Schneier on Security

FEBRUARY 13, 2024

Molly White—of “ Web3 is Going Just Great ” fame— reviews Chris Dixon’s blockchain solutions book: Read Write Own : In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider” He describes one project that &

Internet 307

Internet Internet 307

Krebs on Security

FEBRUARY 13, 2024

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits.

Engineering 264

Engineering Internet Internet Software 264

Schneier on Security

FEBRUARY 13, 2024

The paperback version of A Hacker’s Mind has just been published. It’s the same book, only a cheaper format. But—and this is the real reason I am posting this—Amazon has significantly discounted the hardcover to $15 to get rid of its stock. This is much cheaper than I am selling it for, and cheaper even than the paperback. So if you’ve been waiting for a price drop, this is your chance.

221

221

Tech Republic Security

FEBRUARY 13, 2024

The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.

Cybersecurity 218

Cybersecurity 218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

FEBRUARY 13, 2024

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity.

Software 145

Software 145

Tech Republic Security

FEBRUARY 13, 2024

The mixed public and private consortium will focus on safety, standards and skills-building for AI generally and generative AI in particular.

Digital transformation 178

Digital transformation Artificial Intelligence 178

Tech Republic Security

FEBRUARY 13, 2024

RoboForm is a great solution for users who want a no-nonsense password manager with strong security and a straightforward user interface.

Password Management 148

Password Management Passwords 148

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [.

Malware 143

Malware 143

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. Hipocrate Information System (HIS) is a software suite designed to manage the medical and administrative activities of hospitals and other healthcare institutions.

Ransomware 143

Ransomware Backups Encryption Healthcare 143

The Hacker News

FEBRUARY 13, 2024

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.

Malware 141

Malware Marketing Internet Internet 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 13, 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). The bank has sent notification letters to 57,000 customers, informing them that their personal information has been compromised Infosys disclosed the security breach on November 3, 2023, in a filing with SEC the compa

Data breaches 142

Data breaches Banking Identity Theft Ransomware 142

The Hacker News

FEBRUARY 13, 2024

The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution.

Malware 139

Malware 139

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. A comprehensive report delving into the intricate landscape of ransomware threats during the last four months of 2023 is out, with a meticulous focus on the monitoring activities conducted by the OSINT Ransomfeed platform ( www.ransomfeed.it ).

Ransomware 139

Ransomware Data collection Hacking Accountability 139

Digital Shadows

FEBRUARY 13, 2024

ReliaQuest has detected a variant of the SocGholish malware that uses Python instead of PowerShell for persistence, signaling an evolution in the TTPs of threat actors utilizing this malware.

Malware 138

Malware 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 13, 2024

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware.

Firmware 138

Firmware Malware 138

Bleeping Computer

FEBRUARY 13, 2024

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. [.

Hacking 136

Hacking Mobile 136

Malwarebytes

FEBRUARY 13, 2024

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.

Phishing 135

Phishing Software Scams Banking 135

The Hacker News

FEBRUARY 13, 2024

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy.

Cybersecurity 129

Cybersecurity Phishing 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

FEBRUARY 13, 2024

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware. The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), enabled cybercriminals to browse victims’ file systems, take screenshots, record keystrokes, steal victims’ usernames and passwords, and watch victims thr

Social Engineering 135

Social Engineering Internet Internet Malware 135

Security Boulevard

FEBRUARY 13, 2024

Forget AI. The most immediate and threatening cybersecurity challenge is visibility into an organization’s encrypted cloud traffic. The post You Can’t Stop What You Can’t See: Addressing Encrypted Cloud Traffic appeared first on Security Boulevard.

Encryption 128

Encryption Cybersecurity Malware Network Security 128

Malwarebytes

FEBRUARY 13, 2024

The Cybersecurity & Infrastructure Security Agency (CISA) has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by March 4, 2024, in order to protect their devices against active threats.

Internet 134

Internet Internet Cybersecurity Risk 134

Security Boulevard

FEBRUARY 13, 2024

The 2023 ransomware attack report summarizes the major changes we saw in ransomware trends and tactics by geography, sector and variant. The post 2023 Ransomware Attack Report appeared first on Security Boulevard.

Ransomware 126

Ransomware 126

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

FEBRUARY 13, 2024

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.

Phishing 125

Phishing Software Scams Banking 125

Security Boulevard

FEBRUARY 13, 2024

Hackers are increasingly deploying “ultra-evasive, highly aggressive” malware with the ability to find and shut down enterprise security tools in compromised systems, allowing the bad actor to go undetected longer, according to researchers with Picus Security. In its Picus Red Report 2024, the security validation firm said there was a 333% year-over-year increase in such.

Malware 124

Malware Ransomware Cybersecurity Network Security 124

Bleeping Computer

FEBRUARY 13, 2024

Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [.

123

123

We Live Security

FEBRUARY 13, 2024

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

118

118

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [.

Software 118

Software 118

Security Boulevard

FEBRUARY 13, 2024

FCC FAIL: While Rome burns, Federal Communications Commission is once again behind the curve. The post ‘Incompetent’ FCC Fiddles With Data Breach Rules appeared first on Security Boulevard.

Data breaches 114

Data breaches Data privacy CISO Security Awareness 114

SecureWorld News

FEBRUARY 13, 2024

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. Technologies that synthesize realistic fake media, known as deepfakes, are among the newest tools being deployed to enable fraud. A finance clerk working at a Hong Kong branch of a large multinational corporation recently fell victim to an elaborate scam utilizing deepfake technology to impersonate senior executives and swindle more than $

Scams 113

Scams Artificial Intelligence Social Engineering Media 113

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). [.

Marketing 112

Marketing 112

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity