Mon.Dec 11, 2023

article thumbnail

Facebook Enables Messenger End-to-End Encryption by Default

Schneier on Security

It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.

article thumbnail

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Washington, DC — December 11, 2023 — The International Association of Chiefs of Police (IACP) has appointed long-time information-security-industry veteran and cybersecurity expert witness, Joseph Steinberg, to the organization’s Computer Crime & Digital Evidence Committee.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

Security Affairs

The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.

Software 143
article thumbnail

Silent but deadly: The rise of zero-click attacks

We Live Security

A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.

Media 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Get a VPN for Yourself and Your Employees This Holiday Season

Tech Republic Security

Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices.

VPN 141
article thumbnail

Toyota Financial Services discloses a data breach

Security Affairs

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data.

More Trending

article thumbnail

“Amazon got hacked” messages are a false alarm

Malwarebytes

Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these (depending on the social media platform): “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery addresses. Remove it! I had 2 added to mine.” Hub lockers are local secure places for people to pick up their Amazon order rather than risk them being left on a doorstep, so the concern was that someone

Hacking 134
article thumbnail

Counter-Strike 2 HTML injection bug exposes players’ IP addresses

Bleeping Computer

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. [.

133
133
article thumbnail

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-41265 (CVSS score 9.6)- Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an atta

article thumbnail

Hotspot Shield VPN Review 2023: Features, Pros & Cons

Tech Republic Security

Hotspot Shield’s speed-oriented features may not be enough to overcome its lack of testing and questionable data logs. Read more in our full review below.

VPN 130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple emergency updates fix recent zero-days on older iPhones

Bleeping Computer

Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. [.

129
129
article thumbnail

The top cyber security news stories of 2023

Security Boulevard

The post The top cyber security news stories of 2023 appeared first on Click Armor. The post The top cyber security news stories of 2023 appeared first on Security Boulevard.

CISO 126
article thumbnail

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

Bleeping Computer

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [.

Malware 128
article thumbnail

Black Hat Europe 2023: Should we regulate AI?

We Live Security

AI has been around for a while now, but governments are only starting to issue legislation to regulate it. Is it too late? Have we learned nothing from late IoT regulations that left the market swamped with old insecure devices?

IoT 122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Toyota warns customers of data breach exposing personal, financial info

Bleeping Computer

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. [.

article thumbnail

Why Cybersecurity Needs To Be an SMB Priority

Security Boulevard

SMBs are low-hanging fruit for cybercriminals because they have limited IT resources, staff and cybersecurity defenses. The post Why Cybersecurity Needs To Be an SMB Priority appeared first on Security Boulevard.

article thumbnail

Security Risks of Outdated Encryption

GlobalSign

In this blog we will discuss how outdated encryption methods can be detrimental to businesses and explore proactive solutions.

article thumbnail

Fred Burton’s 2023 Holiday Reading List

Security Boulevard

Take a look at Fred’s must-reads for the holiday season. I always enjoy thinking back over the last year, remembering the new books that I’ve enjoyed and learned from, but also the books I’ve read in the past that resurfaced in life and work this year. When putting together a book and film recommendation list,… The post Fred Burton’s 2023 Holiday Reading List appeared first on Ontic.

115
115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

headerpwn: A fuzzer for analyzing how servers respond to different HTTP headers

Penetration Testing

headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/headerpwn@v0.0.3 Use headerpwn allows you to test various headers on a target URL and analyze the... The post headerpwn: A fuzzer for analyzing how servers respond to different HTTP headers appeared first on Penetration Testing.

article thumbnail

Kelvin Security hacking group leader arrested in Spain

Bleeping Computer

The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. [.

Hacking 107
article thumbnail

PlugX malware: The Enigma of Cyber Espionage Unveiled

Penetration Testing

In the shadowy world of cyber threats, PlugX stands out as a sophisticated and insidious malware, leaving a digital trail of espionage and evasion. Recently, the Splunk Threat Research Team (STRT) unraveled the mystery... The post PlugX malware: The Enigma of Cyber Espionage Unveiled appeared first on Penetration Testing.

Malware 109
article thumbnail

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

The Hacker News

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.

107
107
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CISA and ENISA signed a Working Arrangement to enhance cooperation

Security Affairs

ENISA has signed a Working Arrangement with the US CISA to enhance capacity-building, best practices exchange and awareness. The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) to enhance cooperation on capacity-building, best practices exchange, and situational awareness.

article thumbnail

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The Hacker News

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.

107
107
article thumbnail

Ukraine Is Crowdfunding Its Reconstruction

WIRED Threat Level

With its war against Russia raging on, Ukraine has begun raising funds to rebuild homes and structures one by one using its own crowdfunding platform.

103
103
article thumbnail

Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

The Hacker News

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.

Malware 102
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Congress Clashes Over the Future of America’s Section 702 Spy Program

WIRED Threat Level

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

article thumbnail

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

The Hacker News

Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution.

100
100
article thumbnail

Cold storage giant Americold discloses data breach after April malware attack

Bleeping Computer

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [.

article thumbnail

How the EU Cyber Resilience Act Impacts Manufacturers

Trend Micro

EU's Cyber Resilience Act urges vendors to embrace security-by-design, establishing standards in global tech protocols.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.