Schneier on Security

APRIL 4, 2024

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

Surveillance 333

Surveillance Advertising Data collection 333

Krebs on Security

APRIL 4, 2024

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Phishing 239

Phishing Cryptocurrency DDOS Internet 239

Jane Frankland

APRIL 4, 2024

Recently, a friend of mine who’s just started her own cybersecurity business asked me what I wished I’d known before starting my own business, two decades ago. Having swapped backstories with other “successful” entrepreneurs — including all those not so glamorous aspects — I couldn’t help but write this for her, and for others who are starting out or scaling.

Cybersecurity 130

Cybersecurity Banking Marketing Technology 130

Penetration Testing

APRIL 4, 2024

Yubico has released a security advisory and patch (version 1.2.6) for its YubiKey Manager GUI software. A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

APRIL 4, 2024

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

Internet 142

Internet Internet Hacking 142

Bleeping Computer

APRIL 4, 2024

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [.

138

138

Tech Republic Security

APRIL 4, 2024

A cyber security expert from Tenable has called on large tech platforms to do more to identify AI deepfakes for users, while APAC organisations may need to include deepfakes in risk assessments.

Risk 125

Risk Artificial Intelligence 125

Security Boulevard

APRIL 4, 2024

5G technology impacts not just our daily lifestyle but the Internet of Things (IoT) as well. The world of 5G is not only transformed by hyper-connectivity but is also involved in the future hinges on a critical element: IoT security. While 5G has remarkable speed and capacity, it also provides a large attack surface. Unlike […] The post Impact of IoT Security for 5G Technology appeared first on Kratikal Blogs.

IoT 122

IoT Technology Internet Internet 122

Tech Republic Security

APRIL 4, 2024

Cyber security operatives have been warned to look at the specific ransomware threats facing their country and industry, while closing down common pathways being used by skilled access brokers.

Ransomware 125

Ransomware 125

The Hacker News

APRIL 4, 2024

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated.

Malware 124

Malware 124

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

APRIL 4, 2024

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to the target implementation.

Hacking 138

Hacking Information Security 138

Penetration Testing

APRIL 4, 2024

Researchers at FortiGuard Labs have uncovered the inner workings of Byakugan, a versatile malware strain employing a mix of legitimate and malicious components to steal sensitive user data while flying under the radar. This... The post Byakugan Malware: Multi-Faceted Threat Targets User Data, Evades Detection appeared first on Penetration Testing.

Penetration Testing 125

Penetration Testing Malware 125

The Hacker News

APRIL 4, 2024

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said.

Phishing 116

Phishing Malware 116

Security Affairs

APRIL 4, 2024

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of vulnerabilities addressed by the company is reported below: CVE Description CVSS Vector CVE-2024-21894 A heap overflow vulnerability in IPSec componen

Authentication 126

Authentication Hacking Cybersecurity Information Security 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

APRIL 4, 2024

During a special sale event, you can get an extra 20% off our already discounted price on RealVPN, bringing it down to just $16 for life. Use code SECURE20 at checkout.

VPN 107

VPN Encryption 107

Security Affairs

APRIL 4, 2024

US cancer center City of Hope suffered a data breach that impacted 800,000 individuals, personal and health information was compromised. City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized for its comprehensive cancer care, innovative research, and compassionate patient support services.

Data breaches 126

Data breaches Identity Theft Insurance Banking 126

Malwarebytes

APRIL 4, 2024

On April 2, 2024, Jackson County tweeted that it had identified significant disruptions within its IT systems, “potentially attributable to a ransomware attack” Jackson County is one of 114 counties in Missouri, with a population of approximately 718,000 people, mostly in Kansas City. We have identified significant disruptions within our IT systems, potentially attributable to a ransomware attack.

Ransomware 110

Ransomware Backups Malware Software 110

Penetration Testing

APRIL 4, 2024

Researchers at Cisco Talos have uncovered a sophisticated cybercrime operation dubbed “CoralRaider,” pinpointing the threat actors as likely based in Vietnam. This group’s attacks are marked by uncommon techniques and a ruthless focus on... The post CoralRaider: Vietnamese Hackers Wage Stealthy Campaign, Targeting Social Media and Financial Data appeared first on Penetration Testing.

Media 115

Media Penetration Testing Cybercrime Malware 115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

APRIL 4, 2024

New research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers - with overall recovery costs eight times higher than for those whose backups are not impacted. Read more in my article on th Exponential-e blog.

Backups 105

Backups Ransomware Data breaches Malware 105

Tech Republic Security

APRIL 4, 2024

Explore the best password managers for Android devices that offer secure storage and easy access to your passwords. Find out which one suits your needs best.

Password Management 110

Password Management Passwords 110

Penetration Testing

APRIL 4, 2024

Security researchers have uncovered three vulnerabilities in the widely used Apache HTTP Server, prompting an urgent call for users to update their installations. The flaws, tracked as CVE-2023-38709, CVE-2024-27316, and CVE-2024-24795, open the door... The post Apache HTTP Server Hit by Triple Vulnerabilities – Users Urged to Update appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Bleeping Computer

APRIL 4, 2024

Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [.

Data breaches 109

Data breaches Healthcare 109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

APRIL 4, 2024

A recent report by Sophos, based on a comprehensive survey conducted by Vanson Bourne, sheds light on the stark realities and heightened risks associated with unpatched vulnerabilities in the context of ransomware attacks. The... The post Unpatched Vulnerabilities: Ransomware’s Favorite Entry Point appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Ransomware Risk Malware 104

GlobalSign

APRIL 4, 2024

Explore the synergy of IoT automation and PKI security, enhancing device efficiency and endpoint protection.

IoT 124

IoT 124

Bleeping Computer

APRIL 4, 2024

Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday. [.

Manufacturing 95

Manufacturing 95

Malwarebytes

APRIL 4, 2024

Most of the malicious search ads we have seen have originated from Google, but threat actors are also abusing other search engines. Microsoft Bing is probably the second best target due to its close ties to the Windows ecosystem and Edge browser. In this blog post, we look at a very recent malvertising campaign impersonating the popular VPN software NordVPN.

VPN 102

VPN Advertising DNS Malware 102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

APRIL 4, 2024

The advent of generative AI (GenAI) technologies has ushered in a new era of innovation, offering organizations unprecedented capabilities to create, automate, and optimize. However, with these advancements come complex challenges surrounding intellectual property (IP) management. In a post-ChatGPT world, businesses find themselves at a crossroads, needing to adapt their IP strategies to safeguard their assets effectively.

Education 95

Education Technology Risk Government 95

The Hacker News

APRIL 4, 2024

Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world.

Technology 94

Technology Cybersecurity Software 94

SecureBlitz

APRIL 4, 2024

Ever heard of being kidnapped for ransom? That's exactly what a Ransomware does, it kidnaps your files and data in exchange for ransom. In this post, we will show you how to remove ransomware. What is a Ransomware? A Ransomware is a program that is intended to lock you out of your computer system, so […] The post What is Ransomware? Signs and How to remove it?

Ransomware 88

Ransomware Cybersecurity Cyber threats 88

Bleeping Computer

APRIL 4, 2024

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening.ICS calendar files after installing the December 2023 Outlook Desktop security updates [.

92

92

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government