Thu.Mar 14, 2024

article thumbnail

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 347
article thumbnail

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Keep Your Network Secure With This $39.99 CompTIA Bundle

Tech Republic Security

This Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.

article thumbnail

Researchers found multiple flaws in ChatGPT plugins

Security Affairs

Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

5 Benefits of Passwordless Authentication

Tech Republic Security

The benefits of passwordless authentication include enhanced security, convenience, and boosted productivity. Learn how your organization can take advantage.

article thumbnail

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

The Hacker News

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike.

More Trending

article thumbnail

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

The Hacker News

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S.

article thumbnail

Network Security Policy

Tech Republic Security

Every company’s network is made up of devices that transmit and store information. This can include internal and external systems, either company-owned or leased/rented/subscribed to. To protect company data and reputation, it is essential to ensure that the network is secured from unauthorized access, data loss, malware infestations and security breaches.

article thumbnail

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

The Hacker News

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.

article thumbnail

SIM swappers hijacking phone numbers in eSIM attacks

Bleeping Computer

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. [.

139
139
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

The Hacker News

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said.

140
140
article thumbnail

Cisco fixed high-severity elevation of privilege and DoS bugs

Security Affairs

Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed multiple vulnerabilities in IOS RX software, including three high-severity issues that can be exploited to elevate privileges and trigger a denial-of-service (DoS) condition. The vulnerability CVE-2024-20320 is a Cisco IOS XR Software SSH privilege escalation vulnerability.

Software 139
article thumbnail

CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution

Penetration Testing

A critical vulnerability has been recently discovered in JSONata, a widely used JavaScript library for querying and transforming JSON data. This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

article thumbnail

Ande Loader Malware Targets Manufacturing Sector in North America

The Hacker News

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers. CVE-2024-21412 (CVSS score 8.1) is an Internet Shortcut Files Security Feature Bypass Vulnerability.

Phishing 138
article thumbnail

TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

Malwarebytes

The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 billion users , with an estimated 170 million of them in the US.

article thumbnail

23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies

IT Security Guru

Recently 23andMe , the popular DNA testing service, made a startling admission: hackers had gained unauthorised access to the personal data of 6.9 million users, specifically their ‘DNA Relatives’ data. This kind of high-profile breach made headlines globally, and naturally highlights the need for stringent security measures when handling organisational data – especially the type of sensitive genetic information that 23andMe is responsible for.

article thumbnail

3 Things CISOs Achieve with Cato

The Hacker News

Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise.

CISO 129
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Best Practices for Securing Microsoft Copilot

Security Boulevard

Microsoft's Copilot is becoming a focal point for businesses seeking to revolutionize their operations and elevate productivity. Here's how to secure it. The post Best Practices for Securing Microsoft Copilot appeared first on Security Boulevard.

article thumbnail

Nissan confirms ransomware attack exposed data of 100,000 people

Bleeping Computer

Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. [.

article thumbnail

Researchers Find Flaws in OpenAI ChatGPT, Google Gemini

Security Boulevard

The number of generative AI chatbots and their adoption by enterprises have exploded in the year-plus since OpenAI rolled out ChatGPT, but so have concerns by cybersecurity pros who worry not only about threat group use of the emerging technology but also the security of the large-language models (LLMs) themselves. That was on display this. The post Researchers Find Flaws in OpenAI ChatGPT, Google Gemini appeared first on Security Boulevard.

article thumbnail

Google Chrome gets real-time phishing protection later this month

Bleeping Computer

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [.

Phishing 122
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Azure Deployment Scripts: Assuming User-Assigned Managed Identities

NetSpi Technical

As Azure penetration testers, we often run into overly permissioned User-Assigned Managed Identities. This type of Managed Identity is a subscription level resource that can be applied to multiple other Azure resources. Once applied to another resource, it allows the resource to utilize the associated Entra ID identity to authenticate and gain access to other Azure resources.

article thumbnail

Patch Now! CVE-2024-28752 – SSRF Vulnerability Impacts Apache CXF Users

Penetration Testing

Apache CXF, a popular open-source web services framework, is urging users to update immediately. A Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2024-28752, has been discovered in versions before 4.0.4, 3.6.3, and 3.5.8. This... The post Patch Now! CVE-2024-28752 – SSRF Vulnerability Impacts Apache CXF Users appeared first on Penetration Testing.

article thumbnail

Healthcare data breaches affect more than one million patients; Roku reports data breach

Security Boulevard

Cybercriminals may have different reasons for conducting cyberattacks, but the number one reason above all else is to make money. The reason why these incidents are so common is due to the fact that cyberattacks can be incredibly lucrative for bad actors. In its 2023 Internet Crime Report, the FBI’s Internet Crime Complaint Center found […] The post Healthcare data breaches affect more than one million patients; Roku reports data breach appeared first on BlackCloak | Protect Your Digital Li

article thumbnail

LockBit affiliate jailed for almost four years after guilty plea

Graham Cluley

An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

StopCrypt: Most widely distributed ransomware now evades detection

Bleeping Computer

A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [.

article thumbnail

CVE-2024-23944: Critical Apache ZooKeeper Flaw Exposes Sensitive Data, Patch Immediately

Penetration Testing

Apache ZooKeeper, a widely used coordination service for distributed applications, has a critical security vulnerability, tracked as CVE-2024-23944. This flaw allows attackers to silently monitor sensitive information, potentially compromising systems that rely on ZooKeeper... The post CVE-2024-23944: Critical Apache ZooKeeper Flaw Exposes Sensitive Data, Patch Immediately appeared first on Penetration Testing.

article thumbnail

12 Things You May Have Missed at CCF 2024

CompTIA on Cybersecurity

CompTIA CCF 2024 was a great opportunity to talk about the latest managed services trends, cybersecurity, AI—and much more. If you couldn’t go, here’s what you missed.

article thumbnail

CVE-2024-22259: Spring Framework Update Fixes High-Severity Flaw

Penetration Testing

The popular Spring Framework, a cornerstone of many Java-based applications, has received a crucial security update. This patch addresses a high-severity vulnerability designated CVE-2024-22259. The responsible disclosure of this issue was provided by threedr3am... The post CVE-2024-22259: Spring Framework Update Fixes High-Severity Flaw appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.