Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

Technology 273

Technology 273

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

Cybercrime 247

Cybercrime Banking Computers and Electronics DDOS 247

Lohrman on Security

JANUARY 8, 2024

With the modern Internet, it’s easier than ever before to learn from, imitate and even plagiarize other people’s work. So how will new generative AI tools change our media landscape in 2024 and beyond?

Media 201

Media Internet Internet 201

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical tactical capabilities, including cybersecurity and remote cryptographic management systems for clients including the DoD, FBI, DEA, NATO, AT&T, the

Hacking 144

Hacking Ransomware Data breaches Manufacturing 144

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

JANUARY 8, 2024

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers. AirTags are marketed as trackers that allow you to easily find lost belongings like keys and luggage. If you lose an object, you can find the AirTag in the Find My app on another Apple device.

Manufacturing 141

Manufacturing Technology Marketing 141

Security Affairs

JANUARY 8, 2024

A new variant of the Bandook remote access trojan (RAT) was spotted in attacks aimed at Windows machines. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors.

Malware 139

Malware Phishing Passwords Hacking 139

Security Affairs

JANUARY 8, 2024

19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19 individuals worldwide for their role in the operations of the now-defunct xDedic Marketplace. In January 2019, law enforcement agencies in the US and Europe announced the seizure of the popular xDedic marketplace , an underground market offering for sale access to compromised systems and personally identifiable information.

Cybercrime 139

Cybercrime Identity Theft Government Hacking 139

Graham Cluley

JANUARY 8, 2024

A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world.

Malware 128

Malware 128

Security Boulevard

JANUARY 8, 2024

As the SEC gets tough on businesses' cybersecurity posture, IT security leaders will need to beef up incident response plans. The post SEC Cyber Incident Reporting Rules Pressure IT Security Leaders appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity Data breaches CISO Risk 128

Pen Test Partners

JANUARY 8, 2024

Loose lips sink ships, loose tweets sink fleets. Intelligence, espionage, technological advancements and other learnings from our annual company conference at the historic and underappreciated Latimer House. “ Loose lips [might] sink ships ” was a phrase used in UK propaganda posters in WWII. It stressed the need to protect sensitive information and cultivated a culture of silence over military matters.

Computers and Electronics 122

Computers and Electronics Risk Technology Manufacturing 122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JANUARY 8, 2024

A new threat has emerged, casting a shadow over the reliability of the Linux kernel. A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

The Hacker News

JANUARY 8, 2024

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications.

Media 110

Media Software Cybersecurity 110

Penetration Testing

JANUARY 8, 2024

D3m0n1z3dShell Demonized Shell is an Advanced Tool for persistence in Linux. Demonized Features Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user... The post D3m0n1z3dShell: Advanced Tool for persistence in Linux appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Digital Guardian

JANUARY 8, 2024

Having a strong data governance policy can help your organization ensure data accuracy, consistency, and security across your organization but what are the first steps to writing one?

Government 110

Government 110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

eSecurity Planet

JANUARY 8, 2024

The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager (EPM) and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Unfortunately, most news derived from the active attacks on multiple older vulnerabilities, which threaten to expose organizations slow to patch. Speed remains critical to security, but more importantly, patching teams need to make progress with patch and vulnerability management.

Encryption 109

Encryption Security Defenses Cybersecurity Internet 109

Graham Cluley

JANUARY 8, 2024

On Sunday evening electronic departure boards at Beirut's airport were hijacked by hackers who used them to display anti-Iranian and anti-Hezbollah messages.

107

107

Veracode Security

JANUARY 8, 2024

JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks.

Risk 105

Risk 105

GlobalSign

JANUARY 8, 2024

In this blog we will explore Post-Quantum-Safe certificates, what they will look like and compare the difference with the certificates we use today.

105

105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JANUARY 8, 2024

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues.

Risk 104

Risk Cybersecurity 104

Bleeping Computer

JANUARY 8, 2024

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [.

Accountability 104

Accountability Cryptocurrency Scams Hacking 104

The Hacker News

JANUARY 8, 2024

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks.

Firewall 101

Firewall Internet Internet Software 101

Graham Cluley

JANUARY 8, 2024

British police say that they are investigating reports that a girl under the age of 16 was sexually assaulted… in an online virtual reality game.

101

101

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JANUARY 8, 2024

The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app. [.

Mobile 101

Mobile Authentication Software 101

Penetration Testing

JANUARY 8, 2024

AD-AssessmentKit These tools are ideal for network administrators and cybersecurity professionals seeking to assess and enhance the security posture of AD environments and network infrastructures. AD-SecurityAudit.sh It focuses on initial reconnaissance and vulnerability identification... The post AD-AssessmentKit: comprehensive security audits and network mapping of AD environments appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Cybersecurity 96

Bleeping Computer

JANUARY 8, 2024

​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. [.

Ransomware 96

Ransomware Encryption 96

SecureWorld News

JANUARY 8, 2024

U.S. mortgage lender loanDepot has fallen victim to a cyberattack, prompting the company to take swift action by temporarily shutting down its IT systems and online payment portals. With approximately 6,000 employees and a loan servicing portfolio exceeding $140 billion, loanDepot is a major nonbank retail mortgage lender in the United States. LoanDepot has confirmed that the cyber incident involved unauthorized third-party access to certain systems, resulting in the encryption of data.

Architecture 89

Architecture Data breaches Retail Cybersecurity 89

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

JANUARY 8, 2024

In an era where digital threats lurk behind every click, a new predatory tactic has emerged, blurring the lines between harmless content and cyber threats. FortiGuard Labs recently unveiled a cunning stratagem employed by... The post Cyber Alert: FortiGuard Labs Spot Lumma Stealer on YouTube appeared first on Penetration Testing.

Penetration Testing 89

Penetration Testing Cyber threats Malware 89

Bleeping Computer

JANUARY 8, 2024

The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. [.

Ransomware 88

Ransomware Risk Healthcare 88

Penetration Testing

JANUARY 8, 2024

In the rapidly evolving digital landscape, software development has become a battleground, with npm (Node Package Manager) sitting at the heart of numerous security challenges. As the default package manager for the JavaScript runtime... The post SentinelOne Unveils: The Hidden Dangers of npm in Business Security appeared first on Penetration Testing.

Penetration Testing 89

Penetration Testing Software Malware 89

SecureBlitz

JANUARY 8, 2024

Want to learn more about e-Commerce fraud? Here, I will talk about navigating the challenges in online retail. In the bustling world of e-commerce, where convenience and accessibility are king, there lurks a shadow that threatens to undermine the integrity of online marketplaces: e-commerce fraud. This form of digital deceit poses a unique set of […] The post E-Commerce Fraud: Navigating the Challenges in Online Retail appeared first on SecureBlitz Cybersecurity.

Retail 88

Retail Cybersecurity 88

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity