Wed.Mar 27, 2024

article thumbnail

Security Vulnerability in Saflokā€™s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

Internet 269
article thumbnail

Human by Default: The New Imperative in Trust and Technology

Jane Frankland

I’ve been thinking about what it means to be human in our rapidly evolving digital landscape, and how interactions once filled with personal nuances are now frequently handled by algorithms and artificial intelligence. And I can’t help but be concerned that technology, especially advancements in artificial intelligence, is not just reshaping our world; it’s actually reshaping our identity and the fabric of trust that binds us.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

VolWeb: A digital forensic memory analysis platform

Penetration Testing

VolWeb VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is... The post VolWeb: A digital forensic memory analysis platform appeared first on Penetration Testing.

article thumbnail

Revealed: Facebookā€™s ā€œIncredibly Aggressiveā€ Alleged Theft of Snapchat App Data

Security Boulevard

Meta MITM IAAP SSL bump: Zuck ordered ā€œProject Ghostbustersā€ā€”with criminal consequences, says class action lawsuit. The post Revealed: Facebookā€™s ā€œIncredibly Aggressiveā€ Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperā€™s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hiring Kit: Security Analyst

Tech Republic Security

In general, security analysts are tasked with identifying weaknesses in current security systems and developing solutions to close security vulnerabilities. To perform this task well, ideal candidates will have highly advanced technical skills, a proven ability to communicate with all levels of an organization and experience applying both skillsets to solve real problems.

128
128
article thumbnail

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Security Affairs

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims on its Tor leak site. The cybercrime group claims to have stolen three terabytes of data and is threatening to leak them.

More Trending

article thumbnail

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Security Affairs

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which were demonstrated during the Pwn2Own Vancouver 2024 hacking competition.

Hacking 131
article thumbnail

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Bleeping Computer

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [.

Spyware 127
article thumbnail

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 130
article thumbnail

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Bleeping Computer

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [.

Hacking 128
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youā€™ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The DDR Advantage: Real-Time Data Defense

Security Affairs

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense.

article thumbnail

Trezorā€™s Twitter account hijacked by cryptocurrency scammers via bogus Calendly invite

Graham Cluley

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

article thumbnail

New Darcula phishing service targets iPhone users via iMessage

Bleeping Computer

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [.

Phishing 124
article thumbnail

Securing the Future: Navigating the Complexities of Cloud Security

Security Boulevard

Cloud environments are complex, and can create a difficult territory for security and IT teams to monitor and comprehend. The post Securing the Future: Navigating the Complexities of Cloud Security appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatā€™s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

PCI DSS v4: Whatā€™s New with Self-Assessment Questionnaires

PCI perspectives

With the upcoming retirement of PCI DSS v3.2.1 on 31 March 2024 , organizations will be transitioning to new validation documents for their PCI DSS v4 assessments. In this Q&A with PCI Security Standards Councilā€™s Director of Data Security Standards Lauren Holloway, we look at some of the key changes in the PCI DSS Self-Assessment Questionnaires (SAQs) for version 4 and what organizations using SAQs need to know.

article thumbnail

Navigating the Complexities of Data Privacy: Balancing Innovation and Protection

Security Boulevard

As the digital landscape expands exponentially, so do efforts to safeguard personal data, notably through regulations and other actions. The post Navigating the Complexities of Data Privacy: Balancing Innovation and Protection appeared first on Security Boulevard.

article thumbnail

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.

article thumbnail

Disturbing robocaller fined $9.9 million

Malwarebytes

A federal court in Montana has fined a man $9.9 million after he was found responsible for causing thousands of unlawful and malicious spoofed robocalls. Sometimes there is good news. Well, for almost everybody except for the robocaller who was found guilty of unlawful robocalls to people in states including Florida, Georgia, Idaho, Iowa and Virginia in 2018.

Scams 117
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

The Hacker News

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment.

Banking 124
article thumbnail

Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication

Penetration Testing

Security researchers at SonicWall Capture Labs have discovered a cunning new Trojan written in the Golang programming language. This insidious malware employs a range of deceptive tactics, including geographical checks and the installation of... The post Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication appeared first on Penetration Testing.

article thumbnail

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

The Hacker News

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2).

Malware 122
article thumbnail

Protect Your Business With This Seamless Firewall ā€” Now $150 Off

Tech Republic Security

DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats.

Firewall 119
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Smashing Security podcast #365: Hacking hotels, Googleā€™s AI goof, and cyberflashing

Graham Cluley

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.

Scams 111
article thumbnail

Balancing agility and predictability to achieve major engineering breakthroughs

Cisco Security

In my last blog , I shared the progress weā€™re making toward building the Cisco Security Cloud , an open, integrated security platform capable of tackling the rigors of securing highly distributed, mā€¦ Read more on Cisco Blogs Security Cloud is the future for Cisco Security and our customers that requires the utmost in engineering agility from us

article thumbnail

CISA tags Microsoft SharePoint RCE bug as actively exploited

Bleeping Computer

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [.

107
107
article thumbnail

Ransomware hits The Big Issue. Qilin group leaks confidential data

Graham Cluley

The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable. Spost on Qilin's dark web leak site claimed the gang has stolen 550 GB of confidential data from the periodical's parent company. Read more in my article on the Hot for Security blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

CVE-2024-28085: Critical ā€˜WallEscapeā€™ Flaw Discovered in Linux Utilities Package ā€“ Passwords at Risk

Penetration Testing

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux. This package is a cornerstone of Linux operating systems, providing tools for fundamental tasks like managing... The post CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package ā€“ Passwords at Risk appeared first on Penetration Testing.

Passwords 104
article thumbnail

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

The Hacker News

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining.

article thumbnail

Meta to abandon social media tracking tool CrowdTangle

Malwarebytes

On 14 March, Meta announced it would abandon CrowdTangle , saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media activity around important elections. This makes the timing of the change a bit awkward to say the least.

Media 95
article thumbnail

Windows 11 22H2 Home and Pro get preview updates until June 26

Bleeping Computer

Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26. [.

100
100
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.