Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Malware 294

Malware Cryptocurrency Software Phishing 294

Tech Republic Security

FEBRUARY 28, 2024

Here are the top Secure Access Service Edge platforms that provide security and network functionality. Find the best SASE solution for your business needs.

137

137

Penetration Testing

FEBRUARY 28, 2024

Apache OFBiz, the popular open-source ERP framework, has recently been in the security spotlight. Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Risk 141

Bleeping Computer

FEBRUARY 28, 2024

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [.

135

135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Phishing 138

Phishing Identity Theft Scams Malware 138

Bleeping Computer

FEBRUARY 28, 2024

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. [.

132

132

Penetration Testing

FEBRUARY 28, 2024

The cybersecurity world is a battlefield of constant change – understanding your enemy’s weapons and strategies is key to survival. Enter GULoader, a malware favored by cybercriminals for its stealth, adaptability, and ability to... The post SVG Attacks: How GULoader Malware Sneaks into Your Network appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing Malware Cybersecurity 137

Tech Republic Security

FEBRUARY 28, 2024

TunnelBear VPN offers both free and paid versions, each with its own set of pros and cons. Learn about the differences and decide which one is right for you.

VPN 126

VPN 126

The Hacker News

FEBRUARY 28, 2024

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.

VPN 131

VPN Malware 131

Bleeping Computer

FEBRUARY 28, 2024

The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. [.

Healthcare 128

Healthcare Ransomware 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 28, 2024

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory.

Healthcare 130

Healthcare Ransomware Government 130

Bleeping Computer

FEBRUARY 28, 2024

Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. [.

Technology 130

Technology 130

Security Affairs

FEBRUARY 28, 2024

The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted attacks conducted by ALPHV/Blackcat ransomware attacks. The US agencies released a report containing IOCs and TTPs associated with the ALPHV Blackcat RaaS operation identified through law enforcement investigations conduct

Healthcare 136

Healthcare Ransomware Government Insurance 136

Bleeping Computer

FEBRUARY 28, 2024

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. [.

Ransomware 122

Ransomware 122

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 28, 2024

A chart to future aviation industry cybersecurity best practices Digital transformation propels industries forward, and the aviation sector stands at the forefront of change, embracing technologies that promise efficiency, safety, and customer satisfaction. However, this digital elevation also brings significant cybersecurity challenges, with the aviation industry becoming a lucrative target for cybercriminals.

Digital transformation 119

Digital transformation Cybersecurity Technology Ransomware 119

Tech Republic Security

FEBRUARY 28, 2024

Explore the differences between Speedify VPN Free and Premium versions, including features, benefits and which one is the best fit for your needs.

VPN 118

VPN 118

The Hacker News

FEBRUARY 28, 2024

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement.

Risk 120

Risk 120

Security Boulevard

FEBRUARY 28, 2024

As of the time I’m writing this, earlier this week a cybersecurity bombshell story just broke that, for once, is actually a positive turn of events. I’m talking about Operation Cronos, an international law enforcement operation that seized the Lockbit ransomware infrastructure, led to arrests of persons affiliated with the criminal organization, and resulted in […] The post Locking Up Lockbit: The Fall of a Ransomware Cartel appeared first on TuxCare.

Ransomware 115

Ransomware Cybersecurity Cybercrime Malware 115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

FEBRUARY 28, 2024

Your smartphone may be toast – if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps.

Wireless 113

Wireless Ransomware Hacking Mobile 113

Bleeping Computer

FEBRUARY 28, 2024

Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. [.

134

134

Security Affairs

FEBRUARY 28, 2024

Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities. The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

Energy and Utilities 131

Energy and Utilities Government Firewall Malware 131

Malwarebytes

FEBRUARY 28, 2024

On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.” Change Healthcare is one of the largest healthcare technology companies in the United States.

Healthcare 113

Healthcare Ransomware Backups Technology 113

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

FEBRUARY 28, 2024

The Biden Administration wants to stop data brokers and other companies from selling sensitive personal data of American citizens to organizations in China, Russia, and other adversarial countries. President Biden on Wednesday signed an executive order giving the Justice, Homeland Security, and other federal departments authority to create rules to “prevent the large-scale transfer” of.

Data privacy 110

Data privacy Security Awareness Mobile Cybersecurity 110

Penetration Testing

FEBRUARY 28, 2024

Cisco Talos has discovered a highly targeted and persistent phishing campaign preying on users in Mexico. The attackers are luring potential victims with financial-themed emails tailored to the region and then tricking them into... The post TimbreStealer: Stealthy Information Thief Targets Mexico appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Phishing 119

The Hacker News

FEBRUARY 28, 2024

An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis.

112

112

Graham Cluley

FEBRUARY 28, 2024

Matthew Perry's official Twitter account was hijacked by scammers this week who attempted to solicit donations from well-meaning fans of the much-loved late actor. The post asked for cryptocurrency donations "to support our mission in battling addiction." Read more in my article on the Hot for Security blog.

Cryptocurrency 106

Cryptocurrency Accountability Hacking Scams 106

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Affairs

FEBRUARY 28, 2024

Pharmaceutical giant Cencora suffered a cyber attack and threat actors stole data from its infrastructure. Pharmaceutical giant Cencora disclosed a data breach after it was the victim of a cyberattack. Cencora, Inc. , formerly known as AmerisourceBergen, is an American drug wholesale company and a contract research organization that was formed by the merger of Bergen Brunswig and AmeriSource in 2001.

Data breaches 128

Data breaches Healthcare Insurance Ransomware 128

Penetration Testing

FEBRUARY 28, 2024

A sophisticated espionage campaign, suspected to be linked to Iranian threat actors, is actively targeting aerospace and defense entities throughout the Middle East. Mandiant researchers have uncovered the campaign’s evolution, uncovering their use of... The post UNC1549’s Espionage Campaign Against Aerospace and Defense appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing Malware 115

Veracode Security

FEBRUARY 28, 2024

Insecure software is significantly impacting our world. In a recent statement, CISA Director Jen Easterly declared: “Features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion. That has to stop. We are at a critical juncture for our national security.” Our State of Software Security 2024 report explores a key area this trade-off of speed to market prioritized against security has resulted in: security debt.

Risk 105

Risk Marketing Software Technology 105

Digital Guardian

FEBRUARY 28, 2024

Germany's Bundesdatenschutzgesetz (BDSG) has been around for decades but seen renewed attention over the past few years along with the global uptick in data privacy awareness. Learn about the data protection law and what it requires in today's blog.

Data privacy 105

Data privacy 105

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government