Mon.Apr 29, 2024

article thumbnail

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.

Wireless 312
article thumbnail

Whale Song Code

Schneier on Security

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

The Hacker News

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.

DNS 145
article thumbnail

The Los Angeles County Department of Health Services disclosed a data breach

Security Affairs

The Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients’ personal and health information. The Los Angeles County Department of Health Services disclosed a data breach that impacted thousands of patients. Patients’ personal and health information was exposed after a phishing attack impacted over two dozen employees.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

The Hacker News

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.

145
145
article thumbnail

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

Security Affairs

Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals. Debt collection agency Financial Business and Consumer Solutions (FBCS) disclosed a data breach that may have impacted 1,955,385 individuals. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.

More Trending

article thumbnail

Stealthy ‘DarkGate’ Trojan Abuses AutoHotkey, Evades Defender

Penetration Testing

McAfee Labs has recently unveiled a sophisticated cyber threat known as DarkGate, which uses advanced tactics to exploit the AutoHotkey utility and evade Microsoft Defender SmartScreen. This discovery outlines a critical escalation in cyber... The post Stealthy ‘DarkGate’ Trojan Abuses AutoHotkey, Evades Defender appeared first on Penetration Testing.

article thumbnail

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

The Hacker News

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.

article thumbnail

New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files

Penetration Testing

Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data. This security flaw, centered around the R Data... The post New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files appeared first on Penetration Testing.

article thumbnail

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

The Hacker News

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.

142
142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kaiser health insurance leaked patient data to advertisers

Malwarebytes

Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.

article thumbnail

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

The Hacker News

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge.

article thumbnail

MailCleaner Vulnerabilities Allow Remote Code Execution

Penetration Testing

In a critical security report released on April 29, 2024, the cybersecurity research team at Modzero unveiled a series of severe vulnerabilities in MailCleaner, a widely-used email filtering appliance designed to protect against spam,... The post MailCleaner Vulnerabilities Allow Remote Code Execution appeared first on Penetration Testing.

article thumbnail

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Security Affairs

Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. Google announced that in 2023, they have prevented 2.28 million policy-violating apps from being published on Google Play. This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

South Korean iPhone Ban: MDM DMZ PDQ

Security Boulevard

MDM Hindered: Android phones are still OK; this is Samsung’s home, after all. The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard.

article thumbnail

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs

The Federal Communications Commission (FCC) fined the largest U.S. wireless carriers $200 million for sharing customers’ real-time location data without consent. The FCC has fined four major U.S. wireless carriers nearly $200 million for unlawfully selling access to real-time location data of their customers without consent. The fines come as a result of the Notices of Apparent Liability (NAL) issued by the FCC against AT&T, Sprint, T-Mobile, and Verizon in February 2020.

Wireless 130
article thumbnail

USPS Phishing Scams Generate Almost as Much Traffic as the Real Site

Security Boulevard

Smishing is hard to stamp out. Worse, bogus domains surpass the legitimate one during the holiday season, when more people expect packages. The post USPS Phishing Scams Generate Almost as Much Traffic as the Real Site appeared first on Security Boulevard.

Scams 128
article thumbnail

Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656)

Penetration Testing

A serious security vulnerability in Ant Media Server, a popular streaming solution used by thousands of organizations, has been uncovered by the Praetorian red team. This vulnerability, designated CVE-2024-32656, stems from a misconfiguration that... The post Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) appeared first on Penetration Testing.

Media 125
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft fixes bug behind incorrect BitLocker encryption errors

Bleeping Computer

Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. [.

article thumbnail

Avast Faces $14.8 Million Penalty for Data Protection Violations

Penetration Testing

Czech cybersecurity software leader Avast has been hit with a hefty $14.8 million fine by the Czech Republic’s Office for Personal Data Protection (ÚOOÚ) for alleged violations of the European Union’s General Data Protection... The post Avast Faces $14.8 Million Penalty for Data Protection Violations appeared first on Penetration Testing.

article thumbnail

Compounded Crisis: Change Healthcare’s Breach Escalates with New Threats

Security Boulevard

Two months ago, Change Healthcare, a linchpin in the U.S. healthcare system, fell victim to a sophisticated cyberattack by the infamous BlackCat/ALPHV ransomware group. The breach not only paralyzed numerous healthcare services but also exposed the company to extortion demands, underlining severe vulnerabilities in the healthcare sector’s cybersecurity framework.

article thumbnail

Stealthy New Android Trojan Disguised as Popular Apps Steals Your Data

Penetration Testing

A sophisticated new Android malware threat is making the rounds, and its methods are alarmingly effective. The SonicWall Capture Labs threat research team has identified a sophisticated new Remote Access Trojan (RAT) targeting Android... The post Stealthy New Android Trojan Disguised as Popular Apps Steals Your Data appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing

Security Boulevard

The rise of digital technology has provided great convenience to the banking sector, but it has also opened up the doors to cyber attacks. A recent incident at a well-known Indian bank acts as a wake-up call, emphasizing the need for a strong cybersecurity framework. The incident was mentioned in the Reserve Bank of India’s […] The post Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing appeared first on Kratikal Blogs.

article thumbnail

Coffee with the Council Podcast: Help Shape the Future of Payment Security as a PCI SSC Participating Organization

PCI perspectives

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. At our Community Meetings in 2022, the Council announced a significant change to its Participating Organization program. Today, I am joined by the Council's Senior Vice President of Education and Engagement, Mark Meissner who has been spearheading this effort, and is going to talk about some of these changes over the past couple of years, and how t

Education 114
article thumbnail

USPS Impersonation Scams Surge: Fake Domains Rival Real USPS Website in Traffic

Penetration Testing

A disturbing new report by Akamai security researchers highlights the shocking scale of phishing scams impersonating the United States Postal Service (USPS). These cybercriminals have become so sophisticated that their malicious websites designed to... The post USPS Impersonation Scams Surge: Fake Domains Rival Real USPS Website in Traffic appeared first on Penetration Testing.

Scams 113
article thumbnail

Continuous Risk Assessments Unify Healthcare Cybersecurity 

Security Boulevard

Welcome to Axio’s series on cybersecurity for healthcare providers, where we share expert insights and practical advice tailored to the unique security needs of the medical sector. Our aim is Read More The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Axio. The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

Many of this week’s disclosures involve new aspects of old vulnerabilities. Palo Alto’s Pan-OS flaw impacts Siemens products and receives new remediation instructions. An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023.

Firewall 102
article thumbnail

A week in security (April 22 – April 28)

Malwarebytes

Last week on Malwarebytes Labs: Ring agrees to pay $5.6 million after cameras were used to spy on customers TikTok comes one step closer to a US ban Google ad for Facebook redirects to scam “Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09 Billions of scraped Discord messages up for sale Last week on ThreatDown: MITRE breached through Ivanti Conne

article thumbnail

Collection agency FBCS warns data breach impacts 1.9 million people

Bleeping Computer

Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. [.

article thumbnail

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

SecureWorld News

Kaiser Permanente, one of the largest not-for-profit providers of health care and coverage in the United States, is dealing with the fallout from a significant data breach that has affected more than 13 million individuals. The company revealed details of the incident in a public notification posted on April 25th. According to a filing submitted to the U.S.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.