Schneier on Security

JANUARY 3, 2024

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s no difference whether the identification technology is facial recognition, the MAC address of our phones, gait recognition, license plate reco

Retail 282

Retail Technology Surveillance 282

Tech Republic Security

JANUARY 3, 2024

Commentary: Australia’s Cyber Security Strategy 2023-2030 is a bold and far-reaching vision that will see Australia become a world leader. However, a lack of bipartisan agreement may undermine it.

Cybersecurity 180

Cybersecurity 180

Security Boulevard

JANUARY 3, 2024

How stupid does he think we are? You’ll want to turn off this new app setting. The post Facebook’s New Privacy Nightmare: ‘Link History’ appeared first on Security Boulevard.

Social Engineering 138

Social Engineering Advertising Data privacy Engineering 138

Security Affairs

JANUARY 3, 2024

Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency. Orbit Chain has suffered a security breach that has resulted in the theft of more than $81 million worth of cryptocurrency. Orbit Chain is a multi-asset blockchain platform that connects various blockchains through Inter-Blockchain Communication (IBC).

Cryptocurrency 141

Cryptocurrency Internet Internet Cybercrime 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JANUARY 3, 2024

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [.

Accountability 141

Accountability Internet Internet 141

Security Affairs

JANUARY 3, 2024

Sometimes, you can’t even trust links with your own domain. As the Cybernews research team has discovered, some BMW subdomains were vulnerable to redirect vulnerability, enabling attackers to forge links leading to malicious sites through them. Cybernews researchers have discovered two BMW subdomains that were vulnerable to SAP redirect vulnerability.

Phishing 137

Phishing Manufacturing Firewall Cybercrime 137

Security Affairs

JANUARY 3, 2024

Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Around November 11th, 2023, the group’s leader, operating under the alias “ googleXcoder “, made multiple announcements on the Dark Web.

Artificial Intelligence 136

Artificial Intelligence Banking Scams Cybercrime 136

IT Security Guru

JANUARY 3, 2024

Swarming or DDoS attacks pose a threat to streamers. Multiple devices flooding your internet connection with traffic can cause slowdowns or crashes. A reliable VPN provider always maintains a DDoS-protected server. Your data goes through a secure server, making it harder for attackers to target your actual IP address. In this article, we will continue to explore how a VPN can fortify your Twitch stream.

DDOS 120

DDOS VPN Internet Internet 120

Security Affairs

JANUARY 3, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC.

Surveillance 134

Surveillance Cybersecurity Hacking Risk 134

Bleeping Computer

JANUARY 3, 2024

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [.

Internet 135

Internet Internet 135

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JANUARY 3, 2024

Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to package and deploy modern, microservices-based applications. The post The state of container security: 5 key steps to locking down your releases appeared first on Security Boulevard.

Technology 116

Technology Risk 116

Bleeping Computer

JANUARY 3, 2024

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. [.

Cybersecurity 118

Cybersecurity 118

Security Boulevard

JANUARY 3, 2024

The post 2024 Trends Affecting Software Product Security appeared first on CodeSecure. The post 2024 Trends Affecting Software Product Security appeared first on Security Boulevard.

Software 115

Software 115

Bleeping Computer

JANUARY 3, 2024

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. [.

Passwords 121

Passwords Account Security Accountability 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

JANUARY 3, 2024

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first.

Social Engineering 116

Social Engineering Ransomware Backups Malware 116

The Hacker News

JANUARY 3, 2024

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged.

Risk 115

Risk Technology 115

We Live Security

JANUARY 3, 2024

If you like typing with your voice, it should also go without saying that you need to take some precautions and avoid spilling your secrets.

Risk 127

Risk 127

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

Cryptocurrency 110

Cryptocurrency Scams Accountability Hacking 110

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JANUARY 3, 2024

Software supply chain attacks are seeing an unprecedented surge. According to the Sonatype State of the Software Supply Chain Report, twice as many incidents were recorded in 2023 as compared to the cumulative total from 2019-2022. The numbers are stark indicators of the fact that the software supply chain, rich with native code, open-source packages, […] The post How Secure Code Signing Aligns With The Principles of DevSecOps appeared first on Security Boulevard.

Software 106

Software Risk Government 106

The Hacker News

JANUARY 3, 2024

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.

Passwords 108

Passwords Malware 108

Security Boulevard

JANUARY 3, 2024

It’s unfortunately become an all-to-common scenario: you’re waiting for a package to be delivered—but then you receive an SMS text message that seems to be from the carrier, demanding payment before delivery can be completed. If you follow the link in the message, a look-alike website will be reached where you can enter your credit […] The post The Complete Guide to Smishing (SMS Phishing) appeared first on CybeReady.

Phishing 104

Phishing 104

The Hacker News

JANUARY 3, 2024

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.

Phishing 107

Phishing 107

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Heimadal Security

JANUARY 3, 2024

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed responsibility for the cyberattack. What`s the Impact of the Fallon Ambulance Data Breach Security experts […] The post Massive Fallon Ambulance Data Breach Impacts Nearly One Million People appea

Data breaches 99

Data breaches Healthcare Ransomware Cybersecurity 99

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

Cryptocurrency 99

Cryptocurrency Scams Accountability Hacking 99

Penetration Testing

JANUARY 3, 2024

Flutter Spy Flutter Spy is a Bash-based command-line tool designed to provide insightful code analysis and data extraction capabilities from built Flutter apps with reverse engineering. It empowers developers, bug hunters, and security enthusiasts... The post flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps appeared first on Penetration Testing.

Engineering 105

Engineering Penetration Testing 105

Malwarebytes

JANUARY 3, 2024

Europols’s spotlight report ‘ Online fraud schemes: a web of deceit’ , looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the report’s primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that prey on concern about international conflicts and natural disasters are becoming more prevalent.

Scams 96

Scams Cryptocurrency Social Engineering Internet 96

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

JANUARY 3, 2024

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached.

Scams 100

Scams Accountability Hacking Cryptocurrency 100

Penetration Testing

JANUARY 3, 2024

In the ever-evolving world of cybersecurity, the HAFNIUM threat actor has emerged with a novel and clandestine approach to manipulating scheduled tasks, a technique aimed at establishing persistence in compromised systems. This method centered... The post The Stealthy Tech of Scheduled Task Tampering: A Deep Dive into the HAFNIUM Threat Actor’s Latest Tactic appeared first on Penetration Testing.

Penetration Testing 101

Penetration Testing Cybersecurity Malware 101

Bleeping Computer

JANUARY 3, 2024

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. [.

Media 83

Media Technology 83

Penetration Testing

JANUARY 3, 2024

The popular “OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.” plugin, a staple in over 300,000 WordPress sites, has been hit by a formidable security flaw, identified as CVE-2023-6600. With a CVSS score of... The post CVE-2023-6600: Over 300,000 Sites at Risk from OMGF Plugin XSS Flaw appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Risk 98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government