Mon.Dec 04, 2023

article thumbnail

AI and Trust

Schneier on Security

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew.

article thumbnail

IT Professionals in ASEAN Confronting Rising Cyber Security Risks

Tech Republic Security

The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.

Risk 205
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

Kali Linux

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.

article thumbnail

Google Workspace Marketplace: 4 Tips for Choosing the Best Apps

Tech Republic Security

An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.

Mobile 178
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Inside America's School Internet Censorship Machine

WIRED Threat Level

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

Internet 145
article thumbnail

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Security Affairs

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other malware for initial access after the takedown of the Qakbot infrastructure.

More Trending

article thumbnail

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks.

article thumbnail

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

Malwarebytes

In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission (SEC) has provided some more insight into the data theft. The filed amendment supplements the original Form 8-K submitted by 23andMe.

Passwords 139
article thumbnail

US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families

WIRED Threat Level

Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.

article thumbnail

New P2PInfect bot targets routers and IoT devices

Security Affairs

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.

IoT 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Fake WordPress security advisory pushes backdoor plugin

Bleeping Computer

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.

135
135
article thumbnail

Supply-chain ransomware attack causes outages at over 60 credit unions

Graham Cluley

Ransomware hits firm that providing cloud services to credit unions in order ensure that their business activities could "operate without interruption, even when nothing else seems to be going well." Read more in my article on the Tripwire State of Security blog.

article thumbnail

Kaspersky Security Bulletin 2023. Statistics

SecureList

All statistics in this report come from the Kaspersky Security Network (KSN) global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity.

Banking 133
article thumbnail

The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog

Security Boulevard

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

A week in security (November 27 – December 3)

Malwarebytes

Last week on Malwarebytes Labs: Explained: Domain fronting Will ChatGPT write ransomware? Yes. Associated Press, ESPN, CBS among top sites serving fake virus alerts Meta sued over forcing users to pay to stop tracking Update now! Chrome fixes actively exploited zero-day vulnerability Many major websites allow users to have weak passwords Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive ownCloud vulnerability can be used to extract admin passwords Stay safe!

Passwords 123
article thumbnail

December Android updates fix critical zero-click RCE flaw

Bleeping Computer

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [.

121
121
article thumbnail

Beware of Expired or Compromised Code Signing Certificates

Security Boulevard

Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering user confidence and trust. One of the vital security measures taken in this direction is the use of code signing certificates to prove […] The post Beware of Expired or Compromised Code Signing Certificates appeared first on Security Boulevard.

Software 117
article thumbnail

Russian hackers exploiting Outlook bug to hijack Exchange accounts

Bleeping Computer

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24

Malwarebytes

This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonight’s homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little tattle-tales. In November, the ransomware gang ALPHV, which also goes by the name Black Cat, notified the US Securities and Exchange Commission about the Costa Mesa-based software company Meridi

article thumbnail

NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems

NSTIC

5G will eventually impact every single industry—from healthcare to financial to even agriculture and transportation.and its impact is only increasing over time. Despite its benefits, it comes with privacy and security risks. An increasing number of interconnected devices increases the attack surface. In addition, there are also increased supply chain vulnerabilities and network visibility issues (companies may have issues identifying attacks since there may be a lot of new web traffic from mobil

article thumbnail

CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz

Penetration Testing

Apache OFBiz is a popular open-source enterprise resource planning (ERP) software that provides a comprehensive suite of business applications for various industries. Recently, a critical vulnerability, designated as CVE-2023-49070, has been discovered in Apache... The post CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz appeared first on Penetration Testing.

article thumbnail

Microsoft fixes Outlook Desktop crashes when sending emails

Bleeping Computer

Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

metahub: open-source security tool for context-based security vulnerability management

Penetration Testing

MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on... The post metahub: open-source security tool for context-based security vulnerability management appeared first on Penetration Testing.

article thumbnail

Building a Collaborative Approach to Secure the Connected World

Security Boulevard

The expanding IoT landscape demands a collaborative approach to PKI, ensuring seamless security across diverse domains. The post Building a Collaborative Approach to Secure the Connected World appeared first on Security Boulevard.

IoT 110
article thumbnail

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

The Hacker News

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers.

article thumbnail

What Are Privileged Accounts? Common Types & Security Risks

Digital Guardian

In cybersecurity, privilege refers to the authority that certain accounts have; what they can and can't perform. When it comes to privileged accounts, there's a handful of different types, and with them, no shortage of challenges for managing and securing them.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

The Hacker News

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.

107
107
article thumbnail

Fidelity National Financial Cyber Attack Disrupts Real Estate Services

SecureWorld News

Fidelity National Financial (FNF), one of the largest title insurance providers in the United States, announced on November 21 that it fell victim to a sophisticated cyberattack. The incident caused widespread disruptions to FNF's operations, affecting title insurance, escrow, and other title-related services, as well as mortgage transactions and technology for the real estate and mortgage industries.

article thumbnail

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

The Hacker News

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications.

Risk 107
article thumbnail

Open Source Vulnerability Management Recommendations for 2024

Veracode Security

Stepping in 2024, the dynamics of open source vulnerability management are shifting. Rapid changes to software development demand a more nuanced approach to open source security from practitioners. From redefining risk to the cautious integration of auto-remediation, here are the pivotal recommendations for successful open source vulnerability management in 2024 and beyond. 1.

Software 104
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.