Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

Technology 253

Technology 253

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

Cybercrime 231

Cybercrime Banking Computers and Electronics DDOS 231

Lohrman on Security

JANUARY 8, 2024

With the modern Internet, it’s easier than ever before to learn from, imitate and even plagiarize other people’s work. So how will new generative AI tools change our media landscape in 2024 and beyond?

Media 198

Media Internet Internet 198

Graham Cluley

JANUARY 8, 2024

A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world.

Malware 131

Malware 131

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JANUARY 8, 2024

As the SEC gets tough on businesses' cybersecurity posture, IT security leaders will need to beef up incident response plans. The post SEC Cyber Incident Reporting Rules Pressure IT Security Leaders appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity Data breaches CISO Risk 128

Security Affairs

JANUARY 8, 2024

A new variant of the Bandook remote access trojan (RAT) was spotted in attacks aimed at Windows machines. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors.

Malware 133

Malware Phishing Passwords Hacking 133

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical tactical capabilities, including cybersecurity and remote cryptographic management systems for clients including the DoD, FBI, DEA, NATO, AT&T, the

Hacking 140

Hacking Ransomware Data breaches Manufacturing 140

Trend Micro

JANUARY 8, 2024

Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.

Malware 120

Malware Phishing 120

Security Affairs

JANUARY 8, 2024

19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19 individuals worldwide for their role in the operations of the now-defunct xDedic Marketplace. In January 2019, law enforcement agencies in the US and Europe announced the seizure of the popular xDedic marketplace , an underground market offering for sale access to compromised systems and personally identifiable information.

Cybercrime 132

Cybercrime Identity Theft Government Hacking 132

Malwarebytes

JANUARY 8, 2024

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers. AirTags are marketed as trackers that allow you to easily find lost belongings like keys and luggage. If you lose an object, you can find the AirTag in the Find My app on another Apple device.

Manufacturing 114

Manufacturing Technology Marketing 114

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Digital Guardian

JANUARY 8, 2024

Having a strong data governance policy can help your organization ensure data accuracy, consistency, and security across your organization but what are the first steps to writing one?

Government 110

Government 110

eSecurity Planet

JANUARY 8, 2024

The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager (EPM) and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Unfortunately, most news derived from the active attacks on multiple older vulnerabilities, which threaten to expose organizations slow to patch. Speed remains critical to security, but more importantly, patching teams need to make progress with patch and vulnerability management.

Encryption 109

Encryption Security Defenses Cybersecurity Internet 109

Graham Cluley

JANUARY 8, 2024

On Sunday evening electronic departure boards at Beirut's airport were hijacked by hackers who used them to display anti-Iranian and anti-Hezbollah messages.

112

112

Penetration Testing

JANUARY 8, 2024

A new threat has emerged, casting a shadow over the reliability of the Linux kernel. A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Veracode Security

JANUARY 8, 2024

JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks.

Risk 105

Risk 105

Penetration Testing

JANUARY 8, 2024

D3m0n1z3dShell Demonized Shell is an Advanced Tool for persistence in Linux. Demonized Features Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user... The post D3m0n1z3dShell: Advanced Tool for persistence in Linux appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Bleeping Computer

JANUARY 8, 2024

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [.

Accountability 104

Accountability Cryptocurrency Scams Hacking 104

Graham Cluley

JANUARY 8, 2024

British police say that they are investigating reports that a girl under the age of 16 was sexually assaulted… in an online virtual reality game.

106

106

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JANUARY 8, 2024

The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app. [.

Mobile 101

Mobile Authentication Software 101

GlobalSign

JANUARY 8, 2024

In this blog we will explore Post-Quantum-Safe certificates, what they will look like and compare the difference with the certificates we use today.

105

105

The Hacker News

JANUARY 8, 2024

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications.

Media 100

Media Software Cybersecurity 100

Bleeping Computer

JANUARY 8, 2024

​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. [.

Ransomware 96

Ransomware Encryption 96

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Thales Cloud Protection & Licensing

JANUARY 8, 2024

Thales + Imperva: Delivering the Next Generation of Data Security madhav Tue, 01/09/2024 - 05:13 We are pleased to share that Thales has completed its acquisition of Imperva. Imperva is now merging with our Thales Cloud Protection & Licensing Business Line. As we bring our teams together, we are committed to our strategic partners. With the addition of Imperva, Thales’ expanded cybersecurity portfolio now offers a highly complementary combination of solutions to help you protect what matters mos

Digital transformation 83

Digital transformation DDOS Firewall Marketing 83

Bleeping Computer

JANUARY 8, 2024

The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. [.

Ransomware 88

Ransomware Risk Healthcare 88

SecureBlitz

JANUARY 8, 2024

Want to learn more about e-Commerce fraud? Here, I will talk about navigating the challenges in online retail. In the bustling world of e-commerce, where convenience and accessibility are king, there lurks a shadow that threatens to undermine the integrity of online marketplaces: e-commerce fraud. This form of digital deceit poses a unique set of […] The post E-Commerce Fraud: Navigating the Challenges in Online Retail appeared first on SecureBlitz Cybersecurity.

Retail 86

Retail Cybersecurity 86

Bleeping Computer

JANUARY 8, 2024

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. [.

Media 86

Media Internet Internet 86

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

JANUARY 8, 2024

U.S. mortgage lender loanDepot has fallen victim to a cyberattack, prompting the company to take swift action by temporarily shutting down its IT systems and online payment portals. With approximately 6,000 employees and a loan servicing portfolio exceeding $140 billion, loanDepot is a major nonbank retail mortgage lender in the United States. LoanDepot has confirmed that the cyber incident involved unauthorized third-party access to certain systems, resulting in the encryption of data.

Architecture 87

Architecture Data breaches Retail Cybersecurity 87

Bleeping Computer

JANUARY 8, 2024

The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more. [.

Software 83

Software 83

Penetration Testing

JANUARY 8, 2024

AD-AssessmentKit These tools are ideal for network administrators and cybersecurity professionals seeking to assess and enhance the security posture of AD environments and network infrastructures. AD-SecurityAudit.sh It focuses on initial reconnaissance and vulnerability identification... The post AD-AssessmentKit: comprehensive security audits and network mapping of AD environments appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing Cybersecurity 95

Bleeping Computer

JANUARY 8, 2024

In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents. [.

Hacking 81

Hacking Software 81

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government