Tue.Jan 02, 2024

article thumbnail

TikTok Editorial Analysis

Schneier on Security

TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its alignment with the interests of the Chinese Government.

article thumbnail

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

The Last Watchdog

In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Security Affairs

Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.

article thumbnail

Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old

Security Boulevard

What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability. The post Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Multiple organizations in Iran were breached by a mysterious hacker

Security Affairs

Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.

Insurance 145
article thumbnail

Google Cloud Report Spotlights 2024 Cybersecurity Challenges

Security Boulevard

Google Cloud suggests that it will become simpler for cybersecurity teams to leverage AI to better defend IT environments. The post Google Cloud Report Spotlights 2024 Cybersecurity Challenges appeared first on Security Boulevard.

More Trending

article thumbnail

The Three Keys to Success in Cybersecurity

Security Boulevard

One of the big questions that I often get is: How does someone become successful in a cybersecurity career? In this blog I want to share with you the three key lessons I’ve learned during my 18-year journey in the cybersecurity industry. These lessons have paved the way for my success, and I believe they … The Three Keys to Success in Cybersecurity Read More » The post The Three Keys to Success in Cybersecurity appeared first on Security Boulevard.

article thumbnail

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. The name of the threat comes from a League of Legends character.

Malware 141
article thumbnail

GKE Case Highlights Risks of Attackers Chaining Vulnerabilities

Security Boulevard

Palo Alto Network’s cybersecurity recently outlined two vulnerabilities it found in Google Kubernetes Engine (GKE) that, individually, don’t represent much of a threat. However, if a threat actor who already had access to a Kubernetes cluster were to combine the two, they could potentially escalate their privileges and eventually take over the cluster, which could.

Risk 119
article thumbnail

Terrapin attack allows to downgrade SSH protocol security

Security Affairs

Researchers discovered an SSH vulnerability, called Terrapin, that could allow an attacker to downgrade the connection’s security. Security researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin ( CVE-2023-48795 , CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google Groups is ending support for Usenet to combat spam

Bleeping Computer

Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. [.

117
117
article thumbnail

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

eSecurity Planet

While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year’s holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a zero-day in Chrome. SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz.

article thumbnail

CVE-2023-32434 Exploited: PoC Unlocks Full Command of iOS Devices

Penetration Testing

Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device. June 2023 marked a pivotal moment when Apple released iOS... The post CVE-2023-32434 Exploited: PoC Unlocks Full Command of iOS Devices appeared first on Penetration Testing.

article thumbnail

Using Veracode Fix to Remediate an SQL Injection Flaw

Veracode Security

Introduction In this first in a series of articles looking at how to remediate common flaws using Veracode Fix – Veracode’s AI security remediation assistant, we will look at finding and fixing one of the most common and persistent flaw types – an SQL injection attack. An SQL injection attack is a malicious exploit where an attacker injects unauthorized SQL code into input fields of a web application, aiming to manipulate the application's database.

Risk 105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Oops! Black Basta ransomware flubs encryption

Malwarebytes

Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware.

article thumbnail

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'

The Hacker News

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.

Internet 110
article thumbnail

What Is Data Protection? Principles, Strategies & Trends

Digital Guardian

What is data protection and how does it differ from data security and data privacy? We answer those questions and give pointers on how to develop a data protection strategy in today's blog.

article thumbnail

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

Bleeping Computer

The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

15 penetration testing interview questions (answered by experts)

Hack the Box

Want to stand out in a competitive job market? Use these answers to 15 common pentesting interview questions to impress interviewers (or to gauge an interviewee's knowledge)!

article thumbnail

Strategy and Tactics: The Channel Looks Ahead to 2024

CompTIA on Cybersecurity

Artificial intelligence, cybersecurity and new go-to-market activities are just three trends MSPs should follow in 2024. Read more from CompTIA’s Carolyn April.

article thumbnail

Steam drops support for Windows 7 and 8.1 to boost security

Bleeping Computer

Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. [.

101
101
article thumbnail

$70K Bounty for Revealing CVE-2023-41974 Flaw, PoC Published

Penetration Testing

Proof-of-concept (PoC) code has been released for iOS and macOS vulnerability, CVE-2023-41974, which can be chained to take full control of a mobile device. This vulnerability exposes a critical use-after-free issue in the kernel,... The post $70K Bounty for Revealing CVE-2023-41974 Flaw, PoC Published appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

What It’s Like to Use Apple’s Lockdown Mode

WIRED Threat Level

If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.

Spyware 95
article thumbnail

DNA data deserves better, with Suzanne Bernstein: Lock and Code S05E01

Malwarebytes

This week on the Lock and Code podcast… Hackers want to know everything about you: Your credit card number, your ID and passport info, and now, your DNA. On October 1 2023, on a hacking website called BreachForums, a group of cybercriminals claimed that they had stolen—and would soon sell— individual profiles for users of the genetic testing company 23andMe. 23andMe offers direct-to-consumer genetic testing kits that provide customers with different types of information, including potentia

Risk 93
article thumbnail

Securing the Final Frontier: NASA Space Security Best Practices Guide

SecureWorld News

In October 2023, NASA took a giant leap for all humankind. in the realm of cybersecurity. It released the Space Security: Best Practices Guide (BPG) , a landmark document designed to safeguard every satellite, communication, and mission from the lurking threats of the digital unknown. But what exactly does this guide offer, and why should you care? Let's blast off and explore the highlights: Universal Applicability: Whether you're building a Mars Rover or sending data from the furthest reaches o

article thumbnail

ELFEN: Automated Linux Malware Analysis Sandbox

Penetration Testing

ELFEN: Linux Malware Analysis Sandbox ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available... The post ELFEN: Automated Linux Malware Analysis Sandbox appeared first on Penetration Testing.

Malware 97
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

The Hacker News

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR).

95
article thumbnail

CVE-2023-48418: A maximum severity vulnerability in Pixel Watch

Penetration Testing

In the realm of wearable technology, security often takes a backseat to functionality and design. However, the latest move by Google to release security patches for its Pixel Watch in December 2023 serves as... The post CVE-2023-48418: A maximum severity vulnerability in Pixel Watch appeared first on Penetration Testing.

article thumbnail

Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Security Boulevard

Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) appeared first on Security Boulevard.

Hacking 80
article thumbnail

CVE-2023-48419 & 6339: Urgent Update on Google Nest’s Critical Flaws

Penetration Testing

In a digital era where smart home devices are becoming ubiquitous, Google’s latest security bulletin for December 2023 stands as a testament to the critical importance of cybersecurity in the realm of home automation.... The post CVE-2023-48419 & 6339: Urgent Update on Google Nest’s Critical Flaws appeared first on Penetration Testing.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.