Schneier on Security

JUNE 3, 2024

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 304

Phishing Artificial Intelligence Scams 304

The Last Watchdog

JUNE 3, 2024

When Log4J came to light in 2021, Kinnaird McQuade , then a security engineer at Square , drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service. Related: The big lesson from Log4J “It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

Software 147

Software Mobile Engineering Internet 147

Schneier on Security

JUNE 3, 2024

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it.

Technology 276

Technology Government Engineering Internet 276

Tech Republic Security

JUNE 3, 2024

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

Password Management 184

Password Management Passwords 184

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries.

Malware 141

Malware Phishing Surveillance Internet 141

Security Boulevard

JUNE 3, 2024

Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work. The post The NIST Finally Hires a Contractor to Manage CVEs appeared first on Security Boulevard.

Software 136

Software Risk Government 136

Security Boulevard

JUNE 3, 2024

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less capable “Manifest V3” API. The post Google Hates Ad Blockers: Manifest V3 Push Starts Today appeared first on Security Boulevard.

Advertising 130

Advertising Data privacy Security Awareness Cybersecurity 130

Bleeping Computer

JUNE 3, 2024

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [.

Accountability 126

Accountability Data breaches Passwords Malware 126

Security Boulevard

JUNE 3, 2024

Three-quarters of SMBs fear that a cyberattack could put them out of business. For good reason: 96% of them have already been the victims of a cyberattack. The post Cyberattack Risks Keep Small Business Security Teams on Edge appeared first on Security Boulevard.

Small Business 122

Small Business Risk Security Awareness Ransomware 122

Security Affairs

JUNE 3, 2024

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection.

Hacking 134

Hacking Risk Cybersecurity Information Security 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JUNE 3, 2024

Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands.

125

125

Security Affairs

JUNE 3, 2024

Spanish police dismantled a pirated TV streaming network that allowed its operators to earn over 5,300,000 euros since 2015. The Spanish National Police dismantled a network that illicitly distributed audiovisual content, earning over 5,300,000 euros since 2015. The police arrested eight individuals in Las Palmas de Gran Canaria, Madrid, Oviedo, and Málaga, and searched two homes.

Technology 125

Technology Banking Marketing Hacking 125

The Hacker News

JUNE 3, 2024

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve.

Cyber Attacks 120

Cyber Attacks Malware 120

Security Affairs

JUNE 3, 2024

Researcher discovered several authorization bypass vulnerabilities in Cox modems that potentially impacted millions of devices. The security researcher Sam Curry discovered multiple issues in Cox modems that could have been exploited to modify the settings of the vulnerable modem and run malicious commands on them. Cox is the largest private broadband provider in the United States, the third-largest cable television provider, and the seventh-largest telephone carrier in the country.

Hacking 126

Hacking Accountability Passwords Information Security 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

JUNE 3, 2024

Zyxel has released critical security patches for two of its Network Attached Storage (NAS) devices, NAS326 and NAS542, addressing severe vulnerabilities that could allow attackers to execute code remotely and compromise system security. The... The post Urgent Security Update for Zyxel NAS Devices: Patches Available for Critical Flaws appeared first on Penetration Testing.

Penetration Testing 121

Penetration Testing 121

The Hacker News

JUNE 3, 2024

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Veron over the past few years, according to a video released by the agencies. "Who is he working with?

Malware 112

Malware 112

eSecurity Planet

JUNE 3, 2024

Last week, major security vendors Check Point and Okta both notified customers of threats, and an old Fortinet vulnerability reared its head when researchers published a proof of concept for it. Spoofed browser upgrades download malware onto victims’ computers, and threat actors have been actively exploiting a Linux kernel vulnerability. Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise.

VPN 109

VPN Authentication Passwords Software 109

The Hacker News

JUNE 3, 2024

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea.

Manufacturing 109

Manufacturing Education Security Intelligence Malware 109

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Digital Shadows

JUNE 3, 2024

Secure PowerShell, JScript, and VBScript against cyber threats by configuring tailored controls and using Windows Defender Exploit Guard to protect your endpoints.

Cyber threats 111

Cyber threats Malware 111

Penetration Testing

JUNE 3, 2024

A security researcher has published details and proof-of-concept (PoC) code for a macOS CVE-2024-27822 vulnerability that could be exploited to gain root privileges. The security defect was identified and reported in March, with a... The post macOS Root Access Exploit: PoC Code for CVE-2024-27822 Released appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Tech Republic Security

JUNE 3, 2024

Cybersecurity is a booming career path for professionals looking to enhance the value of their skillsets in the 2020s. This guide, written by Madeline Clarke for TechRepublic Premium, highlights the methods people can take to begin a career in cybersecurity, provides expert insights from industry professionals and discusses the varying factors surrounding this lucrative area.

Cybersecurity 92

Cybersecurity 92

Penetration Testing

JUNE 3, 2024

FortiGuard Labs has recently unveiled a sophisticated cyberattack that leverages an Excel file embedded with a VBA macro to deploy a DLL file. This multi-stage malware strategy ultimately delivers the notorious “Cobalt Strike” payload,... The post Excel File Unleashes Sophisticated Cobalt Strike Cyberattack appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Malware 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

JUNE 3, 2024

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It has been downloaded 175 times to date.

Software 105

Software Cybersecurity 105

Penetration Testing

JUNE 3, 2024

WordPress, the world’s most popular content management system, is facing a wave of targeted attacks exploiting critical vulnerabilities in several plugins. The Fastly Security Research Team has issued an urgent warning, revealing that malicious... The post Wave of Attacks on WordPress: Urgent Update for WP Statistics, WP Meta SEO, LiteSpeed Cache appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing 104

The Hacker News

JUNE 3, 2024

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise.

Threat Reports 101

Threat Reports Cyber threats Cybersecurity 101

Bleeping Computer

JUNE 3, 2024

Verizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. [.

Technology 96

Technology Mobile 96

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

JUNE 3, 2024

A significant security vulnerability has been uncovered in the widely-used node-ip npm package, which is designed to retrieve a computer’s IPv4 addresses via a simple command-line tool. This package, which boasts over 19 million... The post CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing 96

Bleeping Computer

JUNE 3, 2024

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. [.

Accountability 96

Accountability Scams Cryptocurrency 96

Malwarebytes

JUNE 3, 2024

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has been added. Account Csy926. Password [ **] USDT Balance 1,660,086.50 EUR: 592,030.92 [domain] Keep it in a safe place.

Cryptocurrency 92

Cryptocurrency Scams Accountability Banking 92

Penetration Testing

JUNE 3, 2024

MySQL2, a popular MySQL client library for Node.js with over 2 million monthly downloads, has been found to contain a severe security vulnerability that could leave countless applications at risk. Tracked as CVE-2024-21512 and... The post CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk appeared first on Penetration Testing.

Penetration Testing 93

Penetration Testing Risk 93

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government