Thu.Nov 09, 2023

article thumbnail

Online Retail Hack

Schneier on Security

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many of the minuscule objects aren’t clearly advertised. […] But there is no doubt some online sellers deliberately trick customers into buying smaller and often cheaper-to-produce items, Witcher said

Retail 287
article thumbnail

Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks

Tech Republic Security

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

SecureList

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This type of research normally contains detailed information about the tools used by APT actors, the vulnerabilities that they exploit and sometimes even a specific attribution.

article thumbnail

How to Associate an Apple ID with a Second New or Reset iPhone

Tech Republic Security

The steps in this guide describe the process of associating an iPhone with an Apple ID when using iOS 17 on both your first iPhone and a second iPhone.

Mobile 149
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan

We Live Security

ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region

Malware 145
article thumbnail

How CBA Is Managing Cyber Security in an Age of ‘Infinite Signals’

Tech Republic Security

Commonwealth Bank of Australia cyber defence operations leader Andrew Pade is building an AI legacy that will protect customers from cyber attacks and security professionals from career burnout.

Banking 144

More Trending

article thumbnail

Dolly.com pays ransom, attackers release data anyway

Security Affairs

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a ransomware attack and at least partially paid the ransom – but was duped. The attackers complained that the payment wasn’t generous enough and published the stolen data.

article thumbnail

OpenAI confirms DDoS attacks behind ongoing ChatGPT outages

Bleeping Computer

During the last 24 hours, OpenAI has been addressing what it describes as "periodic outages" linked to DDoS attacks affecting its API and ChatGPT services. [.

DDOS 141
article thumbnail

Russian Sandworm disrupts power in Ukraine with a new OT attack

Security Affairs

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while the Russian army was conducting mass missile strikes on critical infrastructure in Ukraine in October.

article thumbnail

Google ads push malicious CPU-Z app from fake Windows news site

Bleeping Computer

A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware. [.

Malware 133
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

The largest and oldest bank in Russia Sberbank faced the record-breaking DDoS attack that reached 1 million RPS. Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS. After the invasion of Ukraine, most Russian organizations and international companies still operating in Russia became the targets of multiple groups of Pro-Ukraine hacktivists.

DDOS 129
article thumbnail

Microsoft shares temp fix for broken Windows Server 2022 VMs

Bleeping Computer

Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts. [.

125
125
article thumbnail

Here’s How Violent Extremists Are Exploiting Generative AI Tools

WIRED Threat Level

Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems.

121
121
article thumbnail

Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks

Bleeping Computer

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

The Hacker News

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.

120
120
article thumbnail

There's Only One Way to Solve the Cybersecurity Skills Gap

Dark Reading

The cybersecurity skills gap is making businesses more vulnerable, but it won't be fixed by upskilling high-potential recruits alone.

article thumbnail

Sandworm Hackers Caused Another Blackout in Ukraine—During a Missile Strike

WIRED Threat Level

Russia's most notorious military hackers successfully sabotaged Ukraine's power grid for the third time last year. And in this case, the blackout coincided with a physical attack.

Hacking 118
article thumbnail

MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks

Dark Reading

The Clop ransomware group is actively exploiting a SysAid zero-day flaw after running rampant through enterprise systems using MOVEit file transfer bug.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Bleeping Computer

Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.

DDOS 116
article thumbnail

CSO’s Perspective: The Okta Breach and What It Means to the Broader Community

Security Boulevard

Den Jones shares his perspective as a CSO on the recent Okta breach, and what that means for the broader security community. The post CSO’s Perspective: The Okta Breach and What It Means to the Broader Community first appeared on Banyan Security. The post CSO’s Perspective: The Okta Breach and What It Means to the Broader Community appeared first on Security Boulevard.

CSO 115
article thumbnail

Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

The Hacker News

The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers.

Software 115
article thumbnail

What We Can Learn from Major Cloud Cyberattacks

Dark Reading

Analysis of six major cloud incidents shows how some common mistakes can lead to serious consequences.

115
115
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

The Hacker News

Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. "The framework's web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday.

113
113
article thumbnail

Omegle Was Forced to Shut Down by a Lawsuit From a Sexual Abuse Survivor

WIRED Threat Level

Omegle connected strangers to one another and had a long-standing problem of pairing minors with sexual predators. A legal settlement took it down.

112
112
article thumbnail

How to Outsmart Malware Attacks That Can Fool Antivirus Protection

Dark Reading

One of the main challenges for Android users is protecting themselves malicious applications that can damage devices or perform other harmful actions.

Antivirus 109
article thumbnail

How to Get Facebook Without Ads—if It’s Available for You

WIRED Threat Level

Meta now offers users an ad-free option, but it’s only available in Europe for those who can afford the €10-a-month subscription.

Media 107
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan

The Hacker News

Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed Kamran. The campaign, ESET has discovered, leverages Hunza News (urdu.hunzanews[.

Spyware 106
article thumbnail

Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort

Dark Reading

The Iran-linked group uses redirected websites to compromise victims and exfiltrate data in a campaign that has lasted over 2022 and 2023.

105
105
article thumbnail

Industrial and Commercial Bank of China hit by ransomware attack

Bleeping Computer

The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues. [.

Banking 104
article thumbnail

Treasury Markets Disrupted by ICBC Ransomware Attack

Dark Reading

The US Treasury states that it is in contact with financial regulators as it monitors the breach.

Marketing 104
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.