Wed.Apr 24, 2024

article thumbnail

Dan Solove on Privacy Regulation

Schneier on Security

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions.

article thumbnail

Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape

Tech Republic Security

A new report by cyber security firm Radware identifies the four main impacts of AI on the threat landscape emerging this year.

Hacking 205
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Urgent GitLab Update Patches Account Takeover Flaw, Other High-Severity Bugs

Penetration Testing

GitLab’s recent security release addresses a series of vulnerabilities that could have far-reaching consequences for your code repositories and development workflows. These flaws range from the potential for complete account hijacking to resource-draining denial-of-service... The post Urgent GitLab Update Patches Account Takeover Flaw, Other High-Severity Bugs appeared first on Penetration Testing.

article thumbnail

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

The Hacker News

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

DirectDefense Report Sees Shifts in Cyberattack Patterns

Security Boulevard

Cyberattacks are continuing to become more sophisticated even as defenders become more adept at thwarting existing threats. The post DirectDefense Report Sees Shifts in Cyberattack Patterns appeared first on Security Boulevard.

article thumbnail

Ring customers get $5.6 million in privacy breach settlement

Bleeping Computer

The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. [.

More Trending

article thumbnail

Assessing the Y, and How, of the XZ Utils incident

SecureList

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up “out-of-band” interactions regarding underground rail system simulator software helped deliver Green Lambert implants in the Middle East.

article thumbnail

CoralRaider Group Delivers Three Infostealers via CDN Cache

Security Boulevard

A threat group that’s been around since last year and was first identified earlier this month is using three high-profile information stealers in a wide-ranging campaign to harvest credentials, financial information, and cryptocurrency wallets from targets around the world who were downloading the malware that masqueraded as movie files. Researchers with Cisco’s Talos threat intelligence.

article thumbnail

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

The Hacker News

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

Antivirus 125
article thumbnail

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks The researchers believe the campaign could be attributed to North Korea-linked AP Kimsuky.

Antivirus 132
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

The Hacker News

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.

Marketing 124
article thumbnail

CVE-2023-27368: NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability

Penetration Testing

Netgear has issued an urgent security alert regarding a severe vulnerability found in several of its popular Nighthawk series routers. The vulnerability, labeled CVE-2023-27368, could allow hackers to completely bypass the router’s login system,... The post CVE-2023-27368: NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability appeared first on Penetration Testing.

article thumbnail

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

The Hacker News

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.

Phishing 123
article thumbnail

Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations

Security Boulevard

Russia and Ukraine topped a list of cybercrime-producing nations, followed by China and the United States, with African nation Nigeria rounding out the top five. The post Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

The Hacker News

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.

119
119
article thumbnail

CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV

Penetration Testing

In a pressing announcement, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for federal agencies to patch two critical vulnerabilities found in Cisco products and one in the widely used... The post CISA Added Critical Vulnerabilities in Cisco Products and CrushFTP to KEV appeared first on Penetration Testing.

article thumbnail

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security

Thales Cloud Protection & Licensing

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats. Businesses in every sector are trying to digitally transform their operations using the cloud but are finding themselves in an increasingly tangled web of challenges.

article thumbnail

From SideCopy to Transparent Tribe: Pakistan APTs Hit Indian Government With RATs

Penetration Testing

A new report by Seqrite Labs reveals an alarming escalation in cyberattacks against Indian government entities by Pakistani Advanced Persistent Threats (APTs). The report highlights a coordinated campaign waged by the notorious SideCopy and... The post From SideCopy to Transparent Tribe: Pakistan APTs Hit Indian Government With RATs appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Streamline Certificate Issuance: Trusted Certificates for Sub Domains through GlobalSign’s ACME Service

GlobalSign

New advancements to the ACME protocol now allow organizations to streamline certificate issuance for subdomains. Read on to find out more.

124
124
article thumbnail

Google Patches Critical Vulnerabilities in Chrome – Update Now!

Penetration Testing

Google has taken swift action to address four potentially dangerous vulnerabilities in its Chrome browser. The recently released security updates – versions 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 for Linux – are essential... The post Google Patches Critical Vulnerabilities in Chrome – Update Now! appeared first on Penetration Testing.

article thumbnail

US offers a $10 million reward for information on four Iranian nationals

Security Affairs

The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.

article thumbnail

Critical Judge0 Flaws Expose Online Coding Platforms to Full System Takeovers

Penetration Testing

A series of serious vulnerabilities in Judge0, a widely-used online code execution system, could have devastating consequences for competitive programming sites, e-learning platforms, and any service that relies on secure code evaluation. Three vulnerabilities... The post Critical Judge0 Flaws Expose Online Coding Platforms to Full System Takeovers appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.

article thumbnail

Nation-State Hackers Breach Cisco Devices in “ArcaneDoor” Espionage Campaign

Penetration Testing

A sophisticated and ongoing cyberattack dubbed “ArcaneDoor” has breached Cisco firewalls across the globe. The campaign is linked to a state-sponsored threat actor who employed two zero-day vulnerabilities, giving them extensive control over compromised... The post Nation-State Hackers Breach Cisco Devices in “ArcaneDoor” Espionage Campaign appeared first on Penetration Testing.

article thumbnail

Healthcare Hack: UnitedHealth Pays Ransom, Reports $872M in Losses

SecureWorld News

UnitedHealth Group, parent company of Optum and Change Healthcare, has confirmed that it paid the ransom demands of the cybercriminals behind the late February incident that led to widespread service outages in the U.S. healthcare industry. In a statement to Bleeping Computer , UHG said, "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure.

article thumbnail

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

WIRED Threat Level

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

Firewall 124
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Maximum severity Flowmon bug has a public exploit, patch now

Bleeping Computer

Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [.

101
101
article thumbnail

ShotSpotter Keeps Listening for Gunfire After Contracts Expire

WIRED Threat Level

More cities are cutting ties with ShotSpotter, the company whose microphones purport to detect gunshots. But new information shows that ShotSpotter is still sending data to local police in at least three cities, despite their contracts being canceled.

94
article thumbnail

Proxy Optimization: 4 Things You Didn’t Know A Proxy Could Do

SecureBlitz

Considering proxy optimization, this post will show you 4 things you didn’t know a proxy could do. You may be using a proxy server. It could be because you want access to specific content unavailable in your geographical region. You know that hiding your IP address means the remote server will not know where you […] The post Proxy Optimization: 4 Things You Didn’t Know A Proxy Could Do appeared first on SecureBlitz Cybersecurity.

article thumbnail

Smashing Security podcast #369: Keeping the lights on after a ransomware attack

Graham Cluley

Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.