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Byakugan Malware: Multi-Faceted Threat Targets User Data, Evades Detection

Penetration Testing

Researchers at FortiGuard Labs have uncovered the inner workings of Byakugan, a versatile malware strain employing a mix of legitimate and malicious components to steal sensitive user data while flying under the radar. This... The post Byakugan Malware: Multi-Faceted Threat Targets User Data, Evades Detection appeared first on Penetration Testing.

article thumbnail

5 Best Password Managers for Android in 2024

Tech Republic Security

Explore the best password managers for Android devices that offer secure storage and easy access to your passwords. Find out which one suits your needs best.

article thumbnail

Efficiency Unleashed: Exploring Automation in IoT Devices

GlobalSign

Explore the synergy of IoT automation and PKI security, enhancing device efficiency and endpoint protection.

IoT 124
article thumbnail

Considerations for Operational Technology Cybersecurity

The Hacker News

Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Get a Lifetime of VPN Protection for Just $16

Tech Republic Security

During a special sale event, you can get an extra 20% off our already discounted price on RealVPN, bringing it down to just $16 for life. Use code SECURE20 at checkout.

VPN 122
article thumbnail

Impact of IoT Security for 5G Technology

Security Boulevard

5G technology impacts not just our daily lifestyle but the Internet of Things (IoT) as well. The world of 5G is not only transformed by hyper-connectivity but is also involved in the future hinges on a critical element: IoT security. While 5G has remarkable speed and capacity, it also provides a large attack surface. Unlike […] The post Impact of IoT Security for 5G Technology appeared first on Kratikal Blogs.

IoT 122
article thumbnail

CoralRaider: Vietnamese Hackers Wage Stealthy Campaign, Targeting Social Media and Financial Data

Penetration Testing

Researchers at Cisco Talos have uncovered a sophisticated cybercrime operation dubbed “CoralRaider,” pinpointing the threat actors as likely based in Vietnam. This group’s attacks are marked by uncommon techniques and a ruthless focus on... The post CoralRaider: Vietnamese Hackers Wage Stealthy Campaign, Targeting Social Media and Financial Data appeared first on Penetration Testing.

Media 116
article thumbnail

Bing ad for NordVPN leads to SecTopRAT

Malwarebytes

Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser. In this blog post, we look at a very recent malvertising campaign impersonating the popular VPN software NordVPN.

VPN 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Apache HTTP Server Hit by Triple Vulnerabilities – Users Urged to Update

Penetration Testing

Security researchers have uncovered three vulnerabilities in the widely used Apache HTTP Server, prompting an urgent call for users to update their installations. The flaws, tracked as CVE-2023-38709, CVE-2024-27316, and CVE-2024-24795, open the door... The post Apache HTTP Server Hit by Triple Vulnerabilities – Users Urged to Update appeared first on Penetration Testing.

article thumbnail

US cancer center data breach exposes info of 827,000 patients

Bleeping Computer

Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [.

article thumbnail

Unpatched Vulnerabilities: Ransomware’s Favorite Entry Point

Penetration Testing

A recent report by Sophos, based on a comprehensive survey conducted by Vanson Bourne, sheds light on the stark realities and heightened risks associated with unpatched vulnerabilities in the context of ransomware attacks. The... The post Unpatched Vulnerabilities: Ransomware’s Favorite Entry Point appeared first on Penetration Testing.

article thumbnail

What makes a ransomware attack eight times as costly? Compromised backups

Graham Cluley

New research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers - with overall recovery costs eight times higher than for those whose backups are not impacted. Read more in my article on th Exponential-e blog.

Backups 101
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Transformative Influence of Generative AI on Intellectual Property

SecureWorld News

The advent of generative AI (GenAI) technologies has ushered in a new era of innovation, offering organizations unprecedented capabilities to create, automate, and optimize. However, with these advancements come complex challenges surrounding intellectual property (IP) management. In a post-ChatGPT world, businesses find themselves at a crossroads, needing to adapt their IP strategies to safeguard their assets effectively.

article thumbnail

Hoya’s optics production and orders disrupted by cyberattack

Bleeping Computer

Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday. [.

article thumbnail

NordVPN Impersonators Exploit Bing Ads to Spread SecTopRAT Malware

Penetration Testing

In yet another instance highlighting the dangers of malvertising, the popular VPN service NordVPN has become the latest target of cybercriminals. Security researchers at Malwarebytes have discovered a sophisticated campaign misusing Bing search ads... The post NordVPN Impersonators Exploit Bing Ads to Spread SecTopRAT Malware appeared first on Penetration Testing.

article thumbnail

Microsoft fixes Outlook security alerts bug caused by December updates

Bleeping Computer

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening.ICS calendar files after installing the December 2023 Outlook Desktop security updates [.

92
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.