Wed.Mar 20, 2024

article thumbnail

Cheating Automatic Toll Booths by Obscuring License Plates

Schneier on Security

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

306
306
article thumbnail

6 Best Multi-Factor Authentication (MFA) Solutions for 2024

Tech Republic Security

Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

The Hacker News

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Risk 145
article thumbnail

Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security

Tech Republic Security

Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.

Phishing 173
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Some of the Most Popular Websites Share Your Data With Over 1,500 Companies

WIRED Threat Level

Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online.

144
144
article thumbnail

The ‘AT&T breach’—what you need to know

Malwarebytes

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

More Trending

article thumbnail

New Windows Server updates cause domain controller crashes, reboots

Bleeping Computer

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [.

141
141
article thumbnail

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

The Hacker News

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.

article thumbnail

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Security Affairs

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server. “This org.postgresql:postgresql Dependency

Hacking 141
article thumbnail

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

The Hacker News

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.

142
142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems.

Malware 141
article thumbnail

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

The Hacker News

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6.

article thumbnail

Glassdoor Wants to Know Your Real Name

WIRED Threat Level

Anonymous, candid reviews made Glassdoor a powerful place to research potential employers. A policy shift requiring users to privately verify their real names is raising privacy concerns.

Media 138
article thumbnail

Pokemon Company resets some users’ passwords

Security Affairs

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks. Credential stuffing is an attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the

Passwords 137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Android malware, Android malware and more Android malware

SecureList

Introduction Malware for mobile devices is something we come across very often. In 2023 , our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation , targeting iOS, but that was rather a unique case. Among the mobile platforms, Android remains the most popular target operating system for cybercriminals.

Malware 131
article thumbnail

Rescoms rides waves of AceCryptor spam

We Live Security

ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries

129
129
article thumbnail

Here's why Twitter sends you to a different site than what you clicked

Bleeping Computer

Users of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination but instead takes you to a Telegram account. [.

Media 128
article thumbnail

Generative AI Security - Secure Your Business in a World Powered by LLMs

The Hacker News

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration.

Internet 115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New ‘Loop DoS’ attack may impact up to 300,000 online systems

Bleeping Computer

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. [.

126
126
article thumbnail

LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

Security Boulevard

Congressional bi-partisanship these day seems nigh impossible. Related: Rising tensions spell need for tighter cybersecurity Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance … (more…) The post LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

article thumbnail

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

Bleeping Computer

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [.

Software 121
article thumbnail

Gotta Hack ‘Em All: Pokémon passwords reset after attack

Graham Cluley

Are you using the same passwords in multiple places online? Well, stop. Stop right now. And make sure that you've told your friends and family to stop being reckless too. Read more in my article on the Hot for Security blog.

Passwords 110
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal

Bleeping Computer

The makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. [.

article thumbnail

Fraudsters are posing as the FTC to scam consumers

Graham Cluley

The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be. FTC staff. Read more in my article on the Tripwire State of Security blog.

Scams 105
article thumbnail

The Evolving Role of Cyber Insurance in Mitigating Ransomware Attacks

SecureWorld News

Ransomware attacks have become a significant threat to organizations of all kinds worldwide, with attackers encrypting data and demanding payment for its release. The consequences of these kinds of attacks can be quite severe, with effects ranging from operational disruption to substantial financial losses and reputational damage. In this regard, many have touted cyber insurance as the knight in shining armor, the end all-be all in terms of mitigating criminals' assaults on your network.

article thumbnail

Smashing Security podcast #364: Bing pop-up wars, and the British Library ransomware scandal

Graham Cluley

There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Spa Grand Prix email account hacked to phish banking info from fans

Bleeping Computer

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [.

Banking 99
article thumbnail

Critical TeamCity Flaws Exploited: Ransomware, Cryptominers, and More Target Businesses

Penetration Testing

A wave of cyberattacks is crashing down on organizations using the TeamCity CI/CD platform, exploiting recently disclosed vulnerabilities that allow hackers to seize control of servers. The Trend Micro cybersecurity team has uncovered a... The post Critical TeamCity Flaws Exploited: Ransomware, Cryptominers, and More Target Businesses appeared first on Penetration Testing.

article thumbnail

Ivanti fixes critical Standalone Sentry bug reported by NATO

Bleeping Computer

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. [.

97
article thumbnail

Cisco and Nvidia: Redefining Workload Security

Cisco Security

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs Discover the powerful partnership between Cisco and Nvidia, offering an AI-driven enterprise security solution with Cisco Secure Workload 3.9 and Nvidia Bluefield DPUs.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.