Tue.Mar 26, 2024

article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 362
article thumbnail

On Secure Voting Systems

Schneier on Security

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft: 87% of UK Businesses Are Unprepared for Cyberattacks

Tech Republic Security

Microsoft has called on UK business leaders to "fight fire with fire" by adopting AI cybersecurity tools to defend themselves from cyberattacks.

article thumbnail

AI and Trust

Schneier on Security

Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier.

287
287
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

6 Best Authenticator Apps for 2024

Tech Republic Security

Authenticator apps provide an extra layer of security. Learn about the best authenticator apps to secure your online accounts and protect your privacy.

article thumbnail

YouTube ordered to reveal the identities of video viewers

Malwarebytes

Federal US authorities have asked Google for the names, addresses, telephone numbers, and user activity of accounts that watched certain YouTube videos, according to unsealed court documents Forbes has seen. Of those users that weren’t logged in when they watched those videos between January 1 and 8, 2023, the authorities asked for the IP addresses.

VPN 145

More Trending

article thumbnail

CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server

Penetration Testing

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955). This flaw has now joined CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling... The post CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server appeared first on Penetration Testing.

article thumbnail

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The Hacker News

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.

article thumbnail

Top ITSM Certifications for 2024

Tech Republic Security

Learn about ITSM certifications and which ones are most important for various roles within the technology sector.

article thumbnail

TheMoon bot infected 40,000 devices in January and February

Security Affairs

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT 142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Patch now: Mozilla patches two critical vulnerabilities in Firefox

Malwarebytes

Mozilla released version 124.0.1 of the Firefox browser to Release channel users (the default channel that most non-developers run) on March 22, 2024. The new version fixes two critical security vulnerabilities. One of the vulnerabilities affects Firefox on desktop only, and doesn’t affect mobile versions of Firefox. Windows users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser.

Mobile 142
article thumbnail

Finnish police linked APT31 to the 2021 parliament attack

Security Affairs

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple offenses, including aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of the secrecy of communications.

Hacking 141
article thumbnail

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

The Hacker News

Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months.

article thumbnail

TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service

Bleeping Computer

A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. [.

Malware 137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Crafting Shields: Defending Minecraft Servers Against DDoS Attacks

The Hacker News

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game’s reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection.

DDOS 138
article thumbnail

Free VPN apps on Google Play turned Android phones into proxies

Bleeping Computer

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. [.

VPN 135
article thumbnail

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

The Hacker News

Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024.

article thumbnail

Julian Assange Won’t Be Extradited to the US Yet

WIRED Threat Level

A high court in London says the WikiLeaks founder won’t be extradited “immediately” and the US must provide more “assurances” about any extradition.

133
133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Telegram Privacy Nightmare: Don’t Opt In to P2PL

Security Boulevard

Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service. The post Telegram Privacy Nightmare: Don’t Opt In to P2PL appeared first on Security Boulevard.

article thumbnail

CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published!

Penetration Testing

The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. This flaw, rated a 7.8 on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! appeared first on Penetration Testing.

article thumbnail

Finland confirms APT31 hackers behind 2021 parliament breach

Bleeping Computer

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. [.

Hacking 123
article thumbnail

Borrower beware: Common loan scams and how to avoid them

We Live Security

Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.

Scams 122
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-27981: Critical Vulnerability Patched in Ubiquiti UniFi Network Application

Penetration Testing

Ubiquiti Networks has released an urgent security update for its popular UniFi Network Application. This critical patch addresses a vulnerability that, if exploited, could allow attackers with administrative access to gain root-level control of... The post CVE-2024-27981: Critical Vulnerability Patched in Ubiquiti UniFi Network Application appeared first on Penetration Testing.

article thumbnail

Complex Supply Chain Attack Targets GitHub Developers

Security Boulevard

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with.

Software 118
article thumbnail

$700 cybercrime software turns Raspberry Pi into an evasive fraud tool

Bleeping Computer

Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. [.

Software 117
article thumbnail

Chinese APTs Target ASEAN Entities, Stealing Sensitive Diplomatic and Economic Data

Penetration Testing

A detailed report by cybersecurity firm Unit 42 has uncovered a targeted campaign by two Chinese advanced persistent threat (APT) groups aimed at compromising entities associated with the Association of Southeast Asian Nations (ASEAN).... The post Chinese APTs Target ASEAN Entities, Stealing Sensitive Diplomatic and Economic Data appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Windows 11 KB5035942 update enables Moment 5 features for everyone

Bleeping Computer

Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. [.

117
117
article thumbnail

From Past to Present: User Authentication’s Evolution and Challenges

Security Boulevard

From the humble beginnings of legacy authentication mechanisms to today's sophisticated technologies, the journey of user authentication has been a captivating evolution marked by relentless innovation. The post From Past to Present: User Authentication’s Evolution and Challenges appeared first on Security Boulevard.

article thumbnail

Google Chrome Update Patches High-Risk Vulnerabilities

Penetration Testing

Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87), addressing seven security vulnerabilities, including four rated as “High” and one “Critical” flaw. Critical Vulnerability and Large Payout CVE-2024-2883: Use after... The post Google Chrome Update Patches High-Risk Vulnerabilities appeared first on Penetration Testing.

article thumbnail

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

Bleeping Computer

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.