Schneier on Security
DECEMBER 21, 2023
The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.
Tech Republic Security
DECEMBER 21, 2023
Generative AI can be used by attackers, but security professionals shouldn't lose sleep over it, according to a Google Cloud threat intelligence analyst. Find out why.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
DECEMBER 21, 2023
Google has released an emergency security update for Chrome that brings the browser’s Stable channel to version 120.0.6099.129 for Mac, Linux and to 120.0.6099.129/130 for Windows. This update includes one security fix for a vulnerability that was subject to an existing exploit. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Tech Republic Security
DECEMBER 21, 2023
ASIC research shows 44% of Australian organisations are not managing third-party supply chain risk. Tesserent says it remains a key risk, and disruption could emerge from geopolitical tensions.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 21, 2023
An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.
Bleeping Computer
DECEMBER 21, 2023
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 21, 2023
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [.
Security Boulevard
DECEMBER 21, 2023
As I begin to document the ransomware landscape of 2023, I recognize that the constantly changing nature of these attacks means that any momentary snapshot becomes quickly outdated. Ransomware, although not a novel threat vector, has undeniably intensified its grip this year, permeating diverse industries and platforms. What remains unchanged is the harsh reality that … Continue reading "2023, the year of ransomware" The post 2023, the year of ransomware appeared first on Solvo.
SecureList
DECEMBER 21, 2023
In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows elevation-of-privilege (EoP) exploits that we have seen in ransomware attacks throughout the year.
Security Boulevard
DECEMBER 21, 2023
Did you know that $224 billion is spent annually on cybersecurity? Or did you know that $6 trillion is lost to cyber crimes each year? These statistics show that organizations struggled to maintain basic cybersecurity practices in 2023. But what can organizations do to improve their networks and help prevent attacks in 2024? Basic Cybersecurity […] The post Unpacking 2023 and Predicting 2024: What to Expect in Cybersecurity appeared first on CISO Global.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
NetSpi Executives
DECEMBER 21, 2023
NetSPI has updated Attack Surface Management (ASM) coverage for CVE-2023-42793 and released a Breach and Attack Simulation (BAS) Playbook that allows you to quickly test if you have detection coverage for the TTPS used in a recent campaign by Russian Foreign Intelligence Service Actors also known as APT 29. Summary On December 13, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released Advisory AA23-347A.
Hack the Box
DECEMBER 21, 2023
The new year of HTB Seasons starts in January 2024. Get ready to survive the Savage Lands and dominate the leaderboard!
Security Affairs
DECEMBER 21, 2023
Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware. Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system.
Security Boulevard
DECEMBER 21, 2023
Shira Rubinoff talks with CySight's Rafi Sabel at AWS re:Invent 2023. The post AWS re:Invent 2023: Cybersecurity Visibility appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 21, 2023
ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted. ESET has addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates signed with outdated and insecure algorithms.
Malwarebytes
DECEMBER 21, 2023
In a notice for its customers , Xfinity acknowledges it recently fell victim to a data security incident. Xfinity is Comcast’s brand for TV, internet, and home phone services, sometimes referred to as Comcast Cable Communications. During the data breach the attackers were able to access 35.8 million customers’ usernames and hashed passwords.
Security Boulevard
DECEMBER 21, 2023
If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve gotten a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your least tech-y friend is suddenly talking about crypto on Instagram. Or maybe you’ve seen post after post on your timeline of someone saying something like, “Sorry everyone, I got hacked!
We Live Security
DECEMBER 21, 2023
Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
DECEMBER 21, 2023
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs. [.
The Hacker News
DECEMBER 21, 2023
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy.
Bleeping Computer
DECEMBER 21, 2023
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [.
Penetration Testing
DECEMBER 21, 2023
In the ever-evolving world of cybersecurity threats, a new contender has emerged, showcasing the relentless adaptability and sophistication of malware targeting Android users. Dutch mobile security firm ThreatFabric detected “Chameleon,” a banking trojan first... The post Biometric Bypass: Chameleon Banking Trojan Evolves, Android 13 Vulnerable appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
DECEMBER 21, 2023
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. [.
Veracode Security
DECEMBER 21, 2023
As 2023 comes to a close, we aim to inspire excellence by highlighting our customers’ dedication to a more secure world. Thanks to you, we are honored to be (for the fourth consecutive year) recognized as a 2023 Gartner® Peer Insights™ Customers’ Choice. Let’s explore some of the stories that make this recognition possible. Veracode Named a 2023 Gartner® Peer Insights™ Customers’ Choice for the Fourth Consecutive Year Veracode is recognized by Gartner® Peer Insights™ in 2023 as a Customers’ Ch
The Hacker News
DECEMBER 21, 2023
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.
SecureList
DECEMBER 21, 2023
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you haven’t already. You can go to other parts using this table of contents: Part 1 – Windows CLFS and five exploits of ransomware operators Part 2 – Windows CLFS and five exploits of ransomware operators (Exploit #1 – CVE-2022-24521) Part 3 –
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Malwarebytes
DECEMBER 21, 2023
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first vulnerability, listed as CVE-2023-35384 , is a Windows HTML platforms security feature bypass vulnerability.
Penetration Testing
DECEMBER 21, 2023
CloakQuest3r CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives, a widely adopted web security and performance enhancement service. Its core... The post CloakQuest3r: Uncover the true IP address of websites safeguarded by Cloudflare & Others appeared first on Penetration Testing.
Heimadal Security
DECEMBER 21, 2023
The antivirus software stands as a critical defense line against cyber-attacks. To fully understand how it operates, it’s vital to understand the four distinct layers of antivirus security. Each layer contributes to the detection and neutralization of threats, ensuring a robust defense mechanism against various types of malware. Key takeaways: A Multilayered Defense is Paramount. […] The post The Four Layers of Antivirus Security: A Comprehensive Overview appeared first on Heimdal Se
The Hacker News
DECEMBER 21, 2023
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
263 
Let's personalize your content