Schneier on Security

FEBRUARY 2, 2024

In 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the police, a judge, or his parents) if he doesn’t think it’s fair. This also works, but still requires another person—­at least to resolve disputes.

331

331

Tech Republic Security

FEBRUARY 2, 2024

The FBI spotted this state-sponsored attack that highlights how home office setups can be overlooked when it comes to employees’ cybersecurity.

Cybersecurity 202

Cybersecurity DDOS Internet Internet 202

Schneier on Security

FEBRUARY 2, 2024

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.

304

304

Bleeping Computer

FEBRUARY 2, 2024

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [.

Passwords 142

Passwords 142

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 2, 2024

Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems. Albania’s Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the incident.

Cyber Attacks 140

Cyber Attacks Computers and Electronics Government Hacking 140

Graham Cluley

FEBRUARY 2, 2024

China-sponsored attacks likened to "placing bombs in water treatment facilities, and power plants". Is it just me, or does this sound like the plot of a Mission Impossible movie?

Hacking 130

Hacking Malware 130

Malwarebytes

FEBRUARY 2, 2024

The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an Advanced Persistent Threat (APT) group known as “Volt Typhoon.

Malware 130

Malware Government Ransomware Hacking 130

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. But that doesn’t just include thermostats, printers, and other connected devices that you have to protect — it now means electric cars, too. Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

Security Affairs

FEBRUARY 2, 2024

Cloudflare revealed that a nation-state actor breached its internal Atlassian server, gaining access to the internal wiki and its bug database (Atlassian Jira). The incident took place on Thanksgiving Day, November 23, 2023, and Cloudflare immediately began an investigation with the help of CrowdStrike. The company pointed out that no customer data or systems were impacted by this security breach.

Authentication 136

Authentication Hacking Accountability Information Security 136

Security Boulevard

FEBRUARY 2, 2024

Most IT practitioners rely on legacy platforms and practices originally designed for on-premises IT to secure cloud computing environments. The post Survey Surfaces Raft of Cloud Security Challenges appeared first on Security Boulevard.

Cybersecurity 121

Cybersecurity Network Security 121

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a malware campaign that has infected at least 2,000 computers in the country with the PurpleFox malware (aka ‘ DirtyMoe ‘). “The Government Computer Emergency Response Team of Ukraine CERT-UA, guided by Clause 1 of Article 9 of the Law of Ukrai

Malware 133

Malware Internet Internet DDOS 133

Bleeping Computer

FEBRUARY 2, 2024

An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. [.

Cybercrime 113

Cybercrime Phishing Ransomware Malware 113

Security Affairs

FEBRUARY 2, 2024

A former software engineer with the U.S. CIA has been sentenced to 40 years in prison for leaking classified documents. Former CIA employee Joshua Adam Schulte has been sentenced to 40 years in prison for passing classified documents to WikiLeaks and for possessing child pornographic material. “Damian Williams, the United States Attorney for the Southern District of New York; Matthew G.

Computers and Electronics 128

Computers and Electronics Engineering Hacking Data breaches 128

Graham Cluley

FEBRUARY 2, 2024

Data and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach. Read more in my article on the Hot for Security blog.

Data breaches 105

Data breaches Software Cybersecurity Ransomware 105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

FEBRUARY 2, 2024

An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. Operation Synergia was led by Interpol and ran from September to November 2023 involving law enforcement agencies from 50 countries. The international law enforcement operation was launched to curb the escalation and professionalisation of transnational cybercrime.

Cybercrime 128

Cybercrime Banking Phishing Malware 128

The Hacker News

FEBRUARY 2, 2024

Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities.

Software 111

Software Passwords Hacking Cyber Attacks 111

Bleeping Computer

FEBRUARY 2, 2024

Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. [.

Healthcare 105

Healthcare 105

Malwarebytes

FEBRUARY 2, 2024

In an emergency directive , the Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti vulnerabilities actively exploited in massive numbers we wrote about on January 11, 2024, alerts sounded about two new high severity flaws on January 31, 2024.

Accountability 104

Accountability Ransomware Risk Cybersecurity 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

FEBRUARY 2, 2024

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.

Accountability 105

Accountability 105

Security Boulevard

FEBRUARY 2, 2024

C# — Rust in peas: Microsoft 365 “Core Platform Substrate” gets rewrite in Rust language. The post Microsoft Ditches C# for Rust: M365 Core Gets Safety and Perf Boosts appeared first on Security Boulevard.

Digital transformation 93

Digital transformation Data privacy Mobile Cybersecurity 93

The Hacker News

FEBRUARY 2, 2024

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide.

Hacking 100

Hacking 100

Heimadal Security

FEBRUARY 2, 2024

Cloudflare disclosed a security breach today, revealing that a suspected nation-state attacker infiltrated its internal Atlassian server. The attack, which began on November 14, compromised Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system. How did attackers first gain access to Cloudflare’s systems?

Cybersecurity 88

Cybersecurity 88

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

FEBRUARY 2, 2024

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022.

Engineering 98

Engineering Software 98

SecureWorld News

FEBRUARY 2, 2024

Ransomware, as you know, is a big problem. In the last few years, this digital crime has largely harmed big organizations. But, ordinary people like us are now starting to take a lot more direct heat. For the last nine months, ordinary consumers, including parents and patients, have found themselves in the crosshairs of these cybercriminals. Let's paint a real-life picture here.

Healthcare 88

Healthcare Ransomware Data breaches Cybersecurity 88

The Hacker News

FEBRUARY 2, 2024

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime.

Ransomware 98

Ransomware Cybercrime Banking Phishing 98

Bleeping Computer

FEBRUARY 2, 2024

Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. [.

Cybercrime 89

Cybercrime Cryptocurrency 89

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

FEBRUARY 2, 2024

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries.

Cyber Attacks 94

Cyber Attacks 94

Security Boulevard

FEBRUARY 2, 2024

CEOs are becoming more hands-on and prioritizing cyber resilience as the traditional silos between ITOps and security teams break down. The post Security Leaders, C-Suite Unite to Tackle Cyberthreats appeared first on Security Boulevard.

CISO 83

CISO Risk Government Cybersecurity 83

Penetration Testing

FEBRUARY 2, 2024

A critical vulnerability in the decentralized social networking platform Mastodon could be exploited to impersonate and take over any remote account. Mastodon is a free, open-source social network server based on ActivityPub where users can... The post Mastodon Alert: CVE-2024-23832 Unlocks Account Takeover Threat appeared first on Penetration Testing.

Accountability 96

Accountability Penetration Testing 96

The Hacker News

FEBRUARY 2, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks.

DDOS 88

DDOS Malware 88

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government