Thu.Dec 07, 2023

article thumbnail

Spying through Push Notifications

Schneier on Security

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed

article thumbnail

Weekly Update 377

Troy Hunt

10 years later. 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with absolutely no expectations of anything, and now it's, well, massive! I'm a bit lost for words if I'm honest, I hope the chat with Charlotte adds some candour to this week's update, she's seen this thing grow since before its first birthday, through the hardest times and the best times and now lives and breathes HIBP day in day out with me.

Malware 277
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Tech Republic Security

AMI, Insyde and Lenovo have released patches for LogoFAIL, an image library poisoning attack. Learn more about LogoFAIL.

article thumbnail

US government is snooping on people via phone push notifications, says senator

Malwarebytes

Many people don’t realize that the instant alert push notifications you get on your phone are routed through Google or Apple’s servers, depending on which device you use. So if you have an iPhone or iPad, any push notifications can be seen by Apple, and if you use an Android, they can be seen by Google. But, it seems, it’s not just Apple and Google who can view them.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Norton Secure VPN Review (2023): Pricing, Features & Security

Tech Republic Security

Norton VPN’s small server network and lack of notable features make it hard to recommend over other available VPNs today. Read our full review to learn more.

VPN 166
article thumbnail

End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

WIRED Threat Level

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

More Trending

article thumbnail

Android phones can be taken over remotely – update when you can

Malwarebytes

Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.” The most severe of these flaws is a vulnerability in the System component that could lead to remote code execution (RCE) without any additional execution

Risk 145
article thumbnail

Incident Reporting and Response Procedures Policy

Tech Republic Security

The purpose of the Incident Reporting and Response Procedures Policy from TechRepublic Premium is to establish a clear and efficient process for employees to report security breaches, device loss, or data exposure incidents involving personal devices used for work purposes. From the policy: CONFIDENTIAL REPORTING Employees are strongly encouraged to promptly report incidents, and they.

142
142
article thumbnail

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

Russia-linked group APT28 exploited Microsoft Outlook zero-day to target European NATO members, including a NATO Rapid Deployable Corps. Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members.

article thumbnail

State of Log4j Vulnerabilities: How Much Did Log4Shell Change?

Veracode Security

December 9 marks two years since the world went on high alert because of what was deemed one of the most critical zero-day vulnerabilities ever: Log4Shell. The vulnerability that carried the highest possible severity rating (10.0) was in Apache Log4j, an ubiquitous Java logging framework that Veracode estimated at the time was used in 88 percent of organizations.

138
138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Krasue Linux RAT targets telecom companies in Thailand

Security Affairs

A previously undetected Linux RAT dubbed Krasue has been observed targeting telecom companies in Thailand. Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand. The Krasue Remote Access Trojan (RAT) has remained undetected since at least 2021 when it was registered on Virustotal.

Malware 139
article thumbnail

Elijah Wood and Mike Tyson Cameo Videos Were Used in a Russian Disinformation Campaign

WIRED Threat Level

Videos featuring Elijah Wood, Mike Tyson, and Priscilla Presley have been edited to push anti-Ukraine disinformation, according to Microsoft researchers.

137
137
article thumbnail

To tap or not to tap: Are NFC payments safer?

We Live Security

NFC chips have enabled us to pay in a more convenient way, but there are several flaws which can make the experience less secure. However, despite this, thanks to NFC phone payments, these security flaws can be ameliorated in some ways, like with biometric verification.

article thumbnail

News alert: Reflectiz adds AI-powered capabilities to its Smart Alerting web threat management system

The Last Watchdog

Tel Aviv, Israel, Dec. 7, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new AI-powered capability enhancing its Smart Alerting system. The new AI-powered insights enhances the Reflectiz Smart Alerting system by integrating AI LLM technology on top of its traditional alerting tool for cross-checking the validity of the alert with Reflectiz’s extensive databases.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

BlackSuit ransomware – what you need to know

Graham Cluley

A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia. And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Learn more about the BlackSuit ransomware in my article on the Tripwire State of Security blog.

article thumbnail

Concerned About Business Email Compromise? 4 Technologies That Can Help

Security Boulevard

Understanding the scope and impact of BEC is critical for any business that wants to protect itself from this insidious threat. The post Concerned About Business Email Compromise? 4 Technologies That Can Help appeared first on Security Boulevard.

article thumbnail

PSD2 to PSD3: Shaping the Future of European Payments

GlobalSign

In this blog, we shall discuss PSD2 and PSD3 and how the development will fortify the European financial sector.

119
119
article thumbnail

CISA to Developers: Adopt Memory Safe Programming Languages

Security Boulevard

Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United States and other countries. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released a report outlining steps software developers can take.

Software 124
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Finally! Facebook and Messenger are getting default end-to-end encryption. And not everyone is happy…

Graham Cluley

Meta's Head of Messenger announced that the company has begun to roll out end-to-end encryption (E2EE) for personal chats and calls. Read more in my article on the Hot for Security blog.

article thumbnail

Navigating Public Company Cybersecurity Disclosures

Security Boulevard

Transparency in the disclosure of cybersecurity incidents for public companies is no longer good practice – it’s now a regulatory necessity. The imminent requirement for public companies to disclose current material cybersecurity incidents is set to reshape the disclosure landscape for public companies. It brings forth a myriad of considerations that Chief Information Security Officers […] The post Navigating Public Company Cybersecurity Disclosures appeared first on Symmetry Systems.

article thumbnail

Meta rolls out default end-to-end encryption on Messenger, Facebook

Bleeping Computer

Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform. [.

article thumbnail

Developers behaving badly: Why holistic AppSec is key

Security Boulevard

A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion of low-code/no-code development and economic headwinds that are pressuring developers to deliver features with less support, and the AppSec world is in for a perfect storm in 2024.

Software 115
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

error

SiteLock

Request failed with status code 403

112
112
article thumbnail

In Pursuit of a Passwordless Future

Security Boulevard

The passwordless future feels close because we have the technology to do it, but progress will be slow as applications are migrated to adopt passwordless authentication. The post In Pursuit of a Passwordless Future appeared first on Security Boulevard.

article thumbnail

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

The Hacker News

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.

article thumbnail

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. This guide will provide a high level overview of encryption and how it fits into IT through the following topics: How Encryption Works To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

The Hacker News

Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers.

Hacking 110
article thumbnail

CVE-2023-50164: Apache Struts Remote Code Execution Vulnerability

Penetration Testing

In the realm of Java web application development, Apache Struts stands as a paragon of efficiency and modern design. This free, open-source Model-View-Controller (MVC) framework has empowered developers to create elegant web applications with... The post CVE-2023-50164: Apache Struts Remote Code Execution Vulnerability appeared first on Penetration Testing.

article thumbnail

23andMe Data Breach Impacts Nearly 7 Million Users

SecureWorld News

New revelations have shed light on the extensive fallout of the 23andMe data breach, which exposed the personal information of a staggering 6.9 million users. This significant update comes almost two months after the genetic testing company initially reported a breach affecting 14,000 individuals. The SEC filing accompanying these recent developments reveals critical information about the breach's scope, underlining the severity of the situation.

article thumbnail

Governments May Spy on You by Requesting Push Notifications from Apple and Google

The Hacker News

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.