Schneier on Security
FEBRUARY 1, 2024
Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.
Krebs on Security
FEBRUARY 1, 2024
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
FEBRUARY 1, 2024
Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers. Discovered on January 10, 2024, by JPCERT/CC, this vulnerability has... The post Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices appeared first on Penetration Testing.
Bleeping Computer
FEBRUARY 1, 2024
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youâll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Thales Cloud Protection & Licensing
FEBRUARY 1, 2024
Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable. Their own employees, even with their best efforts, remained the weakest link.
Bleeping Computer
FEBRUARY 1, 2024
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
FEBRUARY 1, 2024
Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain. [.
SecureWorld News
FEBRUARY 1, 2024
The United States continues to grapple with cyber intrusions emanating from sophisticated hacking groups affiliated with the Chinese government. In December 2023, the U.S. government conducted an extensive operation to disrupt a Chinese state-sponsored botnet that was being used to conceal attacks against American critical infrastructure organizations, the Justice Department announced this week.
Security Affairs
FEBRUARY 1, 2024
A US man has been sentenced to federal prison for his role in a fraudulent scheme that resulted in the theft of millions of dollars through SIM swapping. Daniel James Junk (22) of Portland was sentenced to 72 months in federal prison for his role in a scheme that resulted in the theft of millions of dollars of cryptocurrency using a SIM swapping. The man conducted SIM swapping attacks to take control of victimsâ phone numbers tricking the mobile operator employees into porting them to SIMs under
Security Boulevard
FEBRUARY 1, 2024
In testimony before the House Select Committee on the Chinese Communist Party yesterday, FBI Director Christopher Wray delivered an ominous message: âChinaâs hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatâs next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
FEBRUARY 1, 2024
Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. The attackers were observed exploiting CVE-2023-46805 and CVE-2024-21887 to execute arbitrary commands on the unpatched Ivanti devices.
Bleeping Computer
FEBRUARY 1, 2024
An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. [.
Security Affairs
FEBRUARY 1, 2024
CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2,
GlobalSign
FEBRUARY 1, 2024
In this blog, we look at the critical importance of securing digital identities, the cost of data breaches, and what to consider when evaluating digital identity solutions.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
FEBRUARY 1, 2024
In the ever-evolving Internet landscape, the importance of data privacy and compliance with regulations such as GDPR (General Data Protection Regulation) cannot be overstated. WordPress, one of the most popular content management systems, offers... The post Under Attack: CVE-2023-6700 in ‘Cookie Information’ Plugin Threatens 100k WordPress Sites appeared first on Penetration Testing.
We Live Security
FEBRUARY 1, 2024
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
Security Boulevard
FEBRUARY 1, 2024
The German automotive giant Mercedes-Benz found itself on the wrong end of a software supply chain incident after RedHunt Labs found a leaked GitHub token belonging to an employee of the carmaker that granted "'unrestrictedâ and 'unmonitored'" access to the entirety of source code hosted on Mercedesâ internal GitHub Enterprise Server. The post Lessons from the Mercedes-Benz GitHub source code leak appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 1, 2024
In an unusually emotional and unified setting, the Senate Judiciary Committee found common ground for the need to protect children online yesterday. On January 31, 2024, the CEOs of the most widely used social media platforms appeared before the Committee. Metaâs Mark Zuckerberg, X’s Linda Yaccarino, TikTok’s Shou Chew, Snap’s Evan Spiegel, and Discord’s Jason Citron listened to accusations and answered questions about what they were doing to protect children using their
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
FEBRUARY 1, 2024
In the contemporary digital landscape, new threats emerge constantly. If someone connects to the Internet, it exposes organizations to the risk of being targeted by hackers. Cyber threats have advanced into the industry, making security an important aspect of spreading awareness for both businesses and governments worldwide. For companies without the help of cybersecurity services, [âĤ] The post How Does Cybersecurity Services Prevent Businesses From Cyber Attacks?
WIRED Threat Level
FEBRUARY 1, 2024
A loose coalition of anti-censorship voices is working to highlight reports of one Indian companyâs hacker-for-hire pastâand the legal threats aimed at making them disappear.
Penetration Testing
FEBRUARY 1, 2024
A high-severity flaw has been found in a popular WordPress plugin. The affected plugin, Website Builder by SeedProd, has over 900,000 installations. The Website Builder by SeedProd is a powerful and user-friendly WordPress plugin... The post CVE-2024-1072: Critical Flaw in SeedProd Plugin Exposes 900K WordPress Sites appeared first on Penetration Testing.
Malwarebytes
FEBRUARY 1, 2024
The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans. Unsurprisingly, this is also the time of year where we see an increase in tax-related scams.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
FEBRUARY 1, 2024
CISA and FBI have jointly issued a warning about the threat posed by AndroxGh0st malware, emphasizing its use in establishing a botnet for âvictim identification and exploitation within target networks.â Originating in a Lacework report from December 2022, AndroxGh0st, a Python-based malware, has spawned similar tools such as AlienFox, GreenBot (aka Maintance), Legion, and Predator. [âĤ] The post CISA and FBI Warn of AndroxGh0st Malware Threat appeared first on TuxCare.
The Hacker News
FEBRUARY 1, 2024
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.
Security Boulevard
FEBRUARY 1, 2024
Seasoned security leader joins TrustCloud to meet demand for programmatic, predictive security, privacy, and assurance solutions that go beyond GRC automation Boston MA â February 1, 2024 â TrustCloudâ˘, the Trust Assurance platform using AI to upgrade GRC into a profit center, today announced the appointment of TJ McDonough as SVP of Sales and Customer [âĤ] The post TrustCloud Expands Executive Team, Adds TJ McDonough as SVP of Sales and Customer Success first appeared on TrustCloud.
Heimadal Security
FEBRUARY 1, 2024
The Importance of Choosing the Right Privilege Identity Management Solution The essence of effective Privileged Identity Management (PIM) lies not in identity or management but in privilege. A robust PIM system focuses on identifying those who should, and equally importantly, those who should not, have administrative access to important accounts and systems.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Bleeping Computer
FEBRUARY 1, 2024
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. [.
Heimadal Security
FEBRUARY 1, 2024
We have partnered with Jupiter Technology Corporation, who will distribute our cybersecurity products across Japan as part of a long-term sales and distribution agreement. Jupiter Technology will sell the Heimdal XDR Unified Security Platform, marketed as the ‘Heimdal Security Suite’ As the first of its kind, the platform delivers end-to-end cybersecurity in one place.
Bleeping Computer
FEBRUARY 1, 2024
The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. [.
Approachable Cyber Threats
FEBRUARY 1, 2024
Category Awareness, Cybersecurity Fundamentals, News Risk Level Google and Yahoo are requiring DMARC beginning February 2024. So what does that mean for your organization, and how do you implement it? Starting February 1, 2024, Google and Yahoo will implement new requirements for inbound email, primarily geared toward bulk senders. However, the changes may result in potential delivery (and cybersecurity) issues for your organization and customers if the requirements are not implemented correctly
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
341 
Let's personalize your content