Wed.Jan 31, 2024

article thumbnail

CFPB’s Proposed Data Rules

Schneier on Security

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.

Banking 294
article thumbnail

What Is Cyber Threat Hunting? (Definition & How it Works)

Tech Republic Security

Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-21626: Docker Confronts Critical Container Escape Threat

Penetration Testing

In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization. Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.

article thumbnail

Limited Time Deal: a Lifetime of Powerful VPN Protection is Just $35 Through 2/4

Tech Republic Security

Get the ultimate online protection of privacy and security for up to five devices, including speedy servers, unlimited bandwidth, kill switch and more.

VPN 173
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

YouTube, Discord, and ‘Lord of the Rings’ Led Police to a Teen Accused of a US Swatting Spree

WIRED Threat Level

For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.

143
143
article thumbnail

Mobile Device Security Policy

Tech Republic Security

Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. Desktops are routinely stationary devices and laptops are harder to lose than smartphones or tablets, being more sizable. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops.

Mobile 163

More Trending

article thumbnail

How to Use KeePass Step-by-Step Guide

Tech Republic Security

This tutorial will guide you on how to use KeePass to manage and secure your passwords. Learn how to set it up and make the most of its features.

Passwords 155
article thumbnail

Mother of all Breaches may contain NEW breach data

Malwarebytes

On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the “ mother of all breaches ” (MOAB). Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup. Prevention platform SpyCloud compared the MOAB data with its own recaptured dataset and found at least 94% of the data was either public, old, or otherwise widely-known.

article thumbnail

Gift Yourself a Year of Online Protection for Only $50 Through 2/4

Tech Republic Security

Requesting the removal of your most confidential data from the internet is a complicated process unless you have Incogni, which can do it in a few clicks.

Internet 149
article thumbnail

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

Security Affairs

Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripple’s co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP accounts, while the @Ripple was not impacted.

Hacking 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ChatGPT accused of breaking data protection rules

Malwarebytes

Italy’s Data Protection Authority (GPDP) has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence (AI) chatbot that can engage in conversations with users, and answer their questions. It does this using natural, human-like language, a trick which is accomplished by training the underlying algorithm with large amounts of data from t

article thumbnail

Ivanti warns of a new actively exploited zero-day

Security Affairs

Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). The software company also warned that one of these two vulnerabilities is under active exploitation in the wild.

Software 139
article thumbnail

Tax Season is Upon Us, and So Are the Scammers

Security Boulevard

It’s still relatively early in the year, but bad actors are already targeting accounting and finance organizations as well as filers in the United States with tax-related scams. Researchers at cybersecurity company Proofpoint wrote in a report this week that the return of tax season reliably brought the threat group TA576 back into action. “TA576. The post Tax Season is Upon Us, and So Are the Scammers appeared first on Security Boulevard.

Scams 131
article thumbnail

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Apple and Google Just Patched Their First Zero-Day Flaws of the Year

WIRED Threat Level

Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.

Hacking 131
article thumbnail

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

German police seized 50,000 Bitcoin from the former operator of the now-defunct piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 billion at the current exchange rate) from the former operator of the now-defunct piracy site movie2k. “This is the most extensive security of Bitcoins by law enforcement authorities in the Federal Republic of Germany to date.” reads the press release published by the German police.

Media 135
article thumbnail

Decline in robocalls is encouraging, efforts seem to be working

Malwarebytes

The Federal Communications Commission (FCC) has announced that its recent actions with the Federal Trade Commission (FTC) against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a nuisance to individuals and businesses alike. In November, 2023, the FCC and FTC sent separate, but coordinated, warning letters to specific gateway providers demanding these providers cease to serve as entry

Scams 129
article thumbnail

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways.

VPN 134
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

Pen Test Partners

We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights One of the iOS apps had ATS (application transport security) intentionally disabled, exposing the app to interception attacks over Wi-Fi This could enable

Hacking 129
article thumbnail

Confronting the SaaS Data Protection and Security Crisis

Security Boulevard

For all the benefits that SaaS provides, data protection and security is most often found wanting. The post Confronting the SaaS Data Protection and Security Crisis appeared first on Security Boulevard.

Backups 128
article thumbnail

PCI DSS v3.2.1 is Retiring on 31 March 2024 – Are You Ready?

PCI perspectives

With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.

122
122
article thumbnail

Hiring Kit: Cyber Threat Hunter

Tech Republic Security

Professional cyber threat hunters complement cybersecurity programs focusing on potential threats and vulnerabilities that may breach automated cybersecurity tools and traditional systems. These hunters proactively search for previously unknown or ongoing threats by using their deep understanding of cybersecurity and how cybercriminals operate. This hiring kit from TechRepublic Premium provides a workable framework you can.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

US Sanctions Three for Cyber Work for ISIS

Security Boulevard

The United States is hitting two Egyptian nationals with sanctions for allegedly creating and maintaining a platform used to train members of the ISIS terrorist group in cybersecurity and to support its funding and recruitment. The Treasury and State departments are accusing Mu’min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid of launching and managing the.

article thumbnail

Water Leaks, LockBit and the ‘Mother of All Breaches’ – January NewsScam

GlobalSign

There’s More than Water Leaking at Two Major Water Companies, LockBit Snacks on Subway, plus researchers discover the ‘Mother of all Breaches’ and more in the latest edition of NewsScam

122
122
article thumbnail

WordPress Tackles PHP and RCE Flaws in Security Update

Penetration Testing

WordPress, a titan in the world of content management systems, has once again demonstrated its commitment to cybersecurity with the release of version 6.4.3. This emergency security update, a beacon of proactive defense, addresses... The post WordPress Tackles PHP and RCE Flaws in Security Update appeared first on Penetration Testing.

article thumbnail

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

We Live Security

An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

Security Boulevard

The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration. The post Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations appeared first on Security Boulevard.

IoT 119
article thumbnail

FBI disrupts Chinese botnet by wiping malware from infected routers

Bleeping Computer

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. [.

Malware 117
article thumbnail

Decoding REF0657: A Sophisticated Financial Cyber Attack Exposed

Penetration Testing

In December 2023, Elastic Security Labs uncovered a sophisticated cyber intrusion, dubbed REF0657, targeting a financial services organization in South Asia. This intrusion was notable for its utilization of a variety of open-source tools... The post Decoding REF0657: A Sophisticated Financial Cyber Attack Exposed appeared first on Penetration Testing.

article thumbnail

CISA warns of patched iPhone kernel bug now exploited in attacks

Bleeping Computer

CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. [.

115
115
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.