Thu.Feb 22, 2024

article thumbnail

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

article thumbnail

New Image/Video Prompt Injection Attacks

Schneier on Security

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in general.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

5 Best Free Password Managers for 2024

Tech Republic Security

Discover the top free password managers for securely storing and managing your passwords. Learn about their features, benefits and choose the best one for your needs.

article thumbnail

Here Are the Secret Locations of ShotSpotter Gunfire Sensors

WIRED Threat Level

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

6 Best Open Source IAM Tools in 2024

Tech Republic Security

Explore the top open source IAM (Identity and Access Management) tools, their features and how they can enhance your organization's security and access control.

189
189
article thumbnail

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

The Hacker News

A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said.

145
145

More Trending

article thumbnail

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The Hacker News

The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes.

Antivirus 145
article thumbnail

ISC2 Research: Most Cybersecurity Professionals Expect AI to Impact Their Jobs

Tech Republic Security

Deepfakes are at the top of the list of the concerns in the ISC2 AI survey, which polled cybersecurity professionals on the real-world impact of AI. Gen AI regulation is another top-of-mind subject.

article thumbnail

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

The Hacker News

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer.

article thumbnail

Develop Advanced Cybersecurity Skills for Just $80

Tech Republic Security

If you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

The Hacker News

Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.

144
144
article thumbnail

Checklist: Network and Systems Security

Tech Republic Security

Cybersecurity demands and the stakes of failing to properly secure systems and networks are high. While every organization’s specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks.

Risk 146
article thumbnail

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new,

article thumbnail

Signal to shield user phone numbers by default

Malwarebytes

Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal has now announced that these options are live, and will be rolled out to everyone in the coming weeks.

VPN 139
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Multiple XSS flaws in Joomla can lead to remote code execution

Security Affairs

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [ 20240201 ] – CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessi

Media 141
article thumbnail

Leak Shows Alarm in Congress Over a Russian ‘Threat’ Is a Real Anomaly

WIRED Threat Level

The US Congress was preparing to vote on a key foreign surveillance program last week. Then a wild Russian threat appeared.

article thumbnail

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services.

article thumbnail

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

Security Boulevard

Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures. The post PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs appeared first on Security Boulevard.

Hacking 136
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’ The 419 scam is a form of scam that requires the recipient to pay an upfront sum to receive a much larger reward later. The name derives from article 419 of the Nigerian penal code which punishes this type of fraud and is therefore also known as Nigerian fraud.

Scams 140
article thumbnail

Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation

Penetration Testing

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices. Identified as CVE-2024-23204, this flaw leaves affected systems susceptible to unauthorized data exfiltration due to a potential... The post Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation appeared first on Penetration Testing.

article thumbnail

A New Age of Hacktivism

The Hacker News

In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives.

Mobile 134
article thumbnail

FTC to ban Avast from selling browsing data for advertising purposes

Bleeping Computer

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Everything you need to know about IP grabbers

We Live Security

You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.

125
125
article thumbnail

Urgent Alert for Developers: Fix the Critical Fiber Go CVE-2024-25124 Vulnerability Now

Penetration Testing

Developers using the Fiber Go web framework should immediately address a critical vulnerability in the CORS middleware. CVE-2024-25124 (CVSS 9.4) stems from allowing wildcard origins (*) in CORS configurations while simultaneously enabling credentials. Fiber is... The post Urgent Alert for Developers: Fix the Critical Fiber Go CVE-2024-25124 Vulnerability Now appeared first on Penetration Testing.

article thumbnail

Microsoft now force installing Windows 11 23H2 on eligible PCs

Bleeping Computer

Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. [.

120
120
article thumbnail

Bring us the head of LockBit! $15 million bounty offered for information on leaders of notorious ransomware gang

Graham Cluley

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Bitwarden’s new auto-fill option adds phishing resistance

Bleeping Computer

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [.

article thumbnail

NSFOCUS Innovative DDoS Protection Technology Secures Your Network Perimeter

Security Boulevard

Cybersecurity is crucial for national security in the digital world, where major powers clash over their interests. However, technology also enables more sophisticated and harmful network attacks. One of the most common and dangerous types of attacks is distributed denial-of-service (DDoS), which can hide, coordinate, and scale up to overwhelm a target.

DDOS 114
article thumbnail

ScreenConnect servers hacked in LockBit ransomware attacks

Bleeping Computer

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [.

article thumbnail

ConnectWise Says ScreenConnect Flaw Being Actively Exploited

Security Boulevard

Hackers are actively exploiting critical security flaws in ConnectWise’s remote desktop access tool just days after the software maker alerted customers of the vulnerabilities. ConnectWise learned of the bugs – tracked as CVE-2024-1709 (with the highest severity rating of 10) and CVE-2024-1708 (8.4 out of 10) – in ScreenConnect February 13 through its vulnerability disclosure.

Software 111
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.