Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions.

Data collection 269

Data collection Risk 269

Tech Republic Security

APRIL 24, 2024

A new report by cyber security firm Radware identifies the four main impacts of AI on the threat landscape emerging this year.

Hacking 205

Hacking Artificial Intelligence Phishing Malware 205

Penetration Testing

APRIL 24, 2024

GitLab’s recent security release addresses a series of vulnerabilities that could have far-reaching consequences for your code repositories and development workflows. These flaws range from the potential for complete account hijacking to resource-draining denial-of-service... The post Urgent GitLab Update Patches Account Takeover Flaw, Other High-Severity Bugs appeared first on Penetration Testing.

Accountability 143

Accountability Penetration Testing 143

The Hacker News

APRIL 24, 2024

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

Data collection 133

Data collection Malware 133

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

APRIL 24, 2024

Cyberattacks are continuing to become more sophisticated even as defenders become more adept at thwarting existing threats. The post DirectDefense Report Sees Shifts in Cyberattack Patterns appeared first on Security Boulevard.

Social Engineering 130

Social Engineering Engineering Security Awareness Cybersecurity 130

Bleeping Computer

APRIL 24, 2024

The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. [.

Accountability 121

Accountability Hacking 121

SecureList

APRIL 24, 2024

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up “out-of-band” interactions regarding underground rail system simulator software helped deliver Green Lambert implants in the Middle East.

Social Engineering 119

Social Engineering Engineering Accountability VPN 119

Security Boulevard

APRIL 24, 2024

A threat group that’s been around since last year and was first identified earlier this month is using three high-profile information stealers in a wide-ranging campaign to harvest credentials, financial information, and cryptocurrency wallets from targets around the world who were downloading the malware that masqueraded as movie files. Researchers with Cisco’s Talos threat intelligence.

Cryptocurrency 115

Cryptocurrency Malware Data privacy Cybersecurity 115

The Hacker News

APRIL 24, 2024

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

Antivirus 118

Antivirus Cryptocurrency Malware Hacking 118

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks The researchers believe the campaign could be attributed to North Korea-linked AP Kimsuky.

Antivirus 131

Antivirus Malware DNS Cryptocurrency 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

APRIL 24, 2024

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.

Marketing 117

Marketing 117

Penetration Testing

APRIL 24, 2024

Netgear has issued an urgent security alert regarding a severe vulnerability found in several of its popular Nighthawk series routers. The vulnerability, labeled CVE-2023-27368, could allow hackers to completely bypass the router’s login system,... The post CVE-2023-27368: NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability appeared first on Penetration Testing.

Authentication 123

Authentication Penetration Testing 123

The Hacker News

APRIL 24, 2024

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.

Phishing 116

Phishing Malware Software Cybersecurity 116

Security Boulevard

APRIL 24, 2024

Russia and Ukraine topped a list of cybercrime-producing nations, followed by China and the United States, with African nation Nigeria rounding out the top five. The post Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations appeared first on Security Boulevard.

Cybercrime 110

Cybercrime Identity Theft Scams Ransomware 110

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

APRIL 24, 2024

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.

112

112

Penetration Testing

APRIL 24, 2024

In a pressing announcement, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for federal agencies to patch two critical vulnerabilities found in Cisco products and one in the widely used... The post CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Cybersecurity 118

Thales Cloud Protection & Licensing

APRIL 24, 2024

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats. Businesses in every sector are trying to digitally transform their operations using the cloud but are finding themselves in an increasingly tangled web of challenges.

Telecommunications 104

Telecommunications Digital transformation Software Technology 104

Penetration Testing

APRIL 24, 2024

A new report by Seqrite Labs reveals an alarming escalation in cyberattacks against Indian government entities by Pakistani Advanced Persistent Threats (APTs). The report highlights a coordinated campaign waged by the notorious SideCopy and... The post From SideCopy to Transparent Tribe: Pakistan APTs Hit Indian Government With RATs appeared first on Penetration Testing.

Government 118

Government Penetration Testing Malware 118

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

GlobalSign

APRIL 24, 2024

New advancements to the ACME protocol now allow organizations to streamline certificate issuance for subdomains. Read on to find out more.

124

124

Penetration Testing

APRIL 24, 2024

Google has taken swift action to address four potentially dangerous vulnerabilities in its Chrome browser. The recently released security updates – versions 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 for Linux – are essential... The post Google Patches Critical Vulnerabilities in Chrome – Update Now! appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing 115

Security Affairs

APRIL 24, 2024

The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.

Government 125

Government Phishing Social Engineering Hacking 125

Penetration Testing

APRIL 24, 2024

A series of serious vulnerabilities in Judge0, a widely-used online code execution system, could have devastating consequences for competitive programming sites, e-learning platforms, and any service that relies on secure code evaluation. Three vulnerabilities... The post Critical Judge0 Flaws Expose Online Coding Platforms to Full System Takeovers appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

APRIL 24, 2024

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.

Cyber Attacks 107

Cyber Attacks 107

Penetration Testing

APRIL 24, 2024

A sophisticated and ongoing cyberattack dubbed “ArcaneDoor” has breached Cisco firewalls across the globe. The campaign is linked to a state-sponsored threat actor who employed two zero-day vulnerabilities, giving them extensive control over compromised... The post Nation-State Hackers Breach Cisco Devices in “ArcaneDoor” Espionage Campaign appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Firewall 112

SecureWorld News

APRIL 24, 2024

UnitedHealth Group, parent company of Optum and Change Healthcare, has confirmed that it paid the ransom demands of the cybercriminals behind the late February incident that led to widespread service outages in the U.S. healthcare industry. In a statement to Bleeping Computer , UHG said, "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure.

Healthcare 105

Healthcare Hacking Ransomware Insurance 105

WIRED Threat Level

APRIL 24, 2024

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

Firewall 124

Firewall Government Hacking 124

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

APRIL 24, 2024

Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [.

101

101

WIRED Threat Level

APRIL 24, 2024

More cities are cutting ties with ShotSpotter, the company whose microphones purport to detect gunshots. But new information shows that ShotSpotter is still sending data to local police in at least three cities, despite their contracts being canceled.

94

94

SecureBlitz

APRIL 24, 2024

Considering proxy optimization, this post will show you 4 things you didn’t know a proxy could do. You may be using a proxy server. It could be because you want access to specific content unavailable in your geographical region. You know that hiding your IP address means the remote server will not know where you […] The post Proxy Optimization: 4 Things You Didn’t Know A Proxy Could Do appeared first on SecureBlitz Cybersecurity.

Cybersecurity 90

Cybersecurity Hacking 90

Graham Cluley

APRIL 24, 2024

Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Ransomware 83

Ransomware Data breaches Cybersecurity Malware 83

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government