Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Password Management 301

Password Management Passwords Cryptocurrency Engineering 301

The Last Watchdog

JUNE 4, 2024

Business data today gets scattered far and wide across distributed infrastructure. Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations. At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

Big data 162

Big data Architecture Engineering Internet 162

Tech Republic Security

JUNE 4, 2024

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 166

VPN 166

WIRED Threat Level

JUNE 4, 2024

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Data collection 145

Data collection Cybersecurity Hacking 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software. The flaw could allow attackers to escalate... The post CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Tech Republic Security

JUNE 4, 2024

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Cyber Attacks 157

Cyber Attacks Risk Social Engineering Engineering 157

The Hacker News

JUNE 4, 2024

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

Accountability 137

Accountability Malware 137

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the telecommunications giant.

Telecommunications 134

Telecommunications Hacking Data breaches Cybercrime 134

Security Boulevard

JUNE 4, 2024

Only half of cybersecurity leaders feel their C-suite understands cybersecurity risks, a Trend Micro survey found. Four in five have been told to downplay a potential risk’s severity. The post CISOs and Senior Leadership at Odds Over Security appeared first on Security Boulevard.

CISO 129

CISO Risk Cybersecurity Accountability 129

Bleeping Computer

JUNE 4, 2024

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. [.

Authentication 128

Authentication 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JUNE 4, 2024

The newly-released Apple cybersecurity threat study reveals interesting data points and demonstrates how the threat landscape is evolving. The post 8 Takeaways from Apple 2023 Threat Research appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity Data privacy Data breaches Security Awareness 128

WIRED Threat Level

JUNE 4, 2024

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

Encryption 136

Encryption 136

The Hacker News

JUNE 4, 2024

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.

Cyber Attacks 123

Cyber Attacks Technology Malware Cybersecurity 123

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known as “V3B”) to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accou

Banking 129

Banking Phishing Social Engineering Engineering 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

JUNE 4, 2024

American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. [.

Hacking 119

Hacking 119

Trend Micro

JUNE 4, 2024

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

Ransomware 116

Ransomware 116

Tech Republic Security

JUNE 4, 2024

A $1 billion commitment will send Cisco money to Cohere, Mistral AI and Scale AI.

Artificial Intelligence 159

Artificial Intelligence Big data Network Security 159

Malwarebytes

JUNE 4, 2024

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.

Scams 120

Scams Advertising Consumer Protection Mobile 120

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JUNE 4, 2024

Russian threat groups are using old tactics and generative AI to run malicious disinformation campaigns meant to discredit the Paris Olympic Games, France and its president, and the IOC fewer than two months before the Games begin. The post Russian Threat Groups Turn Eyes to the Paris Olympic Games appeared first on Security Boulevard.

Social Engineering 117

Social Engineering Engineering Security Awareness Cybersecurity 117

The Hacker News

JUNE 4, 2024

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.

Accountability 113

Accountability Authentication Software 113

Security Boulevard

JUNE 4, 2024

The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Votiro. The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Security Boulevard.

109

109

The Hacker News

JUNE 4, 2024

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts.

Malware 112

Malware Cyber Attacks 112

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JUNE 4, 2024

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. [.

Accountability 107

Accountability Media 107

The Hacker News

JUNE 4, 2024

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant.

109

109

Bleeping Computer

JUNE 4, 2024

Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. [.

Cryptocurrency 106

Cryptocurrency 106

WIRED Threat Level

JUNE 4, 2024

YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking advantage.

Media 104

Media 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Spinone

JUNE 4, 2024

Join Davit Asatryan, Spin.ai’s VP of Product and Tal Zamir, Perception Point’s CTO, as they delve into why organizations need stronger browser security to ensure safe browsing, prevent data loss and strengthen browser governance.

Government 98

Government 98

WIRED Threat Level

JUNE 4, 2024

Generative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about.

Hacking 101

Hacking 101

The Hacker News

JUNE 4, 2024

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.

Malware 100

Malware 100

Malwarebytes

JUNE 4, 2024

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification , listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors.

Data breaches 99

Data breaches Passwords Phishing Password Management 99

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government