Tue.May 28, 2024

article thumbnail

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Schneier on Security

Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards.

article thumbnail

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

VPN 259
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top 5 Cloud Trends U.K. Businesses Should Watch in 2024

Tech Republic Security

TechRepublic identified the top five emerging cloud technology trends that businesses in the U.K. should be aware of this year.

article thumbnail

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

WIRED Threat Level

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

Passwords 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Will Australia Ever Dig Itself Out of the Cybersecurity Skills Shortage?

Tech Republic Security

Australia is grappling with this cyber security challenge that is resulting in frequent breaches across large companies. Here are possible solutions, including how cyber security pros can help.

article thumbnail

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The Hacker News

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks.

DDOS 141

More Trending

article thumbnail

ABN Amro discloses data breach following an attack on a third-party provider

Security Affairs

Dutch bank ABN Amro discloses data breach following a ransomware attack hit the third-party services provider AddComm. Dutch bank ABN Amro disclosed a data breach after third-party services provider AddComm suffered a ransomware attack. AddComm distributes documents and tokens physically and digitally to clients and employees. The ransomware attack occurred last week and unauthorized parties may have obtained access to data of a limited number of ABN AMRO clients.

article thumbnail

Celoxis: Project Management Software Is Changing Due to Complexity and New Ways of Working

Tech Republic Security

More remote work and a focus on resource planning are two trends driving changes in project management software in APAC and around the globe. Celoxis’ Ratnakar Gore explains how PM vendors are responding to fast-paced change.

Software 157
article thumbnail

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs

Threat actors are exploiting a WordPress plugin to insert malicious PHP code in e-commerce sites and steal credit card data. Sucuri researchers observed threat actors using a PHP snippet WordPress plugin to install malicious code in WooCommerce e-stores and harvest credit card details. In the campaign spotted by the experts, attackers use a very obscure WordPress plugin called Dessky Snippets , which has only a few hundred active installations at the time of writing.

eCommerce 141
article thumbnail

4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets

The Hacker News

You’re probably familiar with the term “critical assets”. These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Experts released PoC exploit code for RCE in Fortinet SIEM

Security Affairs

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC) exploit for a remote code execution issue, tracked as CVE-2024-23108 , in Fortinet’s SIEM solution. The PoC exploit allows executing commands as root on Internet-facing FortiSIEM appliances.

Internet 141
article thumbnail

Cops Are Just Trolling Cybercriminals Now

WIRED Threat Level

Police are using subtle psychological operations against ransomware gangs to sow distrust in their ranks—and trick them into emerging from the shadows.

article thumbnail

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

The Hacker News

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested on December 20, 2023, upon entering the country.

article thumbnail

Over 90 malicious Android apps with 5.5M installs found on Google Play

Bleeping Computer

Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [.

Adware 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HP Report Surfaces Shifts in Cyber Attack Tactics

Security Boulevard

Cyber attack tactics are evolving, according to a new report, from advanced campaigns to exploiting weaknesses, and cybersecurity teams should be optimally employed. The post HP Report Surfaces Shifts in Cyber Attack Tactics appeared first on Security Boulevard.

article thumbnail

RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

The Last Watchdog

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure. For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

article thumbnail

‘Microsoft’ Scammers Steal the Most, says FTC

Security Boulevard

Pork Talk: “Pig butchering” scams are on the rise via social media. The post ‘Microsoft’ Scammers Steal the Most, says FTC appeared first on Security Boulevard.

Scams 127
article thumbnail

Beyond the buzz: Understanding AI and its role in cybersecurity

We Live Security

A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders and how it could transform the ways in which organizations protect, detect and respond to attacks.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

OpenAI Launches Security Committee Amid Ongoing Criticism

Security Boulevard

OpenAI has a new Safety and Security Committee in place fewer than two weeks after disbanding its “superalignment” team, a year-old unit that was tasked with focusing on the long-term effects of AI. In a blog post Tuesday, the Microsoft-backed company said the new committee will comprise CEO Sam Altman and board of director members. The post OpenAI Launches Security Committee Amid Ongoing Criticism appeared first on Security Boulevard.

article thumbnail

Trusted relationship attacks: trust, but verify

SecureList

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party companies (service providers or contractors) with access to their infrastructure, businesses increase the risk of trusted relationship attacks – T1199 in the MITRE ATT&CK classification.

VPN 121
article thumbnail

Ad blocker users say YouTube videos are now skipping to the end

Bleeping Computer

Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. [.

120
120
article thumbnail

Using Scary but Fun Stories to Aid Cybersecurity Training

Security Boulevard

Need to get your audience’s attention so they listen to your cybersecurity lessons? Share these true stories to engage their attention and, perhaps, make them laugh. The post Using Scary but Fun Stories to Aid Cybersecurity Training appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

News Alert: INE Security enables CISOs to secure board support for cybersecurity training

The Last Watchdog

Cary, NC, May 28, 2024, CyberNewsWire — If there is a single theme circulating among Chief Information Security Officers (CISOs) right now, it is the question of how to get stakeholders on board with more robust cybersecurity training protocols. There are key points debated about why you should provide cybersecurity training to your IT professionals, like the alarming increase in cyberattacks (an increase of 72% over the all-time high in 2021, according to the Identity Theft Research Cente

CISO 113
article thumbnail

The Link Between Cybersecurity and Reputation Management for Executives

Security Boulevard

The link between cybersecurity and personal reputation management for executives is significant. As leaders in their respective fields, executives are often the face of their company’s brand, and are responsible for maintaining the trust of customers, investors, and the public. However, with the rise of cyber threats, this trust can be quickly undermined if proper […] The post The Link Between Cybersecurity and Reputation Management for Executives appeared first on BlackCloak | Protect Your

article thumbnail

Hiring Kit: Cryptography Engineer

Tech Republic Security

Cryptography engineers often collaborate with cybersecurity teams to integrate robust cryptographic solutions into software, hardware and network infrastructure, addressing potential vulnerabilities and mitigating risks associated with data breaches or cyberattacks. This hiring kit, written by Franklin Okeke for TechRepublic Premium, provides a practical framework you can use to hire the ideal cryptography engineer for your.

article thumbnail

First American December data breach impacts 44,000 people

Bleeping Computer

First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Customer Identity and Access Management (CIAM) 101

Security Boulevard

An amazing post The post Customer Identity and Access Management (CIAM) 101 appeared first on Security Boulevard.

95
article thumbnail

Check Point Warns of Hackers Targeting Its Remote Access VPN

SecureWorld News

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company has warned in a new advisory. In the advisory , Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches.

VPN 94
article thumbnail

The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch

Security Boulevard

As threats increase in sophistication—in many cases powered by GenAI itself—GenAI will play a growing role in combatting them. The post The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch appeared first on Security Boulevard.

article thumbnail

Operation Diplomatic Specter: Chinese State-Sponsored Cyber Espionage Campaign Targeting Governments Across Three Continents

Penetration Testing

Palo Alto Networks’ Unit 42 threat research team has unveiled a sophisticated and persistent cyber espionage campaign, codenamed Operation Diplomatic Specter, attributed to a Chinese state-sponsored threat actor. The campaign has been targeting governmental... The post Operation Diplomatic Specter: Chinese State-Sponsored Cyber Espionage Campaign Targeting Governments Across Three Continents appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.