Schneier on Security

JUNE 3, 2024

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 322

Phishing Artificial Intelligence Scams 322

Tech Republic Security

JUNE 3, 2024

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

Password Management 193

Password Management Passwords 193

Schneier on Security

JUNE 3, 2024

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it.

Technology 297

Technology Government Engineering Internet 297

The Last Watchdog

JUNE 3, 2024

When Log4J came to light in 2021, Kinnaird McQuade , then a security engineer at Square , drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service. Related: The big lesson from Log4J “It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

Software 147

Software Mobile Engineering Internet 147

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

JUNE 3, 2024

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, an

Passwords 145

Passwords Government Accountability Hacking 145

The Hacker News

JUNE 3, 2024

Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands.

142

142

The Hacker News

JUNE 3, 2024

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve.

Cyber Attacks 141

Cyber Attacks Malware 141

Security Affairs

JUNE 3, 2024

CISA adds Oracle WebLogic Server OS command injection vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection.

Hacking 139

Hacking Risk Cybersecurity Information Security 139

The Hacker News

JUNE 3, 2024

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Veron over the past few years, according to a video released by the agencies. "Who is he working with?

Malware 137

Malware 137

Security Boulevard

JUNE 3, 2024

Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work. The post The NIST Finally Hires a Contractor to Manage CVEs appeared first on Security Boulevard.

Software 136

Software Risk Government 136

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JUNE 3, 2024

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea.

Manufacturing 135

Manufacturing Education Security Intelligence Malware 135

Security Affairs

JUNE 3, 2024

Researcher discovered several authorization bypass vulnerabilities in Cox modems that potentially impacted millions of devices. The security researcher Sam Curry discovered multiple issues in Cox modems that could have been exploited to modify the settings of the vulnerable modem and run malicious commands on them. Cox is the largest private broadband provider in the United States, the third-largest cable television provider, and the seventh-largest telephone carrier in the country.

Hacking 134

Hacking Accountability Passwords Information Security 134

Security Boulevard

JUNE 3, 2024

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less capable “Manifest V3” API. The post Google Hates Ad Blockers: Manifest V3 Push Starts Today appeared first on Security Boulevard.

Advertising 130

Advertising Data privacy Security Awareness Cybersecurity 130

Security Affairs

JUNE 3, 2024

Spanish police dismantled a pirated TV streaming network that allowed its operators to earn over 5,300,000 euros since 2015. The Spanish National Police dismantled a network that illicitly distributed audiovisual content, earning over 5,300,000 euros since 2015. The police arrested eight individuals in Las Palmas de Gran Canaria, Madrid, Oviedo, and Málaga, and searched two homes.

Technology 132

Technology Banking Marketing Hacking 132

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JUNE 3, 2024

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise.

Threat Reports 129

Threat Reports Cyber threats Cybersecurity 129

Malwarebytes

JUNE 3, 2024

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has been added. Account Csy926. Password [ **] USDT Balance 1,660,086.50 EUR: 592,030.92 [domain] Keep it in a safe place.

Cryptocurrency 127

Cryptocurrency Scams Accountability Banking 127

The Hacker News

JUNE 3, 2024

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It has been downloaded 175 times to date.

Software 129

Software Cybersecurity 129

Bleeping Computer

JUNE 3, 2024

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [.

Accountability 126

Accountability Data breaches Passwords Malware 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

JUNE 3, 2024

Zyxel has released critical security patches for two of its Network Attached Storage (NAS) devices, NAS326 and NAS542, addressing severe vulnerabilities that could allow attackers to execute code remotely and compromise system security. The... The post Urgent Security Update for Zyxel NAS Devices: Patches Available for Critical Flaws appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing 123

Security Boulevard

JUNE 3, 2024

Three-quarters of SMBs fear that a cyberattack could put them out of business. For good reason: 96% of them have already been the victims of a cyberattack. The post Cyberattack Risks Keep Small Business Security Teams on Edge appeared first on Security Boulevard.

Small Business 122

Small Business Risk Security Awareness Ransomware 122

SecureList

JUNE 3, 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation , a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information and e

Banking 114

Banking Malware Computers and Electronics Mobile 114

Penetration Testing

JUNE 3, 2024

A security researcher has published details and proof-of-concept (PoC) code for a macOS CVE-2024-27822 vulnerability that could be exploited to gain root privileges. The security defect was identified and reported in March, with a... The post macOS Root Access Exploit: PoC Code for CVE-2024-27822 Released appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

JUNE 3, 2024

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal scrutiny. This long-standing debate has sometimes spilled into the public view, as it did in 2016, when the FBI demanded that Apple unlock an iPhone used during a terrorist attack in the California

Media 111

Media Technology Software Encryption 111

Penetration Testing

JUNE 3, 2024

FortiGuard Labs has recently unveiled a sophisticated cyberattack that leverages an Excel file embedded with a VBA macro to deploy a DLL file. This multi-stage malware strategy ultimately delivers the notorious “Cobalt Strike” payload,... The post Excel File Unleashes Sophisticated Cobalt Strike Cyberattack appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Malware 111

Digital Shadows

JUNE 3, 2024

Secure PowerShell, JScript, and VBScript against cyber threats by configuring tailored controls and using Windows Defender Exploit Guard to protect your endpoints.

Cyber threats 111

Cyber threats Malware 111

SecureList

JUNE 3, 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most common threat to mobile devices was adware: 46% of all threats detected.

Mobile 109

Mobile Adware Banking Malware 109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

JUNE 3, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.

Cybersecurity 107

Cybersecurity 107

eSecurity Planet

JUNE 3, 2024

Last week, major security vendors Check Point and Okta both notified customers of threats, and an old Fortinet vulnerability reared its head when researchers published a proof of concept for it. Spoofed browser upgrades download malware onto victims’ computers, and threat actors have been actively exploiting a Linux kernel vulnerability. Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise.

VPN 105

VPN Authentication Passwords Software 105

Penetration Testing

JUNE 3, 2024

WordPress, the world’s most popular content management system, is facing a wave of targeted attacks exploiting critical vulnerabilities in several plugins. The Fastly Security Research Team has issued an urgent warning, revealing that malicious... The post Wave of Attacks on WordPress: Urgent Update for WP Statistics, WP Meta SEO, LiteSpeed Cache appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing 104

Trend Micro

JUNE 3, 2024

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year.

IoT 101

IoT Risk 101

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity