Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 352

Surveillance Internet Internet Government 352

Bleeping Computer

DECEMBER 5, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [.

Government 138

Government Cybersecurity 138

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 318

Surveillance Government Advertising Marketing 318

Security Affairs

DECEMBER 5, 2023

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered.

Hacking 138

Hacking Mobile Information Security Malware 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

DECEMBER 5, 2023

Not nice: Hacker claimed 20 million, 23andMe said it was only 14,000—but now admits to 6.9 million. The post 23andMe Finally Admits: 6.9 MILLION Users’ PII Breached appeared first on Security Boulevard.

Digital transformation 131

Digital transformation Data privacy Passwords Security Awareness 131

Security Affairs

DECEMBER 5, 2023

ENISA published the ENISA Threat Landscape for DoS Attacks report to bring new insights to the DoS threat landscape. Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. Over the past few years, threat actors have increasingly had access to cost-effective and efficient means and services to carry out such kinds of attacks.

Hacking 137

Hacking Government Risk Cybersecurity 137

Bleeping Computer

DECEMBER 5, 2023

More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. [.

Malware 126

Malware Mobile 126

WIRED Threat Level

DECEMBER 5, 2023

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.

Data breaches 139

Data breaches Hacking 139

Bleeping Computer

DECEMBER 5, 2023

Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment. [.

135

135

Security Boulevard

DECEMBER 5, 2023

The combination of AI and quantum computing in the wrong hands are enough of a security concern to give pause to even the most experienced technologists. The post AI and Quantum Computing Threaten Encryption and Data Security appeared first on Security Boulevard.

Encryption 120

Encryption Social Engineering Data privacy Engineering 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

DECEMBER 5, 2023

The U.S. CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability ( CVE-2023-26360 ) in Adobe ColdFusion to breach government agencies. The flaw is an Improper Access Control that can allow a remote attacker to execute arbitrary code.

Government 132

Government Malware Software Hacking 132

SecureList

DECEMBER 5, 2023

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to cryptocurrency, as well as individuals who hold crypto assets or take an interest in the subject.

Risk 121

Risk Cryptocurrency Malware Encryption 121

Bleeping Computer

DECEMBER 5, 2023

Microsoft has confirmed an issue causing the HP Smart app to automatically install on Windows systems after all printers are renamed to HP LaserJet M101-M106. [.

125

125

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

Accountability 129

Accountability Government Phishing Authentication 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

DECEMBER 5, 2023

ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play

Cybercrime 144

Cybercrime 144

Graham Cluley

DECEMBER 5, 2023

A 40-year-old Russian man faces a lengthy prison sentence in the United States after pleading guilty to his involvement in the distribution and development of the notorious Trickbot malware. Read more in my article on the Hot for Security blog.

Malware 112

Malware 112

Bleeping Computer

DECEMBER 5, 2023

Microsoft says that customers still using Windows 10 after the end of support date will be able to buy three extra years of security updates through the company's Extended Security Updates (ESU) program. [.

107

107

Appknox

DECEMBER 5, 2023

Appknox continues to solidify its position as a top-tier vendor in application security testing, receiving prestigious recognition from Gartner as one of the leading vendors for Voice of the Customer. This recognition underscores Appknox's unwavering commitment to customer satisfaction, its consistent delivery of robust, developer-centric security solutions, and also its continued relevance in the ever-evolving landscape of application security.

Software 105

Software 105

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

DECEMBER 5, 2023

Accounting software provider Tipalti says it is investigating a claim by ransomware group ALPHV that they have gained access to Tipalti’s systems. Tipalti makes software for accounting and payment automation and has some big names among its customers. In what seems to be a typical supply chain attack, ALPHV aka BlackCat are now threatening some Tipalti customers, including Roblox and Twitch: “We are systematically reaching out to affected clients of Tipalti, the first batch (consisting of

Ransomware 107

Ransomware Backups Software Accountability 107

SecureWorld News

DECEMBER 5, 2023

Just three months after t he National Credit Union Administration (NCUA) put into place a final rule requiring federally chartered and federally insured credit unions to notify NCUA of a "reportable cyber incident," about 60 credit unions in the United States experienced outages because of a ransomware attack on an IT provider the institutions use, according to a U.S. federal agency.

Cyber Attacks 105

Cyber Attacks Insurance Ransomware Cybersecurity 105

WIRED Threat Level

DECEMBER 5, 2023

Adversarial algorithms can systematically probe large language models like OpenAI’s GPT-4 for weaknesses that can make them misbehave.

Artificial Intelligence 120

Artificial Intelligence Hacking 120

Bleeping Computer

DECEMBER 5, 2023

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. [.

IoT 102

IoT Authentication 102

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

DECEMBER 5, 2023

New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck, said in a report shared with The Hacker News.

Accountability 106

Accountability Technology 106

Bleeping Computer

DECEMBER 5, 2023

Microsoft says that all Windows 10 customers (including home users) will be able to pay for three extra years of security updates through the company's Extended Security Updates (ESU) program after the end of support (EOS) date. [.

99

99

The Hacker News

DECEMBER 5, 2023

A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks.

106

106

Bleeping Computer

DECEMBER 5, 2023

IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. [.

Ransomware 98

Ransomware 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Heimadal Security

DECEMBER 5, 2023

This post is authored by Heimdal’s Valentin Rusu – Machine Learning Research Engineer and overall cybersecurity guru here at Heimdal. As an incident response manager himself, Valentin regularly coordinates security responses for companies of all shapes and sizes – including many of the examples discussed in this post. He explains everything you need to know […] The post How to build a cyber incident response team (a 2024 playbook) appeared first on Heimdal Security Blog.

Engineering 94

Engineering Cybersecurity 94

Bleeping Computer

DECEMBER 5, 2023

A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. [.

Risk 93

Risk Cryptocurrency 93

The Hacker News

DECEMBER 5, 2023

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 (CVSS score: 7.8) - Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS score: 8.

99

99

Penetration Testing

DECEMBER 5, 2023

A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-22523 (CVSS score of 9.8), has been discovered in Assets Discovery. This vulnerability allows an attacker to execute arbitrary code on an affected machine with... The post CVE-2023-22523: Critical RCE Vulnerability in Assets Discovery appeared first on Penetration Testing.

Penetration Testing 101

Penetration Testing 101

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government