Krebs on Security

JANUARY 30, 2024

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Social Engineering 334

Social Engineering Mobile Cybercrime Passwords 334

Schneier on Security

JANUARY 30, 2024

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles.

Surveillance 287

Surveillance Data collection Data privacy 287

Joseph Steinberg

JANUARY 30, 2024

Embark on a journey of thought leadership into the dynamic realm of cybersecurity, and be part of the conversation and collective effort to shape the future of the industry, by joining the inaugural webinar of Coro’s new series, Cybersphere. Taking place on Thursday, February 1st, 2024 1:00 PM US Eastern Daylight Savings Time (10:00 AM US Pacific = 5:00 PM UTC/GMT), Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats , will be a thought-provoking session that will f

Artificial Intelligence 269

Artificial Intelligence Cybersecurity Cyber threats Technology 269

Schneier on Security

JANUARY 30, 2024

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article.

273

273

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

JANUARY 30, 2024

New York City, New York – Jan. 30, 2024; In an increasingly competitive and malicious environment vulnerabilities in enterprise codebases can lead to catastrophic security failures. Many times these can be fatal for businesses built on a foundation of customer trust and reliability. Data security is the most fundamental promise that a business can make to its users.

Software 130

Software Technology Media Marketing 130

Bleeping Computer

JANUARY 30, 2024

​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). [.

144

144

Penetration Testing

JANUARY 30, 2024

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. This local privilege escalation (LPE) vulnerability has sent ripples through the Linux community. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing Risk 142

The Last Watchdog

JANUARY 30, 2024

Each of us has probably sat through some level of cybersecurity awareness training during our professional lives. Related: Dangers of spoofed QR codes Stop and think before you click on a link within an email from an unexpected source. Don’t re-use a password across multiple sites. Beware over-sharing personal information online, especially on social media platforms.

Malware 140

Malware Threat Detection Technology Media 140

Security Affairs

JANUARY 30, 2024

Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th.

Ransomware 141

Ransomware Hacking Data breaches Digital transformation 141

We Live Security

JANUARY 30, 2024

ESET has worked with the Federal Police of Brazil on an effor to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities.

Banking 135

Banking 135

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JANUARY 30, 2024

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Engineering 141

Engineering Passwords Telecommunications Accountability 141

Security Boulevard

JANUARY 30, 2024

Oh, Lord: My friends all hack Porsches—I must make amends. The post ‘Extremely serious’ — Mercedes-Benz Leaks Data on GitHub appeared first on Security Boulevard.

Hacking 136

Hacking Digital transformation Social Engineering Data privacy 136

Security Affairs

JANUARY 30, 2024

Data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. CloudSEK researchers warned that a database containing data of 750 million Indian mobile subscribers was offered for sale on dark web hacker forums earlier in January. According to the researchers, at least two cybercrime gangs, CYBO CREW affiliates known as CyboDevil and UNIT8200, were offering the database for $3,000.

Mobile 140

Mobile Identity Theft Cybercrime Cyber Attacks 140

eSecurity Planet

JANUARY 30, 2024

Cloud storage security issues refer to the operational and functional challenges that organizations and consumers encounter when storing data in the cloud. The issues stem from internal lapses or deficiencies and may not always include external threats. Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data.

Risk 127

Risk DDOS Data breaches Encryption 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 30, 2024

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. GNU C Library (glibc) is a free software library that provides essential system services for Linux and other Unix-like operating systems.

Hacking 137

Hacking Software Information Security 137

Security Boulevard

JANUARY 30, 2024

Insurance broker Keenan and Associates is notifying more than 1.5 million people that their personal information may have been stolen during a cyberattack on its systems last summer. According to a letter being sent to potential victims, the attackers hacked into the California-based company’s internal systems multiple times between August 21 and 27, gaining access.

Insurance 126

Insurance Data breaches Hacking Financial Services 126

Trend Micro

JANUARY 30, 2024

Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.

Government 122

Government Phishing 122

IT Security Guru

JANUARY 30, 2024

In the contemporary digital era, email remains one of the most predominant forms of business communication. With its unrivalled efficiency and ubiquity, email bridges gaps between organisations and their global workforce, facilitating seamless collaboration. However, this prevalence has also placed email at the epicentre of cybersecurity concerns, with cybercriminals leveraging it as a primary vector for nefarious endeavours.

Phishing 119

Phishing Data breaches Education Cyber threats 119

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JANUARY 30, 2024

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.

129

129

Google Security

JANUARY 30, 2024

Posted by Sherif Hanna, Group Product Manager, Pixel Security Helping Pixel owners upgrade to the easier, safer way to sign in Your phone contains a lot of your personal information, from financial data to photos. Pixel phones are designed to help protect you and your data, and make security and privacy as easy as possible. This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords.

Password Management 112

Password Management Passwords Accountability Phishing 112

Bleeping Computer

JANUARY 30, 2024

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. [.

Phishing 122

Phishing Malware 122

Penetration Testing

JANUARY 30, 2024

In the ever-evolving landscape of cyber threats, a new and unexpected front has opened up: Microsoft Teams chats. While phishing attacks via email are well-known, many users remain unaware of the dangers lurking within... The post The DarkGate Deception: How Microsoft Teams Became a Phishing Playground appeared first on Penetration Testing.

Phishing 117

Phishing Penetration Testing Cyber threats Malware 117

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Affairs

JANUARY 30, 2024

Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems. Juniper Networks has released out-of-band updates to address two high-severity flaws , tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.

Authentication 128

Authentication Hacking Cybersecurity Information Security 128

Malwarebytes

JANUARY 30, 2024

Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading). These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). The Digital Markets Act (DMA) establishes a set of clearly defined objective criteria to identify “gatekeepers”.

Marketing 108

Marketing Adware Scams Engineering 108

Penetration Testing

JANUARY 30, 2024

Cookie-Monster Steal browser cookies for Edge, Chrome, and Firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data... The post Cookie-Monster: BOF to steal browser cookies & credentials appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Security Affairs

JANUARY 30, 2024

Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations. The Italian data protection authority regulator authority, known as “Garante per la protezione dei dati personali”, announced it has notified OpenAI that ChatGPT violated the EU data protection regulation GDPR.

Data privacy 125

Data privacy Hacking Information Security 125

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

JANUARY 30, 2024

In a concerning development in the realm of cybersecurity, the Akamai Security Intelligence Response Team (SIRT) has uncovered a series of critical vulnerabilities in various Hitron DVR models. These vulnerabilities, collectively identified under CVE... The post Exploited in the Wild: The Alarming Hitron DVR Vulnerabilities appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Security Intelligence Cybersecurity 111

The Hacker News

JANUARY 30, 2024

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes.

108

108

Penetration Testing

JANUARY 30, 2024

In the shadowy world of cyber threats, UNC4990 emerges as a unique actor. This group, identified by Mandiant Managed Defense, stands out for its focus on USB devices as the primary infection vector. Since... The post UNC4990: A Threat Actor with a USB Trick up Its Sleeve appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Cyber threats Malware 108

Bleeping Computer

JANUARY 30, 2024

New York Attorney General Letitia James sued Citibank over its failure to defend customers against hacks and scams and refusing to reimburse victims after allowing fraudsters to steal millions from their accounts. [.

Hacking 100

Hacking Scams Accountability Technology 100

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government