Schneier on Security

NOVEMBER 22, 2023

Signal has had the ability to manually authenticate another account for years. iMessage is getting it : The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they are. (SMS conversations lack any reliable method for verification­—sorry, green-bubble friends.

Authentication 295

Authentication Encryption Accountability 295

Tech Republic Security

NOVEMBER 22, 2023

Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.

Cyber threats 196

Cyber threats Data breaches Phishing Ransomware 196

The Hacker News

NOVEMBER 22, 2023

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.

Authentication 141

Authentication Software 141

Tech Republic Security

NOVEMBER 22, 2023

It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options.

Authentication 190

Authentication Network Security 190

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

NOVEMBER 22, 2023

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. [.

Authentication 140

Authentication 140

Tech Republic Security

NOVEMBER 22, 2023

Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google's Chrome and Apple’s Safari.

Malware 189

Malware Advertising Cybersecurity 189

Security Affairs

NOVEMBER 22, 2023

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data. SiegedSec hacktivists group claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. SiegedSec is a threat actor that last year carried out multiple attacks against U.S. organizations, especially U.S. municipalities.

Hacking 134

Hacking Data breaches Information Security 134

Malwarebytes

NOVEMBER 22, 2023

Question: Who said the sentence below? “Privacy is at the heart of everything we do.” Answer: Sundar Pichai , the CEO of Alphabet and its largest subsidiary Google. And if you look at the recent actions Google has announced, you’d be tempted to take his word for it: An initiative to let Chrome hide your IP address. Strengthening the safeguard measures for Google Workspace customers.

Identity Theft 130

Identity Theft Consumer Protection Surveillance Data privacy 130

Bleeping Computer

NOVEMBER 22, 2023

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. [.

Malware 128

Malware 128

Security Affairs

NOVEMBER 22, 2023

Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices. Akamai discovered a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022.

DDOS 136

DDOS Wireless Security Intelligence Authentication 136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

NOVEMBER 22, 2023

North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42.

Malware 127

Malware 127

We Live Security

NOVEMBER 22, 2023

AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.

Passwords 131

Passwords Risk 131

The Hacker News

NOVEMBER 22, 2023

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures.

CISO 125

CISO Cybersecurity 125

Digital Shadows

NOVEMBER 22, 2023

ReliaQuest recently detected an intrusion by the Scattered Spider cybercrime group. Inside, we map the attack and the TTPs involved and provide recommendations.

Cybercrime 127

Cybercrime 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

SecureList

NOVEMBER 22, 2023

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between these separate occurrences of malicious activity.

Malware 120

Malware Government Technology 120

Security Boulevard

NOVEMBER 22, 2023

Microsoft over the past decade has doled out more than $60 million rewards to researchers who have found various security flaws in its software and is now ready to pay out some more. The IT and cloud services giant this week noted the 10-year anniversary of a bug program that initially focused on vulnerabilities in. The post 10 Years On, Microsoft’s Bug Bounty Program Has Paid Out $60 Million appeared first on Security Boulevard.

Software 116

Software Ransomware Malware Cybersecurity 116

Bleeping Computer

NOVEMBER 22, 2023

Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [.

Malware 116

Malware Hacking Software 116

Identity IQ

NOVEMBER 22, 2023

How to Help Avoid Holiday Scams This Season IdentityIQ Scammers take advantage of those who want to give during the holiday season, warns Credit & Debt CEO Jeff Mandel in an interview with LiveNOW from Fox. Credit & Debt is a financial planning brand under parent company IDIQ , which offers industry-leading identity theft protection and credit monitoring products through their IdentityIQ and MyScoreIQ brands.

Scams 116

Scams Identity Theft Media Phishing 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

NOVEMBER 22, 2023

The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.

Ransomware 117

Ransomware 117

Security Boulevard

NOVEMBER 22, 2023

Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service (DDoS) attack was the cause of the online service outage. DDoS attacks on healthcare providers’ systems can be life-threatening.

Healthcare 111

Healthcare DDOS Internet Internet 111

Security Affairs

NOVEMBER 22, 2023

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-4911 (CVSS score 7.8), aka Looney Tunables , is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.

Cryptocurrency 131

Cryptocurrency Hacking Risk Cybersecurity 131

Bleeping Computer

NOVEMBER 22, 2023

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. [.

Data breaches 109

Data breaches Healthcare Hacking 109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

GlobalSign

NOVEMBER 22, 2023

DevOps teams can no longer treat security as an afterthought, but reprioritizing is a huge task. Learn the best practices for prioritizing security.

119

119

Security Affairs

NOVEMBER 22, 2023

Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is providing additional measures to admins who are patching their NetScaler appliances against the CVE-2023-4966 ‘ Citrix Bleed ‘ vulnerability. The company is urging admins to drop all active user sessions and terminate all persistent ones. “If you are using any of the affected builds listed in the security bulletin , you should upg

Authentication 128

Authentication Hacking Government Cybersecurity 128

Malwarebytes

NOVEMBER 22, 2023

At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too. Here are the innovations we’ve made in our products recently. Are you making the most of them? Malwarebytes Premium Windows Tamper / Uninstall Protection.

Identity Theft 107

Identity Theft Insurance VPN Mobile 107

eSecurity Planet

NOVEMBER 22, 2023

Cloud configuration management runs and regulates cloud configuration settings, parameters, and policies to streamline cloud services and assure security. This includes maintaining changes in virtual machines, storage resources, networks, and applications. Configuration management guarantees that enterprises maintain security and compliance while streamlining operations via automation and centralized control of their whole infrastructure environment.

Backups 104

Backups Risk Encryption Technology 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

NOVEMBER 22, 2023

Security researchers have disclosed technical details for a Visual Studio Code remote code execution vulnerability (CVE-2023-36742, CVSS score of 7.8) and a public proof-of-concept (PoC) exploit. The flaw resides in VS Code versions 1.82.0... The post PoC Exploit Published for Visual Studio Code RCE Vulnerability (CVE-2023-36742) appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

eSecurity Planet

NOVEMBER 22, 2023

Cloud security protects your critical information from unwanted access and potential threats through sophisticated procedures. It’s critical in protecting your precious data while it travels to and sits in a remote storage location. Prioritizing cloud security helps guarantee that you have a safe, reliable resource for your data in today’s linked world.

Backups 100

Backups Encryption Firewall Risk 100

Dark Reading

NOVEMBER 22, 2023

As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.

Risk 106

Risk Cybersecurity 106

Bleeping Computer

NOVEMBER 22, 2023

The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. [.

Cybersecurity 97

Cybersecurity 97

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government