Tue.Apr 30, 2024

article thumbnail

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

DDOS 279
article thumbnail

WhatsApp in India

Schneier on Security

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US Department Of Defense CyberSecurity Contest To Open To The Public

Joseph Steinberg

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co

article thumbnail

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Bypassing MFA on Microsoft Azure Entra ID

Pen Test Partners

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network.

article thumbnail

China Has a Controversial Plan for Brain-Computer Interfaces

WIRED Threat Level

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

More Trending

article thumbnail

The Dangerous Rise of GPS Attacks

WIRED Threat Level

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.

Hacking 143
article thumbnail

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The Hacker News

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.

article thumbnail

DVAC: An intentionally vulnerable Android Application

Penetration Testing

The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content... The post DVAC: An intentionally vulnerable Android Application appeared first on Penetration Testing.

article thumbnail

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

The Hacker News

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

142
142
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NCSC: New UK law bans default passwords on smart devices

Security Affairs

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi

Passwords 140
article thumbnail

Millions of Docker repos found pushing malware, phishing sites

Bleeping Computer

Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [.

Phishing 135
article thumbnail

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

IoT 135
article thumbnail

CISA guidelines to protect critical infrastructure against AI-based threats

Security Affairs

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S. critical infrastructure, as mandated by Executive Order 14110 Section 4.3(a)(i).

Risk 135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Lazarus Exposed: $200M Crypto Laundering Scheme Revealed

Penetration Testing

A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in... The post Lazarus Exposed: $200M Crypto Laundering Scheme Revealed appeared first on Penetration Testing.

article thumbnail

Notorious Finnish Hacker sentenced to more than six years in prison

Security Affairs

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, and trying to extort the clinic and its clients.

Hacking 135
article thumbnail

RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code

The Last Watchdog

At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.

Internet 130
article thumbnail

CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed

Penetration Testing

Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data

Security Boulevard

The Federal Communications Commission (FCC) is fining the country’s largest wireless carriers a combined $196 million for illegally selling the location data of customers to third-parties in a case that dates back to 2020. In announcing the fines this week, the FCC said that Verizon, AT&T, T-Mobile, and Verizon sold the data to aggregators –. The post FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data appeared first on Security Boulevard.

Mobile 126
article thumbnail

SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks

Penetration Testing

SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks appeared first on Penetration Testing.

article thumbnail

LockBit, RAGroup Drive Ransomware Attacks in March

Security Boulevard

Global ransomware attacks rose slightly in March compared to the previous month, as ransomware cabal RAGroup ramped up activity by more than 300%. However, overall activity declined 8% year-over-year, according to NCC Group’s latest ransomware report. The cyber gang LockBit 3.0 kept its pole position as the most active cybercriminal force for eight months in.

article thumbnail

CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover

Penetration Testing

A significant security flaw has been unveiled in BentoML, a popular Python-based framework used for building and deploying AI applications. Identified as CVE-2024-2912, this vulnerability lies in the way the software handles data, potentially... The post CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Sysdig Extends CNAPP Reach to AI Workloads

Security Boulevard

The goal is to enable cybersecurity and data science teams to work together and share their expertise. The post Sysdig Extends CNAPP Reach to AI Workloads appeared first on Security Boulevard.

article thumbnail

Change Healthcare hacked using stolen Citrix account with no MFA

Bleeping Computer

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [.

article thumbnail

Zloader Reloaded: Malware Adopts Evasive Anti-Analysis Tactics

Penetration Testing

Security researchers at Zscaler have uncovered a new anti-analysis feature in recent iterations of the Zloader malware (versions 2.4.1.0 and 2.5.1.0), making it significantly more difficult for analysts to study and potentially increasing the... The post Zloader Reloaded: Malware Adopts Evasive Anti-Analysis Tactics appeared first on Penetration Testing.

Malware 113
article thumbnail

New Latrodectus malware attacks use Microsoft, Cloudflare themes

Bleeping Computer

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [.

Malware 116
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

IBM Acquires HashiCorp in $6.4B Deal

Penetration Testing

IBM has announced its definitive agreement to acquire HashiCorp Inc., a leader in multi-cloud infrastructure automation, for $35 per share, amounting to an enterprise value of $6.4 billion. This strategic move aims to enrich... The post IBM Acquires HashiCorp in $6.4B Deal appeared first on Penetration Testing.

article thumbnail

KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks

Security Boulevard

In the realm of cybersecurity, vigilance is paramount. Recent discoveries have shed light on a previously undisclosed threat known as Kapeka, a versatile backdoor quietly making its presence felt in cyber attacks across Eastern Europe. Let’s delve into the intricacies of this stealthy KapeKa backdoor and understand the implications it holds for businesses and individuals […] The post KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks appeared first on TuxCare.

article thumbnail

Google now pays up to $450,000 for RCE bugs in some Android apps

Bleeping Computer

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [.

111
111
article thumbnail

ArcaneDoor Campaign: Cisco Zero-Day Vulnerabilities Threaten 162K Hosts Worldwide

Penetration Testing

Recent findings by Cisco Talos have unveiled a coordinated threat actor campaign dubbed “ArcaneDoor,” targeting government-owned network devices globally. This campaign has exploited previously unknown zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and... The post ArcaneDoor Campaign: Cisco Zero-Day Vulnerabilities Threaten 162K Hosts Worldwide appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.