Schneier on Security

APRIL 23, 2024

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. […] “The government needs to focus on

Government 293

Government Banking Marketing Cybersecurity 293

Tech Republic Security

APRIL 23, 2024

Learn about the potential vulnerabilities of VPNs and the measures you can take to enhance your VPN security.

VPN 172

VPN Hacking Technology 172

The Hacker News

APRIL 23, 2024

Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack?

Cybercrime 142

Cybercrime Cybersecurity 142

Malwarebytes

APRIL 23, 2024

UnitedHealth Group has given an update on the February cyberattack on Change Healthcare , one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.

Healthcare 142

Healthcare Identity Theft Passwords Data breaches 142

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

APRIL 23, 2024

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.

Malware 142

Malware 142

Security Affairs

APRIL 23, 2024

A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and applications to buy council houses.

Cyber Attacks 137

Cyber Attacks Hacking Ransomware Information Security 137

Trend Micro

APRIL 23, 2024

In this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.

Banking 136

Banking Malware 136

The Hacker News

APRIL 23, 2024

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms.

Encryption 138

Encryption Media Government Technology 138

Security Affairs

APRIL 23, 2024

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting journalists, academics, human rights defenders, dissidents, and US Government personnel, as documented in the Country Reports on

Spyware 136

Spyware Surveillance Government Technology 136

The Hacker News

APRIL 23, 2024

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R.

134

134

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 23, 2024

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency.

Hacking 130

Hacking Malware Accountability Technology 130

Penetration Testing

APRIL 23, 2024

A shocking new report by Citizen Lab reveals that popular Chinese keyboard apps transmit your keystrokes in ways that leave them shockingly vulnerable to interception. Even passwords, financial details, and sensitive conversations you type... The post Your Keyboard May Be Spilling Your Secrets – Critical Flaws Expose Keystrokes of Millions appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Passwords 129

Security Boulevard

APRIL 23, 2024

The ransomware group that attacked a subsidiary of UnitedHealth Group stole massive amounts of customers’ private health care data, the latest in a continuing string of information coming out about the data breach. In a statement this week, UnitedHealth said that, based on targeted sampling of the data taken, the number of files that contained. The post UnitedHealth: Ransomware Attackers Stole Huge Amount of Data appeared first on Security Boulevard.

Ransomware 128

Ransomware Data breaches Healthcare Data privacy 128

Bleeping Computer

APRIL 23, 2024

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [.

Ransomware 123

Ransomware Healthcare 123

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

APRIL 23, 2024

The platform analyzes application interactions to identify cyberattacks and applies mitigations to limit the attack's impact. The post Miggo Unfurls Real-Time Application Detection and Response Platform appeared first on Security Boulevard.

119

119

Bleeping Computer

APRIL 23, 2024

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [.

122

122

The Hacker News

APRIL 23, 2024

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc?

Cybersecurity 117

Cybersecurity 117

Bleeping Computer

APRIL 23, 2024

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [.

Antivirus 117

Antivirus Malware Cryptocurrency 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

APRIL 23, 2024

A sophisticated hacking group suspected to be the infamous CoralRaider is ramping up its attacks, using multiple well-known infostealers to target a shockingly wide range of organizations worldwide. Security researchers at Cisco Talos have... The post Suspected CoralRaider Expands Attacks, Targets Diverse Victims with Triple-Threat Infostealer Campaign appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing Hacking Malware 116

Heimadal Security

APRIL 23, 2024

Managing user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance, and termination. This template is adaptable and available in three formats—PDF, Word, and Google Docs—to […] The post Free and Downloadable Account Management Policy Template appeared first on Heimdal Security Blog.

Accountability 97

Accountability 97

Penetration Testing

APRIL 23, 2024

The CERT-UA (Computer Emergency Response Team of Ukraine) has issued an urgent alert regarding escalated cyber activities by the notorious Russia-backed Sandworm APT group, also identified under aliases like UAC-0133, UAC-0002, APT44, or FROZENBARENTS.... The post Sandworm Targets Ukraine’s Critical Infrastructure with New Attack Wave appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Malware 108

SecureBlitz

APRIL 23, 2024

This post will show you how to install & activate the Discovery Channel on Firestick. Amazon FireStick allows you to transform any TV into a Smart TV by spending a few bucks. You can enjoy many TV channels, online streaming, and more on FireStick. The stick is a USB-type key connected to the TV's HDMI […] The post How To Install & Activate Discovery Channel On Firestick appeared first on SecureBlitz Cybersecurity.

Cybersecurity 94

Cybersecurity 94

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

APRIL 23, 2024

Security researchers have uncovered potentially devastating flaws in node-mysql2, a JavaScript database library powering countless web applications and backend systems. These vulnerabilities, designated CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511, could have far-reaching consequences for organizations across... The post Critical Vulnerabilities in Popular Database Library Expose Millions of Applications to Attack appeared first on Penetration Testing.

Penetration Testing 101

Penetration Testing 101

Security Boulevard

APRIL 23, 2024

Applications are the workhorses of your business, but imagine the chaos if their communication channels, the APIs were compromised. Today, APIs (Application Programming Interfaces) are the hidden doorways through which 83% of web traffic flows. These vital connections power your […] The post The Only API Penetration Testing Checklist You Need appeared first on WeSecureApp :: Simplifying Enterprise Security.

Penetration Testing 93

Penetration Testing 93

Penetration Testing

APRIL 23, 2024

A serious vulnerability has been discovered in Plane, a popular project management tool used by thousands of organizations worldwide. This Server-Side Request Forgery (SSRF) flaw, assigned CVE-2024-31461 with a high CVSS score of 9.1,... The post CVE-2024-31461: Critical Vulnerability Found in Widely-Used Plane Project Management Software appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Software 97

Bleeping Computer

APRIL 23, 2024

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [.

Government 90

Government 90

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

APRIL 23, 2024

In a disturbing new development, cybersecurity experts at AhnLab Security Intelligence Center (ASEC) have revealed a growing trend of infostealer malware abusing the Electron framework. Electron, known for powering popular applications like Discord and... The post Hackers Weaponize Popular Software Framework for Stealthy Data Theft appeared first on Penetration Testing.

Software 87

Software Penetration Testing Security Intelligence Malware 87

Bleeping Computer

APRIL 23, 2024

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [.

Malware 89

Malware 89

SecureBlitz

APRIL 23, 2024

Here's an exclusive interview with Bob Baxley, CTO of Bastille Networks – a leader in enterprise threat detection through software-defined radio. When facilities say “no devices allowed,” that’s not necessarily true. The problem: most of these devices have radio frequency (RF) communication interfaces that make them vulnerable to RF attacks. As such, enterprises must implement […] The post Exclusive Interview With Bob Baxley, CTO Of Bastille Networks appeared first on SecureBlitz Cyb

Threat Detection 86

Threat Detection Software Cybersecurity Cyber threats 86

Bleeping Computer

APRIL 23, 2024

The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [.

Hacking 84

Hacking Technology 84

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity