Tue.Apr 23, 2024

article thumbnail

Microsoft and Security Incentives

Schneier on Security

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. […] “The government needs to focus on

article thumbnail

Can a VPN Be Hacked?

Tech Republic Security

Learn about the potential vulnerabilities of VPNs and the measures you can take to enhance your VPN security.

VPN 172
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

The Hacker News

Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack?

article thumbnail

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

Malwarebytes

UnitedHealth Group has given an update on the February cyberattack on Change Healthcare , one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

The Hacker News

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.

Malware 142
article thumbnail

The street lights in Leicester City cannot be turned off due to a cyber attack

Security Affairs

A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and applications to buy council houses.

More Trending

article thumbnail

Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan

Trend Micro

In this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.

Banking 136
article thumbnail

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

The Hacker News

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms.

article thumbnail

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

Security Affairs

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting journalists, academics, human rights defenders, dissidents, and US Government personnel, as documented in the Country Reports on

Spyware 136
article thumbnail

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

The Hacker News

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R.

134
134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Your Keyboard May Be Spilling Your Secrets – Critical Flaws Expose Keystrokes of Millions

Penetration Testing

A shocking new report by Citizen Lab reveals that popular Chinese keyboard apps transmit your keystrokes in ways that leave them shockingly vulnerable to interception. Even passwords, financial details, and sensitive conversations you type... The post Your Keyboard May Be Spilling Your Secrets – Critical Flaws Expose Keystrokes of Millions appeared first on Penetration Testing.

article thumbnail

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency.

Hacking 129
article thumbnail

UnitedHealth: Ransomware Attackers Stole Huge Amount of Data

Security Boulevard

The ransomware group that attacked a subsidiary of UnitedHealth Group stole massive amounts of customers’ private health care data, the latest in a continuing string of information coming out about the data breach. In a statement this week, UnitedHealth said that, based on targeted sampling of the data taken, the number of files that contained. The post UnitedHealth: Ransomware Attackers Stole Huge Amount of Data appeared first on Security Boulevard.

article thumbnail

UnitedHealth confirms it paid ransomware gang to stop data leak

Bleeping Computer

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Miggo Unfurls Real-Time Application Detection and Response Platform

Security Boulevard

The platform analyzes application interactions to identify cyberattacks and applies mitigations to limit the attack's impact. The post Miggo Unfurls Real-Time Application Detection and Response Platform appeared first on Security Boulevard.

119
119
article thumbnail

Microsoft pulls fix for Outlook bug behind ICS security alerts

Bleeping Computer

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [.

122
122
article thumbnail

Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

The Hacker News

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc?

article thumbnail

Hackers hijack antivirus updates to drop GuptiMiner malware

Bleeping Computer

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [.

Antivirus 117
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Suspected CoralRaider Expands Attacks, Targets Diverse Victims with Triple-Threat Infostealer Campaign

Penetration Testing

A sophisticated hacking group suspected to be the infamous CoralRaider is ramping up its attacks, using multiple well-known infostealers to target a shockingly wide range of organizations worldwide. Security researchers at Cisco Talos have... The post Suspected CoralRaider Expands Attacks, Targets Diverse Victims with Triple-Threat Infostealer Campaign appeared first on Penetration Testing.

article thumbnail

Free and Downloadable Account Management Policy Template

Heimadal Security

Managing user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance, and termination. This template is adaptable and available in three formats—PDF, Word, and Google Docs—to […] The post Free and Downloadable Account Management Policy Template appeared first on Heimdal Security Blog.

article thumbnail

Sandworm Targets Ukraine’s Critical Infrastructure with New Attack Wave

Penetration Testing

The CERT-UA (Computer Emergency Response Team of Ukraine) has issued an urgent alert regarding escalated cyber activities by the notorious Russia-backed Sandworm APT group, also identified under aliases like UAC-0133, UAC-0002, APT44, or FROZENBARENTS.... The post Sandworm Targets Ukraine’s Critical Infrastructure with New Attack Wave appeared first on Penetration Testing.

article thumbnail

How To Install & Activate Discovery Channel On Firestick

SecureBlitz

This post will show you how to install & activate the Discovery Channel on Firestick. Amazon FireStick allows you to transform any TV into a Smart TV by spending a few bucks. You can enjoy many TV channels, online streaming, and more on FireStick. The stick is a USB-type key connected to the TV's HDMI […] The post How To Install & Activate Discovery Channel On Firestick appeared first on SecureBlitz Cybersecurity.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Critical Vulnerabilities in Popular Database Library Expose Millions of Applications to Attack

Penetration Testing

Security researchers have uncovered potentially devastating flaws in node-mysql2, a JavaScript database library powering countless web applications and backend systems. These vulnerabilities, designated CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511, could have far-reaching consequences for organizations across... The post Critical Vulnerabilities in Popular Database Library Expose Millions of Applications to Attack appeared first on Penetration Testing.

article thumbnail

The Only API Penetration Testing Checklist You Need

Security Boulevard

Applications are the workhorses of your business, but imagine the chaos if their communication channels, the APIs were compromised. Today, APIs (Application Programming Interfaces) are the hidden doorways through which 83% of web traffic flows. These vital connections power your […] The post The Only API Penetration Testing Checklist You Need appeared first on WeSecureApp :: Simplifying Enterprise Security.

article thumbnail

CVE-2024-31461: Critical Vulnerability Found in Widely-Used Plane Project Management Software

Penetration Testing

A serious vulnerability has been discovered in Plane, a popular project management tool used by thousands of organizations worldwide. This Server-Side Request Forgery (SSRF) flaw, assigned CVE-2024-31461 with a high CVSS score of 9.1,... The post CVE-2024-31461: Critical Vulnerability Found in Widely-Used Plane Project Management Software appeared first on Penetration Testing.

article thumbnail

US govt sanctions Iranians linked to government cyberattacks

Bleeping Computer

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Hackers Weaponize Popular Software Framework for Stealthy Data Theft

Penetration Testing

In a disturbing new development, cybersecurity experts at AhnLab Security Intelligence Center (ASEC) have revealed a growing trend of infostealer malware abusing the Electron framework. Electron, known for powering popular applications like Discord and... The post Hackers Weaponize Popular Software Framework for Stealthy Data Theft appeared first on Penetration Testing.

article thumbnail

CoralRaider attacks use CDN cache to push info-stealer malware

Bleeping Computer

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [.

Malware 89
article thumbnail

Exclusive Interview With Bob Baxley, CTO Of Bastille Networks

SecureBlitz

Here's an exclusive interview with Bob Baxley, CTO of Bastille Networks – a leader in enterprise threat detection through software-defined radio. When facilities say “no devices allowed,” that’s not necessarily true. The problem: most of these devices have radio frequency (RF) communication interfaces that make them vulnerable to RF attacks. As such, enterprises must implement […] The post Exclusive Interview With Bob Baxley, CTO Of Bastille Networks appeared first on SecureBlitz Cyb

article thumbnail

DPRK hacking groups breach South Korean defense contractors

Bleeping Computer

The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [.

Hacking 84
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.