Tue.Jun 04, 2024

article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

article thumbnail

6 Best VPNs for the UK in 2024

Tech Republic Security

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 183
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

The Last Watchdog

Business data today gets scattered far and wide across distributed infrastructure. Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations. At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

Big data 162
article thumbnail

Cisco Live 2024: Cisco Unveils AI Deployment Solution With NVIDIA

Tech Republic Security

A $1 billion commitment will send Cisco money to Cohere, Mistral AI and Scale AI.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

WIRED Threat Level

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

article thumbnail

Paris Olympics 2024: Cyber Attackers are Targeting Companies Associated With Games, Report Finds

Tech Republic Security

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

More Trending

article thumbnail

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

Penetration Testing

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software. The flaw could allow attackers to escalate... The post CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published appeared first on Penetration Testing.

article thumbnail

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

The Hacker News

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

article thumbnail

Russians Love YouTube. That’s a Problem for the Kremlin

WIRED Threat Level

YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking advantage.

Media 141
article thumbnail

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

The Hacker News

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Utility scams update

Malwarebytes

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.

Scams 139
article thumbnail

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the telecommunications giant.

article thumbnail

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

The Hacker News

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.

article thumbnail

AI Is Your Coworker Now. Can You Trust It?

WIRED Threat Level

Generative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about.

Hacking 137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

The Hacker News

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts.

Malware 137
article thumbnail

Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

Security Affairs

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known as “V3B”) to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accou

Banking 136
article thumbnail

Was the Ticketmaster Leak Snowflake’s Fault?

Security Boulevard

Snowflake, Inc. says NO, threatening legal action against those who say it was. But reports are coming in of several more massive leaks from other Snowflake customers. The post Was the Ticketmaster Leak Snowflake’s Fault? appeared first on Security Boulevard.

article thumbnail

Debt collection agency FBCS leaks information of 3 million US citizens

Malwarebytes

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification , listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

The Hacker News

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant.

133
133
article thumbnail

CISOs and Senior Leadership at Odds Over Security

Security Boulevard

Only half of cybersecurity leaders feel their C-suite understands cybersecurity risks, a Trend Micro survey found. Four in five have been told to downplay a potential risk’s severity. The post CISOs and Senior Leadership at Odds Over Security appeared first on Security Boulevard.

CISO 129
article thumbnail

The Next Generation of RBI (Remote Browser Isolation)

The Hacker News

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.

Malware 129
article thumbnail

8 Takeaways from Apple 2023 Threat Research

Security Boulevard

The newly-released Apple cybersecurity threat study reveals interesting data points and demonstrates how the threat landscape is evolving. The post 8 Takeaways from Apple 2023 Threat Research appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Microsoft deprecates Windows NTLM authentication protocol

Bleeping Computer

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. [.

article thumbnail

TargetCompany’s Linux Variant Targets ESXi Environments

Trend Micro

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

article thumbnail

TikTok Hack Targets ‘High-Profile’ Users via DMs

WIRED Threat Level

TikTok has confirmed a “potential exploit” that is being used to go after accounts belonging to media organizations and celebrities, including CNN and Paris Hilton, through direct messages.

Hacking 121
article thumbnail

ARRL says it was hacked by an "international cyber group"

Bleeping Computer

American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. [.

Hacking 119
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Russian Threat Groups Turn Eyes to the Paris Olympic Games

Security Boulevard

Russian threat groups are using old tactics and generative AI to run malicious disinformation campaigns meant to discredit the Paris Olympic Games, France and its president, and the IOC fewer than two months before the Games begin. The post Russian Threat Groups Turn Eyes to the Paris Olympic Games appeared first on Security Boulevard.

article thumbnail

TikTok fixes zero-day bug used to hijack high-profile accounts

Bleeping Computer

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. [.

article thumbnail

Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights

Security Boulevard

The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Votiro. The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Security Boulevard.

109
109
article thumbnail

FBI warns of fake remote work ads used for cryptocurrency fraud

Bleeping Computer

Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.