Wed.Jan 03, 2024

article thumbnail

Facial Recognition Systems in the US

Schneier on Security

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s no difference whether the identification technology is facial recognition, the MAC address of our phones, gait recognition, license plate reco

Retail 302
article thumbnail

Uncertainty Is the Biggest Challenge to Australia’s Cyber Security Strategy

Tech Republic Security

Commentary: Australia’s Cyber Security Strategy 2023-2030 is a bold and far-reaching vision that will see Australia become a world leader. However, a lack of bipartisan agreement may undermine it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

Security Affairs

Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency. Orbit Chain has suffered a security breach that has resulted in the theft of more than $81 million worth of cryptocurrency. Orbit Chain is a multi-asset blockchain platform that connects various blockchains through Inter-Blockchain Communication (IBC).

article thumbnail

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Bleeping Computer

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

Sometimes, you can’t even trust links with your own domain. As the Cybernews research team has discovered, some BMW subdomains were vulnerable to redirect vulnerability, enabling attackers to forge links leading to malicious sites through them. Cybernews researchers have discovered two BMW subdomains that were vulnerable to SAP redirect vulnerability.

Phishing 141
article thumbnail

5 Ways to Reduce SaaS Security Risks

The Hacker News

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged.

Risk 139

More Trending

article thumbnail

Facebook’s New Privacy Nightmare: ‘Link History’

Security Boulevard

How stupid does he think we are? You’ll want to turn off this new app setting. The post Facebook’s New Privacy Nightmare: ‘Link History’ appeared first on Security Boulevard.

article thumbnail

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC.

article thumbnail

Microsoft disables ms-appinstaller after malicious use

Malwarebytes

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first.

article thumbnail

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Bleeping Computer

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [.

Internet 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Say what you will? Your favorite speech-to-text app may be a privacy risk

We Live Security

If you like typing with your voice, it should also go without saying that you need to take some precautions and avoid spilling your secrets.

Risk 135
article thumbnail

Investment fraud a serious money maker for criminals

Malwarebytes

Europols’s spotlight report ‘ Online fraud schemes: a web of deceit’ , looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the report’s primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that prey on concern about international conflicts and natural disasters are becoming more prevalent.

Scams 132
article thumbnail

VPN to protect against DDoS attacks on Twitch

IT Security Guru

Swarming or DDoS attacks pose a threat to streamers. Multiple devices flooding your internet connection with traffic can cause slowdowns or crashes. A reliable VPN provider always maintains a DDoS-protected server. Your data goes through a secure server, making it harder for attackers to target your actual IP address. In this article, we will continue to explore how a VPN can fortify your Twitch stream.

DDOS 132
article thumbnail

Data breach at healthcare tech firm impacts 4.5 million patients

Bleeping Computer

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The state of container security: 5 key steps to locking down your releases

Security Boulevard

Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to package and deploy modern, microservices-based applications. The post The state of container security: 5 key steps to locking down your releases appeared first on Security Boulevard.

article thumbnail

LastPass now requires 12-character master passwords for better security

Bleeping Computer

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. [.

Passwords 121
article thumbnail

2024 Trends Affecting Software Product Security

Security Boulevard

The post 2024 Trends Affecting Software Product Security appeared first on CodeSecure. The post 2024 Trends Affecting Software Product Security appeared first on Security Boulevard.

Software 115
article thumbnail

CISA warns of actively exploited bugs in Chrome and Excel parsing library

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. [.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

The Hacker News

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.

Passwords 111
article thumbnail

Mandiant's Twitter account hacked to push cryptocurrency scam

Bleeping Computer

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

article thumbnail

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

The Hacker News

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.

Phishing 111
article thumbnail

How Secure Code Signing Aligns With The Principles of DevSecOps

Security Boulevard

Software supply chain attacks are seeing an unprecedented surge. According to the Sonatype State of the Software Supply Chain Report, twice as many incidents were recorded in 2023 as compared to the cumulative total from 2019-2022. The numbers are stark indicators of the fact that the software supply chain, rich with native code, open-source packages, […] The post How Secure Code Signing Aligns With The Principles of DevSecOps appeared first on Security Boulevard.

Software 106
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack

The Hacker News

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached.

Scams 110
article thumbnail

flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps

Penetration Testing

Flutter Spy Flutter Spy is a Bash-based command-line tool designed to provide insightful code analysis and data extraction capabilities from built Flutter apps with reverse engineering. It empowers developers, bug hunters, and security enthusiasts... The post flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps appeared first on Penetration Testing.

article thumbnail

The Complete Guide to Smishing (SMS Phishing)

Security Boulevard

It’s unfortunately become an all-to-common scenario: you’re waiting for a package to be delivered—but then you receive an SMS text message that seems to be from the carrier, demanding payment before delivery can be completed. If you follow the link in the message, a look-alike website will be reached where you can enter your credit […] The post The Complete Guide to Smishing (SMS Phishing) appeared first on CybeReady.

Phishing 104
article thumbnail

The Stealthy Tech of Scheduled Task Tampering: A Deep Dive into the HAFNIUM Threat Actor’s Latest Tactic

Penetration Testing

In the ever-evolving world of cybersecurity, the HAFNIUM threat actor has emerged with a novel and clandestine approach to manipulating scheduled tasks, a technique aimed at establishing persistence in compromised systems. This method centered... The post The Stealthy Tech of Scheduled Task Tampering: A Deep Dive into the HAFNIUM Threat Actor’s Latest Tactic appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Massive Fallon Ambulance Data Breach Impacts Nearly One Million People

Heimadal Security

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed responsibility for the cyberattack. What`s the Impact of the Fallon Ambulance Data Breach Security experts […] The post Massive Fallon Ambulance Data Breach Impacts Nearly One Million People appea

article thumbnail

Mandiant’s account on X hacked to push cryptocurrency scam

Bleeping Computer

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

article thumbnail

CVE-2023-6600: Over 300,000 Sites at Risk from OMGF Plugin XSS Flaw

Penetration Testing

The popular “OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.” plugin, a staple in over 300,000 WordPress sites, has been hit by a formidable security flaw, identified as CVE-2023-6600. With a CVSS score of... The post CVE-2023-6600: Over 300,000 Sites at Risk from OMGF Plugin XSS Flaw appeared first on Penetration Testing.

article thumbnail

PornHub blocks North Carolina, Montana over new age verification laws

Bleeping Computer

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. [.

Media 83
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.