Mon.Jan 22, 2024

article thumbnail

AI Bots on X (Twitter)

Schneier on Security

You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases.

article thumbnail

Hacking et Cybersécurité Mégapoche pour les Nuls: New French Book on Hacking and CyberSecurity Now Available

Joseph Steinberg

Hacking et Cybersécurité Mégapoche pour les Nuls , a single-volume book containing French versions of the latest editions of both the best selling CyberSecurity for Dummies by Joseph Steinberg, and Hacking For Dummies by Kevin Beaver, is now available to the public. The new book, now available for purchase online worldwide and in stores throughout Europe, helps people stay cyber-safe regardless of their technical skill sets, and teaches readers how hackers attack systems.

Hacking 161
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top 6 LastPass Alternatives and Competitors for 2024

Tech Republic Security

Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.

article thumbnail

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

WIRED Threat Level

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

145
145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver?

Trend Micro

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.

article thumbnail

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Security Affairs

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then there’s this.

More Trending

article thumbnail

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Security Affairs

Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks exploiting a now-patched flaw in Apache ActiveMQ, in many cases aimed at delivering a malicious code that borrows the code from the open-source web shell Godzilla. Threat actors conceal the web shell within an unknown binary format evading security and signature-based scanners.

article thumbnail

With hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurity

Graham Cluley

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog.

article thumbnail

Apple fixed actively exploited zero-day CVE-2024-23222

Security Affairs

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild. Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year.

Hacking 139
article thumbnail

Cybersecurity Risk Management: Frameworks, Plans, & Best Practices

Security Boulevard

In the modern landscape of cybersecurity risk management, one uncomfortable truth is clear — managing cyber risk across the enterprise is harder than ever. Keeping architectures and systems secure and compliant can seem overwhelming even for today’s most skilled teams. Dave Hatter, a cybersecurity consultant at Intrust IT and 30-year veteran of the industry, explains, The post Cybersecurity Risk Management: Frameworks, Plans, & Best Practices appeared first on Hyperproof.

Risk 128
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

Security Affairs

Resecurity researchers warn of massive leak of stolen Thai personally identifiable information (PII) on the dark web by cybercriminals. Resecurity has detected a noticeable increase in data leaks from consumer-focused platforms in Thailand, confirming that threat actors are actively targeting the personal data of citizens now at the beginning of 2024.

article thumbnail

Apple fixes first zero-day bug exploited in attacks this year

Bleeping Computer

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. [.

134
134
article thumbnail

Chinese Espionage Group Has Exploited VMware Flaw Since 2021

Security Boulevard

A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware’s vCenter Server since at least late 2021, according to the Google-owned cybersecurity company. VMware patched the bug, tracked as CVE-2023-34048, in October 2023, but Mandiant researchers Alexander Marvi, Shawn.

article thumbnail

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

Tel Aviv, Israel – Jan. 23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. In a comprehensive research project, Sternum identified a potential vulnerability involving the reverse SSH tunnel and deprecated NTP client and HTTP servers. ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues.

IoT 100
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches. In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, public websites, and previous data breaches.

Phishing 136
article thumbnail

InMarket is Second Data Broker to Settle with FTC This Month

Security Boulevard

For the second time this month, the Federal Trade Commission is banning a data broker from selling or licensing precise location data without getting the consumer’s consent. Under the 14-page FTC order, Texas-based data aggregator InMarket Media also is prohibited from selling, licensing, or sharing any product or service that targets consumers or categorizes them.

Media 119
article thumbnail

Cracked software beats gold: new macOS backdoor stealing cryptowallets

SecureList

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software.

Software 120
article thumbnail

SEC confirms X account was hacked in SIM swapping attack

Bleeping Computer

The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.

article thumbnail

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

WIRED Threat Level

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

article thumbnail

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

This week’s vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. Citrix and Ivanti are seeing more problems, too, as more vulnerabilities have cropped up in Netscaler and Endpoint Manager Mobile. Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment.

article thumbnail

CVE-2024-0204 (CVSS 9.8): Critical Authentication Bypass Flaw in GoAnywhere MFT

Penetration Testing

GoAnywhere MFT is a secure managed file transfer (MFT) solution that helps organizations automate, centralize, and secure their file transfers. It’s a software platform that removes the hassle of moving data between different systems... The post CVE-2024-0204 (CVSS 9.8): Critical Authentication Bypass Flaw in GoAnywhere MFT appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Essential Cloud Security Tools for Effective DevSecOps

Veracode Security

Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps. Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the sof

article thumbnail

CVE-2024-23222: Apple’s First Zero-Day Flaw of the Year

Penetration Testing

Apple has unfurled security updates to confront the year’s inaugural zero-day vulnerability, a menacing shadow looming over iPhones, Macs, and Apple TVs alike. This zero-day, tracked as CVE-2024-23222, lies within WebKit, and if exploited,... The post CVE-2024-23222: Apple’s First Zero-Day Flaw of the Year appeared first on Penetration Testing.

article thumbnail

Hackers start exploiting critical Atlassian Confluence RCE flaw

Bleeping Computer

Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [.

105
105
article thumbnail

CVE-2024-22233: A high-severity Spring Framework Vulnerability

Penetration Testing

The Spring Framework is an open-source Java platform that provides comprehensive infrastructure support for developing enterprise applications. It’s essentially a toolkit that simplifies the development process by taking care of the boilerplate code and... The post CVE-2024-22233: A high-severity Spring Framework Vulnerability appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

The Hacker News

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content.

111
111
article thumbnail

Global eInvoice Compliance - Simplifying Complexity

GlobalSign

In this article, we look at the European Union and global countries different requirements regarding the mandatory elements in an invoice.

117
117
article thumbnail

Microsoft Suffers Breach by Notorious SolarWinds Hackers

SecureWorld News

Microsoft disclosed that it recently fell victim to a cyberattack by Nobelium, the Russian state-sponsored hacking group infamously responsible for the 2020 SolarWinds supply chain attack. The breach, detected on January 12th, allowed the hackers to access email accounts belonging to members of Microsoft's senior leadership team. While details remain limited, Microsoft stated that Nobelium, also known as Midnight Blizzard, leveraged a simple password spray attack to compromise an unsecured legac

Passwords 101
article thumbnail

Ivanti: VPN appliances vulnerable if pushing configs after mitigation

Bleeping Computer

Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. [.

VPN 101
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.