Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

DDOS 263

DDOS Cybercrime Hacking Passwords 263

Joseph Steinberg

APRIL 30, 2024

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co

Artificial Intelligence 208

Artificial Intelligence Cybersecurity 208

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 248

Encryption 248

The Last Watchdog

APRIL 30, 2024

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.

Penetration Testing 182

Penetration Testing CISO Unstructured Data Technology 182

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Pen Test Partners

APRIL 30, 2024

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network.

Authentication 145

Authentication Passwords Accountability Engineering 145

The Last Watchdog

APRIL 30, 2024

At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.

Internet 130

Internet Internet Engineering Authentication 130

Security Boulevard

APRIL 30, 2024

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

IoT 135

IoT Passwords Social Engineering Telecommunications 135

The Hacker News

APRIL 30, 2024

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.

Cybersecurity 133

Cybersecurity 133

Bleeping Computer

APRIL 30, 2024

Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [.

Phishing 135

Phishing Malware 135

Security Boulevard

APRIL 30, 2024

The Federal Communications Commission (FCC) is fining the country’s largest wireless carriers a combined $196 million for illegally selling the location data of customers to third-parties in a case that dates back to 2020. In announcing the fines this week, the FCC said that Verizon, AT&T, T-Mobile, and Verizon sold the data to aggregators –. The post FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data appeared first on Security Boulevard.

Mobile 126

Mobile Wireless Data privacy Cybersecurity 126

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

APRIL 30, 2024

A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in... The post Lazarus Exposed: $200M Crypto Laundering Scheme Revealed appeared first on Penetration Testing.

Penetration Testing 133

Penetration Testing Hacking 133

Security Boulevard

APRIL 30, 2024

Global ransomware attacks rose slightly in March compared to the previous month, as ransomware cabal RAGroup ramped up activity by more than 300%. However, overall activity declined 8% year-over-year, according to NCC Group’s latest ransomware report. The cyber gang LockBit 3.0 kept its pole position as the most active cybercriminal force for eight months in.

Ransomware 126

Ransomware Malware Cybersecurity 126

The Hacker News

APRIL 30, 2024

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

126

126

Security Boulevard

APRIL 30, 2024

The goal is to enable cybersecurity and data science teams to work together and share their expertise. The post Sysdig Extends CNAPP Reach to AI Workloads appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Security Awareness 125

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Last Watchdog

APRIL 30, 2024

Tel Aviv, Israel – April 30, 2024 – Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations’ security teams, enabling them to continuously monitor and detect risks to their environment arising from third-party suppliers and take preemptive action before an attack executes.

Cyber threats 100

Cyber threats Risk CISO Software 100

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi

Passwords 135

Passwords Manufacturing Telecommunications Cyber Attacks 135

Penetration Testing

APRIL 30, 2024

Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Risk Software 127

Security Affairs

APRIL 30, 2024

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S. critical infrastructure, as mandated by Executive Order 14110 Section 4.3(a)(i).

Risk 128

Risk Government Hacking Cybersecurity 128

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

APRIL 30, 2024

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [.

Healthcare 117

Healthcare Accountability Hacking Authentication 117

The Hacker News

APRIL 30, 2024

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.

Government 129

Government Artificial Intelligence Risk 129

WIRED Threat Level

APRIL 30, 2024

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.

Hacking 116

Hacking 116

Bleeping Computer

APRIL 30, 2024

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [.

Malware 116

Malware Phishing 116

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

APRIL 30, 2024

SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks appeared first on Penetration Testing.

Data breaches 124

Data breaches Penetration Testing Authentication Software 124

Security Affairs

APRIL 30, 2024

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, and trying to extort the clinic and its clients.

Hacking 128

Hacking Cybercrime Data breaches Information Security 128

Security Boulevard

APRIL 30, 2024

In the realm of cybersecurity, vigilance is paramount. Recent discoveries have shed light on a previously undisclosed threat known as Kapeka, a versatile backdoor quietly making its presence felt in cyber attacks across Eastern Europe. Let’s delve into the intricacies of this stealthy KapeKa backdoor and understand the implications it holds for businesses and individuals […] The post KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks appeared first on TuxCare.

Cyber Attacks 111

Cyber Attacks Cybersecurity Threat Detection Malware 111

Bleeping Computer

APRIL 30, 2024

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [.

111

111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

APRIL 30, 2024

A significant security flaw has been unveiled in BentoML, a popular Python-based framework used for building and deploying AI applications. Identified as CVE-2024-2912, this vulnerability lies in the way the software handles data, potentially... The post CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing Software 116

GlobalSign

APRIL 30, 2024

In April we’re still dealing with the fallout of the Change Healthcare attack, along with a cyberattack in the UK and the dissolution of an international phishing platform.

Healthcare 108

Healthcare Phishing 108

WIRED Threat Level

APRIL 30, 2024

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

Technology 121

Technology 121

Quick Heal Antivirus

APRIL 30, 2024

Ever felt like there’s a tiny, invisible threat lurking in your pocket? Well, guess what? You might be. The post Worried About Your Phone Getting Hacked? Secure Your Device With The Best Antivirus! appeared first on Quick Heal Blog.

Antivirus 105

Antivirus Hacking Cybersecurity 105

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government