Fri.Feb 02, 2024

article thumbnail

A Self-Enforcing Protocol to Solve Gerrymandering

Schneier on Security

In 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the police, a judge, or his parents) if he doesn’t think it’s fair. This also works, but still requires another person—­at least to resolve disputes.

344
344
article thumbnail

Botnet Struck U.S. Routers. Here’s How to Keep Employees Safe

Tech Republic Security

The FBI spotted this state-sponsored attack that highlights how home office setups can be overlooked when it comes to employees’ cybersecurity.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

David Kahn

Schneier on Security

David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.

323
323
article thumbnail

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Security Affairs

Albania’s Institute of Statistics (INSTAT) announced that it was targeted by a sophisticated cyberattack that affected some of its systems. A sophisticated cyberattack on Wednesday hit Albania’s Institute of Statistics (INSTAT). The institute confirmed that the attack affected some of its systems. Albania’s Institute of Statistics (INSTAT) promptly activated emergency protocols to respond to the incident.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AnyDesk says hackers breached its production servers, reset passwords

Bleeping Computer

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [.

Passwords 142
article thumbnail

FBI removes malware from hundreds of routers across the US

Malwarebytes

The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life. The FBI did this because it believed the threat actor behind the botnet of routers is an Advanced Persistent Threat (APT) group known as “Volt Typhoon.

Malware 142

More Trending

article thumbnail

CISA: Disconnect vulnerable Ivanti products TODAY

Malwarebytes

In an emergency directive , the Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti vulnerabilities actively exploited in massive numbers we wrote about on January 11, 2024, alerts sounded about two new high severity flaws on January 31, 2024.

article thumbnail

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a malware campaign that has infected at least 2,000 computers in the country with the PurpleFox malware (aka ‘ DirtyMoe ‘). “The Government Computer Emergency Response Team of Ukraine CERT-UA, guided by Clause 1 of Article 9 of the Law of Ukrai

Malware 141
article thumbnail

Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference?

Security Boulevard

Credential stuffing and harvesting, although similar, have nuanced differences particularly in how credentials are stolen, acquired and used. The post Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? appeared first on Security Boulevard.

Mobile 128
article thumbnail

Operation Synergia led to the arrest of 31 individuals

Security Affairs

An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. Operation Synergia was led by Interpol and ran from September to November 2023 involving law enforcement agencies from 50 countries. The international law enforcement operation was launched to curb the escalation and professionalisation of transnational cybercrime.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Graham Cluley

China-sponsored attacks likened to "placing bombs in water treatment facilities, and power plants". Is it just me, or does this sound like the plot of a Mission Impossible movie?

Hacking 126
article thumbnail

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

A former software engineer with the U.S. CIA has been sentenced to 40 years in prison for leaking classified documents. Former CIA employee Joshua Adam Schulte has been sentenced to 40 years in prison for passing classified documents to WikiLeaks and for possessing child pornographic material. “Damian Williams, the United States Attorney for the Southern District of New York; Matthew G.

article thumbnail

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. But that doesn’t just include thermostats, printers, and other connected devices that you have to protect — it now means electric cars, too. Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered.

Hacking 125
article thumbnail

Survey Surfaces Raft of Cloud Security Challenges

Security Boulevard

Most IT practitioners rely on legacy platforms and practices originally designed for on-premises IT to secure cloud computing environments. The post Survey Surfaces Raft of Cloud Security Challenges appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Interpol operation Synergia takes down 1,300 servers used for cybercrime

Bleeping Computer

An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. [.

article thumbnail

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

The Hacker News

Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities.

Software 111
article thumbnail

Lurie Children's Hospital took systems offline after cyberattack

Bleeping Computer

Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. [.

article thumbnail

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

The Hacker News

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Former Teacher Builds Success in BI and Beyond With CompTIA

CompTIA on Cybersecurity

An English teacher with a tech background shares how she transitioned to a cybersecurity career with CompTIA Security+.

article thumbnail

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

The Hacker News

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022.

article thumbnail

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people

Graham Cluley

Data and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach. Read more in my article on the Hot for Security blog.

article thumbnail

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

The Hacker News

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide.

Hacking 110
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Mastodon Alert: CVE-2024-23832 Unlocks Account Takeover Threat

Penetration Testing

A critical vulnerability in the decentralized social networking platform Mastodon could be exploited to impersonate and take over any remote account. Mastodon is a free, open-source social network server based on ActivityPub where users can... The post Mastodon Alert: CVE-2024-23832 Unlocks Account Takeover Threat appeared first on Penetration Testing.

article thumbnail

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

The Hacker News

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime.

article thumbnail

Microsoft Ditches C# for Rust: M365 Core Gets Safety and Perf Boosts

Security Boulevard

C# — Rust in peas: Microsoft 365 “Core Platform Substrate” gets rewrite in Rust language. The post Microsoft Ditches C# for Rust: M365 Core Gets Safety and Perf Boosts appeared first on Security Boulevard.

article thumbnail

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

AnyDesk’s Cybersecurity Breach: Unveiling the Recent Attack

Penetration Testing

AnyDesk, a widely used remote desktop software, recently announced a significant breach within its production environment. Despite the unsettling access gained by hackers, AnyDesk assured its user base that no authentication tokens were compromised,... The post AnyDesk’s Cybersecurity Breach: Unveiling the Recent Attack appeared first on Penetration Testing.

article thumbnail

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks.

DDOS 106
article thumbnail

Ransomware's Impact on the Healthcare Field and Patient Trust

SecureWorld News

Ransomware, as you know, is a big problem. In the last few years, this digital crime has largely harmed big organizations. But, ordinary people like us are now starting to take a lot more direct heat. For the last nine months, ordinary consumers, including parents and patients, have found themselves in the crosshairs of these cybercriminals. Let's paint a real-life picture here.

article thumbnail

Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security

The Hacker News

Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.