Wed.Jan 10, 2024

article thumbnail

Here’s Some Bitcoin: Oh, and You’ve Been Served!

Krebs on Security

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

article thumbnail

Facial Scanning by Burger King in Brazil

Schneier on Security

In 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks in,” a vaguely robotic voice says as images of cheeseburgers glitch in and out over fake computer code. “BK presents Hangover Whopper, a technology that

Marketing 305
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cibersegurança Para Leigos: Best-Selling “Cybersecurity For Dummies” Book Now Available In Portuguese

Joseph Steinberg

Cybersecurity For Dummies , the best-selling cybersecurity book written for general audiences by Joseph Steinberg , is now available in Portuguese. Like its English, French, Dutch, and German counterparts, the Portuguese edition, entitled Cibersegurança Para Leigos , and published in Brazil, helps people stay cyber-secure regardless of their technical skillsets.

article thumbnail

Mullvad VPN Review (2023): Features, Pricing, Security & Speed

Tech Republic Security

While its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.

VPN 173
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Atomic Stealer rings in the new year with updated version

Malwarebytes

Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules.

Passwords 143
article thumbnail

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

Security Affairs

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices. Cisco Unity Connection is a messaging platform and voicemail system that is part of the Cisco Unified Communications suite of products.

More Trending

article thumbnail

Decryptor for Tortilla variant of Babuk ransomware released

Security Affairs

Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator. Cisco Talos researchers obtained a decryptor for the Babuk Tortilla ransomware variant. The experts were able to extract and share the private decryption key used by the ransomware operators. Talos experts shared the key with Avast that added it to the Avast Babuk decryptor released in 2021.

article thumbnail

China Cracks Apple Private Protocol — AirDrop Pwned

Security Boulevard

AirDrop hashing is weaksauce: Chinese citizens using peer-to-peer wireless comms “must be identified.” The post China Cracks Apple Private Protocol — AirDrop Pwned appeared first on Security Boulevard.

Wireless 135
article thumbnail

HMG Healthcare disclosed a data breach

Security Affairs

The Healthcare services provider HMG Healthcare has disclosed a data breach that impacted 40 affiliated nursing facilities. In November 2023, the Healthcare services provider HMG Healthcare discovered a data breach that exposed personal health information related to residents and employees at HMG affiliated nursing facilities. The company immediately launched an investigation into the incident and discovered that threat actors in August gained access to a company server and stolen unencrypted fi

article thumbnail

Lawmakers Are Out for Blood After a Hack of the SEC’s X Account Causes Bitcoin Chaos

WIRED Threat Level

The US Securities and Exchange Commission is under pressure to explain itself after its X account was compromised, leading to wild swings in the bitcoin market.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Security Affairs

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. “Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges,” read the fake massage which was promtly removed. “The approved Bitcoin ETFs will be

article thumbnail

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we don’t have enough new profound reflections…. We do have a few fun new things! So, what did we do differently in 2023?

article thumbnail

ShinyHunters member sentenced to three years in prison

Security Affairs

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution. The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.

article thumbnail

SEC X account hacked to hawk crypto-scams

Malwarebytes

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The latest victim in this line-up is the Securities and Exchange Commission (SEC). The @SECGov X account was compromised, and an unauthorized post was posted.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Attack of the copycats: How fake messaging apps and app mods could bite you

We Live Security

WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution.Here's how to avoid getting taken for a ride.

Malware 124
article thumbnail

ThreatDown earns highest ratings across EDR and MDR categories in G2 Winter 2024 results 

Malwarebytes

The peer-to-peer review source G2 has released its Winter 2024 reports, ranking ThreatDown products on top across several Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) categories. Based on verified customer reviews, ThreatDown EDR was voted a Leader in the overall and mid-market grid reports for EDR, winning awards for Most Implementable, Fastest Implementation, Easiest Admin, Best Usability, and more.

article thumbnail

Cybersecurity Automation with AI

Security Boulevard

In today’s digital age, where data is the lifeblood of organizations, cybersecurity has become paramount. As cyber threats evolve at an unprecedented pace, traditional security methods are struggling to keep up. This is where artificial intelligence (AI) and automation come into play, offering a transformative approach to cybersecurity. The Challenge of CyberThreats The cybersecurity landscape … Cybersecurity Automation with AI Read More » La entrada Cybersecurity Automation with AI se publicó p

article thumbnail

Cisco says critical Unity Connection bug lets attackers get root

Bleeping Computer

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [.

120
120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

In the News | How To Measure Cybersecurity ROI for Schools

Security Boulevard

This article was originally published in Hackernoon on 12.13.23 by Charlie Sander, CEO at ManagedMethods. With the surge in cyber events making headlines, district leaders have to allocate more resources to cybersecurity programs, leading them to seek cybersecurity ROI proof from Technology Directors Additionally, education has undergone a historic digital transformation, which, unfortunately, comes with […] The post In the News | How To Measure Cybersecurity ROI for Schools appeared first

article thumbnail

CVE-2023-41056: Redis Remote Code Execution Vulnerability

Penetration Testing

Redis often hailed as a versatile data structures server, has recently found itself at the center of a critical security vulnerability. Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

article thumbnail

ESO Solutions Healthcare Data Breach Impacts 2.7 Million

Security Boulevard

Data breaches are a major concern in the ever-evolving landscape of digital healthcare. One recent incident that has come to light involves ESO Solutions, a software provider for healthcare organizations and fire departments. The company revealed that a ransomware attack had resulted in a data breach that exposed the personal information of 2.7 million patients. […] The post ESO Solutions Healthcare Data Breach Impacts 2.7 Million appeared first on TuxCare.

article thumbnail

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

The Hacker News

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

BypassFuzzer: Fuzz 401/403/404 pages for bypasses

Penetration Testing

Bypass Fuzzer Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACLs or URL validation. It will output the response codes and length... The post BypassFuzzer: Fuzz 401/403/404 pages for bypasses appeared first on Penetration Testing.

article thumbnail

How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money

Security Boulevard

Health organizations need to adopt an approach that covers both cloud security posture management (CSPM) and application security posture management (ASPM). The post How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money appeared first on Security Boulevard.

article thumbnail

CVE-2023-49647: A High-Risk Zoom Vulnerability

Penetration Testing

In the digital age, where virtual meetings and webinars have become ubiquitous, Zoom Video Communications’ software, Zoom Meetings, stands out as a linchpin of virtual communication. However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

article thumbnail

Fidelity National Financial: Hackers stole data of 1.3 million people

Bleeping Computer

Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Mandiant's X Account Was Hacked Using Brute-Force Attack

The Hacker News

The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group.

article thumbnail

Patch now! First patch Tuesday of 2024 is here

Malwarebytes

Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws.

article thumbnail

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

The Hacker News

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.

Software 110
article thumbnail

Ivanti warns of Connect Secure zero-days exploited in attacks

Bleeping Computer

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [.

109
109
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.