Thu.Nov 16, 2023

article thumbnail

Leaving Authentication Credentials in Public Code

Schneier on Security

Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language.

article thumbnail

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki , a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calli

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FTC’s Voice Cloning Challenge

Schneier on Security

The Federal Trade Commission is running a competition “to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning.

article thumbnail

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Top 5 Risks of Artificial Intelligence

IT Security Guru

Artificial intelligence (AI) technology functions in a manner that helps ease human life. Through AI-enabled systems, different industries have been able to minimize human error and automate repetitive processes and tasks while smoothly handling big data. Unlike humans, who are productive only a few hours a day and need time off and breaks for a healthy work-life balance, AI can operate continuously without breaks, think faster, and handle multiple tasks simultaneously while delivering accurate

article thumbnail

Samsung suffered a new data breach

Security Affairs

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

More Trending

article thumbnail

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered. The exposed sensitive data could spell trouble if accessed by malicious actors.

IoT 138
article thumbnail

A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

WIRED Threat Level

The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

article thumbnail

FBI’s Warrantless Spying on US Must Continue, Says FBI

Security Boulevard

Privacy, schmivacy: FBI head Christopher Wray (pictured) doesn’t see what all the fuss is about. Just renew FISA section 702 already! The post FBI’s Warrantless Spying on US Must Continue, Says FBI appeared first on Security Boulevard.

article thumbnail

Toyota confirms breach after Medusa ransomware threatens to leak data

Bleeping Computer

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. [.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

The Hacker News

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks.

article thumbnail

Running Signal Will Soon Cost $50 Million a Year

WIRED Threat Level

Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.

article thumbnail

MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet

Bleeping Computer

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. [.

DDOS 120
article thumbnail

Complying with Confidence: Navigating Cybersecurity Regulation and Legislation

Security Boulevard

Experts explain how expanded cybersecurity regulation changes the CISO’s role, cyber liability insurance, and pathways to cyber resilience. The post Complying with Confidence: Navigating Cybersecurity Regulation and Legislation appeared first on SafeBreach. The post Complying with Confidence: Navigating Cybersecurity Regulation and Legislation appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Alarm system cyberattack leaves those in need struggling to call for help

Malwarebytes

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall, among others, provides services and systems to allow smart monitoring in various healthcare settings.

article thumbnail

Fortinet warns of critical command injection bug in FortiSIEM

Bleeping Computer

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. [.

119
119
article thumbnail

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

The Hacker News

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News.

Software 119
article thumbnail

Despite Hype, the Password-Free Workplace Is Still a Long Way Off

Dark Reading

More than half of organizations are nowhere near ditching passwords, even as cyberattackers continue to have a field day with workers' poor credential choices.

Passwords 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Is your LinkedIn profile revealing too much?

We Live Security

How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more.

119
119
article thumbnail

The ABCs of API Security: A New (Free!) Learning Center

Security Boulevard

APIs have been with us since before they were called APIs. Application programming interfaces as an interface between software or between users and software have been around since the 1940’s, around 20 years before such interfaces were called APIs. In the past couple of decades, APIs have really come into their own with the proliferation […] The post The ABCs of API Security: A New (Free!

Software 115
article thumbnail

Is your LinkedIn profile revealing too much?

We Live Security

How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more.

118
118
article thumbnail

Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass

Dark Reading

There's no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.

114
114
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

The Hacker News

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light in 2021.

Hacking 113
article thumbnail

IT Pros Worry Generative AI Will Be a Major Driver of Cybersecurity Threats

Dark Reading

Organizations are concerned about generative AI technologies as being a major driver of cybersecurity threats in 2024.

article thumbnail

Long Beach, California turns off IT systems after cyberattack

Bleeping Computer

The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread. [.

112
112
article thumbnail

3 Ways Behavioral Economics Obstructs Cybersecurity

Dark Reading

People are not robots; their decisions are based on emotion as much as data. Often, this can lead them to make mistakes with serious security implications for the business.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

FBI shares tactics of notorious Scattered Spider hacker collective

Bleeping Computer

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation. [.

article thumbnail

Microsoft’s November 2023 Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities

Security Boulevard

Microsoft just released its November Patch Tuesday security updates. In this latest installment, a total of 58 vulnerabilities have been addressed. Among these, the update tackles five zero-day vulnerabilities, with three actively exploited in the wild, warranting immediate attention and action from users and organizations alike. A detailed overview of these critical updates is provided below.

111
111
article thumbnail

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The Hacker News

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

article thumbnail

FBI and CISA Issue Advisory on Rhysida Ransomware

Heimadal Security

Today, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a warning about the Rhysida ransomware group. This gang has been attacking various organizations in different sectors since May 2023. A detailed Cybersecurity Advisory (CSA) has been released as part of the #StopRansomware initiative, highlighting the group’s methods and the risks […] The post FBI and CISA Issue Advisory on Rhysida Ransomware appeared first on Heimdal Security Blog.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.