Fri.Nov 10, 2023

article thumbnail

The Privacy Disaster of Modern Smart Cars

Schneier on Security

Article based on a Mozilla report.

305
305
article thumbnail

Microsoft and SysAid Find Clop Malware Vulnerability

Tech Republic Security

SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.

Malware 172
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

YouTube shows ads for ad blocker, financial scams

Malwarebytes

After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, we look at a couple of examples that erode our trust in online ads.

Scams 145
article thumbnail

GitHub Universe: Open Source Trends Report and New AI Security Products

Tech Republic Security

GitHub Advanced Security gains some AI features, and GitHub Copilot now includes a chatbot option. Github Copilot Enterprise is expected in February 2024.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

After ChatGPT, Anonymous Sudan took down the Cloudflare website with a distributed denial-of-service (DDoS) attack. The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. Cloudflare confirmed that a DDoS attack took down its website for a few minutes and ponited out that it did not impact other products or services. “ To be clear, there was no Cloudflare breach.

DDOS 143
article thumbnail

How to Use a VPN: 4 Easy Steps to Get Started

Tech Republic Security

Learn how to set up and use a VPN with just four easy steps. This step-by-step guide takes you through how you can secure your connection and online data.

VPN 152

More Trending

article thumbnail

Is a VPN Worth It? Benefits and Choosing the Best VPN

Tech Republic Security

Is a VPN worth it? Learn about the benefits of using a VPN and how to choose the right one for your business needs.

VPN 146
article thumbnail

McLaren Health Care revealed that a data breach impacted 2.2 million people

Security Affairs

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals. McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people. McLaren Health Care is a nonprofit health care organization based in Grand Blanc, Michigan, USA.

article thumbnail

World’s biggest bank hit by ransomware, forced to trade via USB stick

Graham Cluley

The US trading arm of the Industrial and Commercial Bank of China (ICBC) has been hit by a ransomware attack that reportedly forced it to handle trades via messengers carrying USB thumb drives across Manhattan. Read more in my article on the Hot for Security blog.

Banking 135
article thumbnail

SysAid zero-day exploited by Clop ransomware group

Security Affairs

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group. Microsoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246 , in the SysAid IT support software in limited attacks. The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest ).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ducktail fashion week

SecureList

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. WithSecure and GridinSoft have covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies’ and brands’ projects and products. Both public reports attribute the Ducktail attacks to a group that presumably hails from Vietnam.

Malware 131
article thumbnail

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Security Affairs

The Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted trades in the US Treasury market. The Industrial and Commercial Bank of China (ICBC) announced it has contained a ransomware attack that disrupted the U.S. Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets Association first told members on Wednesday that ICBC Financial Services had been hit by ransomware software, which paralys

Banking 132
article thumbnail

Cybersecurity Workforce Facing Critical Shortfall, AI Adoption Could Help

Security Boulevard

The global cybersecurity workforce gap has increased, and most cybersecurity pros said they had skills gaps in their organization. The post Cybersecurity Workforce Facing Critical Shortfall, AI Adoption Could Help appeared first on Security Boulevard.

article thumbnail

Cyber threat intelligence: Getting on the front foot against adversaries

We Live Security

By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers breach healthcare orgs via ScreenConnect remote access

Bleeping Computer

Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. [.

article thumbnail

Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes

The Hacker News

The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google's Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS).

article thumbnail

Microsoft extends Windows Server 2012 ESUs to October 2026

Bleeping Computer

Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing administrators more time to upgrade or migrate to Azure. [.

122
122
article thumbnail

The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure

WIRED Threat Level

US government officials continue to warn that the public and private sectors need to identify and root out China-backed attackers lurking in industrial control systems.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers

The Hacker News

Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server.

Malware 120
article thumbnail

OpenAI: DDoS Attack the Cause of ChatGPT Outages

Security Boulevard

The outages that dogged OpenAI’s popular ChatGPT generative AI chatbot this week were caused by a distributed denial-of-service attack that has since been resolved, according to the company. The AI tech vendor reported a major outage across ChatGPT and its API Wednesday and then periodic outages on Thursday, attributing both incidents to a DDoS attack.

DDOS 119
article thumbnail

Intel Faces 'Downfall' Bug Lawsuit, Seeking $10K per Plaintiff

Dark Reading

A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.

115
115
article thumbnail

Senate Leaders Plan to Prolong NSA Surveillance Using a Must-Pass Bill

WIRED Threat Level

Top senate officials are planning to save the Section 702 surveillance program by attaching it to a crucial piece of legislation. Critics worry a chance to pass privacy reforms will be missed.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks

Dark Reading

ChatGPT and the associated APIs have been affected by regular outages, citing DDoS attacks as the reason — the Anonymous Sudan group claimed responsibility.

DDOS 110
article thumbnail

Maine govt notifies 1.3 million people of MOVEit data breach

Bleeping Computer

The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population. [.

article thumbnail

'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank

Dark Reading

Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.

Banking 104
article thumbnail

Duo’s Proud to Announce 2023 Top-Rated Award by TrustRadius

Duo's Security Blog

At Duo, we are committed to providing strong security and empowering users to easily access the resources they need to do their jobs. With a score of 9.3/10 and over 250 reviews, Duo is honored to share that we won the 2023 TrustRadius Top Rated Award for Authentication. Duo’s Multi-Factor Authentication solution combines multiple authentication factors to provide simple ways to protect users.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Leaky DICOM Medical Standard Exposes Millions of Patient Records

Dark Reading

A 30-year-old, rarely updated protocol for medical devices has exposed reams of highly personal data, thanks to a lack of proper security throughout owner environments.

102
102
article thumbnail

McLaren Health Care says data breach impacted 2.2 million people

Bleeping Computer

McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information. [.

article thumbnail

Navigating Tech Risks in Modern M&A Waters

Dark Reading

Executives must rise to the challenge and take immediate action to grasp the intricacies of data, technology, and infrastructure within M&A.

Risk 100
article thumbnail

Mortgage giant Mr. Cooper says customer data exposed in breach

Bleeping Computer

Mr. Cooper, the largest home loan servicer in the United States, says it found evidence of customer data exposed during a cyberattack disclosed last week, on October 31. [.

101
101
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.