Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and

Hacking 306

Hacking Accountability Passwords Cybersecurity 306

Troy Hunt

JANUARY 29, 2024

I've always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they've collected over time and by virtue of existing in the same social circles, trades are frequent, and cards flow back and forth on a regular basis.

Data breaches 288

Data breaches Passwords Advertising Personal Security 288

Tech Republic Security

JANUARY 29, 2024

New research details the possible effects of ransomware attacks on businesses and staff, society, the economy and national security, highlighting that its impact on mental and physical health is often overlooked.

Ransomware 207

Ransomware Big data Encryption Cybersecurity 207

Security Affairs

JANUARY 29, 2024

Researchers discovered that Mercedes-Benz accidentally left a private key online exposing internal data, including the company’s source code. RedHunt Labs researchers discovered that Mercedes-Benz unintentionally left a private key accessible online, thereby exposing internal data, including the company’s source code. It’s unclear if the data leak exposed customer data, RedHunt Labs shared its findings with TechCrunch and with the help of the media outlet notified the car maker.

Media 145

Media Authentication Passwords Internet 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JANUARY 29, 2024

The EU says the DMA keeps markets fair and open; Apple says the DMA introduces security problems. Apple is leveling fees against independent app stores.

Marketing 197

Marketing Software Mobile 197

Penetration Testing

JANUARY 29, 2024

FFmpeg, a widely used open-source project for handling multimedia files, has recently been spotlighted for its vulnerabilities. Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing 143

Security Affairs

JANUARY 29, 2024

The U.S. National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. U.S. Senator Ron Wyden, D-Ore., released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. The data acquired by the intelligence agency can reveal the websites visited by the US citizens and what apps they use.

Internet 143

Internet Internet Surveillance Government 143

Tech Republic Security

JANUARY 29, 2024

Learn how to set up, manage passwords, and enhance your online security with McAfee True Key with this complete beginner's guide.

Passwords 168

Passwords Password Management 168

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords. NTLMv2, which stands for NT LAN Manager version 2, is an authentication protocol used in Microsoft Windows networks.

Passwords 141

Passwords Authentication Hacking Accountability 141

Bleeping Computer

JANUARY 29, 2024

Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days. [.

140

140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JANUARY 29, 2024

Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia. The news was first reported by The Record Media.

Surveillance 141

Surveillance DDOS Mobile Hacking 141

WIRED Threat Level

JANUARY 29, 2024

Members of Congress say the DOJ is funding the use of AI tools that further discriminatory policing practices. They're demanding higher standards for federal grants.

Artificial Intelligence 139

Artificial Intelligence 139

Bleeping Computer

JANUARY 29, 2024

Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. [.

Ransomware 130

Ransomware 130

Security Boulevard

JANUARY 29, 2024

The indictment of the SolarWinds CISO by the SEC served as a harsh wake-up call to the corporate world. The post What the Charges Against the SolarWinds CISO Mean for Security in 2024 appeared first on Security Boulevard.

CISO 130

CISO Security Awareness Risk Government 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Duo's Security Blog

JANUARY 29, 2024

As a new semester begins, we at Cisco Duo want to share some findings and trends pertaining to threat activity we have seen across higher education customers. We will outline the trends and attack patterns that are the most prevalent and discuss how to configure Duo policies to best protect your users. What happened? In analyzing de-identified customer data over the latter half of 2023, we found a pattern of threat activity targeting multiple universities using shared attack infrastructure.

Education 129

Education Authentication Passwords Phishing 129

Bleeping Computer

JANUARY 29, 2024

Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. [.

Accountability 129

Accountability 129

Malwarebytes

JANUARY 29, 2024

This week on the Lock and Code podcast… If the internet helped create the era of mass surveillance, then artificial intelligence will bring about an era of mass spying. That’s the latest prediction from noted cryptographer and computer security professional Bruce Schneier, who, in December, shared a vision of the near future where artificial intelligence—AI—will be able to comb through reams of surveillance data to answer the types of questions that, previously, only humans could.

Artificial Intelligence 125

Artificial Intelligence Surveillance Spyware Internet 125

Security Boulevard

JANUARY 29, 2024

Learn how taking an internal, layered approach to cybersecurity – including training staff, controlling access, monitoring activity, and incident planning – helps protect valuable company data and resources from compromise. The post Protecting Business from the Inside Out: A Layered Approach to Cybersecurity appeared first on Security Boulevard.

Cybersecurity 124

Cybersecurity Artificial Intelligence 124

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

JANUARY 29, 2024

Ofuji Fishing Tackles, a renowned fishing tackle wholesaler and manufacturer in Japan has recently faced a severe cyber threat. The company disclosed a potential data breach involving personal customer information, a consequence of a... The post Data Breach at Ofuji Fishing: 200,000 Customers’ Information Compromised appeared first on Penetration Testing.

Data breaches 118

Data breaches Penetration Testing Manufacturing Cyber threats 118

Security Boulevard

JANUARY 29, 2024

A Datadog report found that cybercriminal activity aimed specifically at AWS cloud infrastructure services is increasing. The post Datadog Report Surfaces Pair of Sophisticated AWS Attacks appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity Network Security 122

We Live Security

JANUARY 29, 2024

In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike

114

114

Security Boulevard

JANUARY 29, 2024

Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to automate various steps in the software development lifecycle. Researchers with SonarSource, a code quality and security firm, in November 2023 alerted the maintainers.

Software 116

Software Cybersecurity Network Security 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

JANUARY 29, 2024

Hewlett Packard Enterprise (HPE) has disclosed that the state-sponsored actor known as Cozy Bear (aka Midnight Blizzard), gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsored group. Cozy Bear, who is generally linked to the Russian Foreign Intelligence Service, also known as the SVR, seems to be extremely curious to find out the intelligence information several tech gia

Marketing 113

Marketing Accountability Ransomware Hacking 113

Security Boulevard

JANUARY 29, 2024

In today's digital age, organizations face the constant threat of cyber attacks. Safeguarding critical data and infrastructure requires a proactive approach, starting with a comprehensive cybersecurity risk assessment. However, choosing a suitable risk assessment model is crucial for articulating your organization's cybersecurity risks clearly, selecting the most effective model for your needs, and implementing a robust and sustainable risk management program.

Risk 115

Risk Cyber Attacks Cybersecurity Cyber Risk 115

Bleeping Computer

JANUARY 29, 2024

The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. [.

Ransomware 112

Ransomware 112

Security Boulevard

JANUARY 29, 2024

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Horizon3.ai. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Security Boulevard.

Social Engineering 115

Social Engineering Engineering 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

JANUARY 29, 2024

A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates for December 2023.

Passwords 111

Passwords 111

Penetration Testing

JANUARY 29, 2024

LEAKEY LEAKEY is a tool for validation of leaked API tokens/keys found during pentesting and Red Team Engagements. The script is really useful for Bug Hunters in order to validate and determine the impact... The post LEAKEY: checks and validates for leaked credentials appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Security Boulevard

JANUARY 29, 2024

Quick question: when is it ok to run a networked system without updates? If the answer takes more than 1 second and is anything other than “never,” we need to talk. Imagine this: a major corporation crippled overnight by a cyberattack, all because of one overlooked detail – outdated systems. This isn’t a hypothetical scenario; […] The post Cybersecurity in Review: The Alarming Trend of Unsupported Systems appeared first on TuxCare.

Cybersecurity 110

Cybersecurity 110

eSecurity Planet

JANUARY 29, 2024

Dashlane is a password management software that’s popular for business and personal uses alike. The company was founded in 2009, and the first software edition was released in 2012. Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane.

Password Management 109

Password Management Passwords Authentication Accountability 109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity