Fri.Nov 17, 2023

article thumbnail

Weekly Update 374

Troy Hunt

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices. We were outraged at the premise of a government mandating the implementation of a model that could, at their bequest, allow them to intercept traffic without any transparency or accountability.

article thumbnail

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. “Toyota Financial Services Europe & Africa recently identified unauthorised activity on systems in a limited number of its locations.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Do Password Managers Work and Why Do You Need One?

Tech Republic Security

Learn how password managers work, their benefits, and why your organization needs one to secure sensitive data and prevent security breaches.

article thumbnail

A critical OS command injection flaw affects Fortinet FortiSIEM

Security Affairs

Fortinet warns of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited to execute arbitrary commands. Fortinet is warning customers of a critical OS command injection vulnerability, tracked as CVE-2023-36553 (CVSS score 9.3), in FortiSIEM report server. A remote, unauthenticated attacker can exploit the flaw to execute commands by sending specially crafted API requests. “An improper neutralization of special elements used in an OS Command vulnera

Hacking 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google to Force-Block Ad Blockers — Time to Get Firefox?

Security Boulevard

Manifest V3: Destiny. Huge advertising monopoly flexes muscles: “Manifest V2” extensions to be nuked, but “V3” cripples ad blockers. The post Google to Force-Block Ad Blockers — Time to Get Firefox? appeared first on Security Boulevard.

article thumbnail

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added three new vulnerabilities (tracked as CVE-2023-36584 , CVE-2023-1671 , and CVE-2023-2551 ) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities catalog. Below is the list of the three added vulnerabilities: CVE-2023-36584 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability CVE-2023-1671 Sophos Web Appliance Command Injection

Hacking 140

More Trending

article thumbnail

The board of directors of OpenAI fired Sam Altman

Security Affairs

OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company. Sam Altman has been removed as CEO of OpenAI. The company announced that Mira Murati, the Chief Technology Officer, has been appointed as interim CEO. He was distrusted by the board for his behavior, for this reason, it is believed that he is no longer fit to lead the company. “Mr.

article thumbnail

Waves of Risk: The Growing Cybersecurity Crisis in Maritime Trade

Security Boulevard

Cybercriminals are actively attacking and interrupting supply chains by targeting maritime organizations with ransomware. DP World Australia, which manages 40% of Australian shipping, is the latest to fall victim to these attacks, leaving over 30,000 shipping containers backed up. Operations such as theirs are increasingly attractive targets for cybercriminals, primarily due to their reliance on.

Risk 128
article thumbnail

Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks

The Hacker News

Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities.

127
127
article thumbnail

Mitigating Cybersecurity Risks in a Hybrid-Work World

Security Boulevard

This shift toward remote work has opened up new opportunities for cybercriminals to exploit vulnerabilities and compromise sensitive data. The post Mitigating Cybersecurity Risks in a Hybrid-Work World appeared first on Security Boulevard.

Risk 121
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

The Hacker News

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.

article thumbnail

Hackers Weaponize SEC Disclosure Rules Against Corporate Targets

Dark Reading

Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.

article thumbnail

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

The Hacker News

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.

Malware 121
article thumbnail

CyberTalk Series: MSP and MSSP Cybersecurity Challenges in 2023 and Goals for 2024 with Wayne Selk

Security Boulevard

2023 has been a great eyeopener for the industry, and now many MSPs are waking up to the realization that “nobody is too small. The post CyberTalk Series: MSP and MSSP Cybersecurity Challenges in 2023 and Goals for 2024 with Wayne Selk appeared first on Seceon. The post CyberTalk Series: MSP and MSSP Cybersecurity Challenges in 2023 and Goals for 2024 with Wayne Selk appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

The Hacker News

The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud.

Scams 121
article thumbnail

British Library Confirms Ransomware Attack Caused Outages

Dark Reading

The library said that it expects many of its services to be restored in the forthcoming weeks.

article thumbnail

The Bin Laden Letter Is Being Weaponized by the Far Right

WIRED Threat Level

Far-right influencers and right-wing lawmakers are using the spread of Osama bin Laden’s “Letter to America” to call for a TikTok ban and boost decades old conspiracies.

114
114
article thumbnail

Scattered Spider Casino Hackers Evade Arrest in Plain Sight

Dark Reading

The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Uscrapper: powerful OSINT webscraper for personal data collection

Penetration Testing

Uscrapper Introducing Uscrapper 2.0, A powerful OSINT web scrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media... The post Uscrapper: powerful OSINT webscraper for personal data collection appeared first on Penetration Testing.

article thumbnail

Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks

Dark Reading

For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.

Hacking 114
article thumbnail

British Library: Ongoing outage caused by ransomware attack

Bleeping Computer

The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. [.

article thumbnail

Ransomware gang files SEC complaint about victim

Malwarebytes

In what seems to be a new twist on the ransomware theme, the notorious ALPHV/BlackCat ransomware group has filed a complaint with the US Securities and Exchange Commission (SEC) about the software company MeridianLink. ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and regularly appears in our monthly ransomware reviews. MeridianLink supplies “digital lending solutions” to banks, credit unions, fintechs, and other financial institutions.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

Bleeping Computer

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. [.

article thumbnail

Detection & Response That Scales: A 4-Pronged Approach

Dark Reading

Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.

100
100
article thumbnail

Safeguarding ports from the rising tide of cyberthreats – Week in security with Tony Anscombe

We Live Security

An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause

97
article thumbnail

Hands Off the Security Budget! Find Efficiencies to Reduce Risk

Dark Reading

Security budgets will benefit from new priorities, streamlined responses rather than wholesale cost-cutting in light of cyberattacks and increased regulatory requirements.

Risk 96
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Yamaha Motor confirms ransomware attack on Philippines subsidiary

Bleeping Computer

Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. [.

article thumbnail

DllNotificationInjection: a POC of a new “threadless” process injection technique

Penetration Testing

DllNotificationInjection DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details... The post DllNotificationInjection: a POC of a new “threadless” process injection technique appeared first on Penetration Testing.

article thumbnail

Bloomberg Crypto X account snafu leads to Discord phishing attack

Bleeping Computer

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. [.

article thumbnail

CVE-2023-48238: A Critical Vulnerability in json-web-token for Node.js

Penetration Testing

In the realm of cybersecurity, JSON Web Tokens (JWTs) have become an indispensable tool for secure communication and data exchange. However, even the most widely used technologies can harbor vulnerabilities, and a recent discovery... The post CVE-2023-48238: A Critical Vulnerability in json-web-token for Node.js appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.