Wed.Nov 15, 2023

article thumbnail

New SSH Vulnerability

Schneier on Security

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

359
359
article thumbnail

Intel Patches Widespread Processor Vulnerability

Tech Republic Security

The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks.

Software 179
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware gang files SEC complaint over victim’s undisclosed breach

Bleeping Computer

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [.

article thumbnail

Microsoft Ignite: New Solutions Offer More Security and Productivity from Windows in the Cloud

Tech Republic Security

Cloud PCs give you access to Windows AI tools on any device, and Windows 365 now has AI-powered tools to help IT give users the right cloud PC for their needs.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

article thumbnail

HALT! I am Reptar! Intel CPU Bug Panics Cloud Providers

Security Boulevard

IaaS Catch Fire: Google and Intel fuzz, find and fix a fabulous bug. Next up: More of the same. The post HALT! I am Reptar! Intel CPU Bug Panics Cloud Providers appeared first on Security Boulevard.

More Trending

article thumbnail

CSA Adds Zero-Trust Certificate to Cloud Security Training Program

Security Boulevard

The Cloud Security Alliance added a zero-trust cybersecurity certificate to its training curriculum as part of an effort to advance cloud security. The post CSA Adds Zero-Trust Certificate to Cloud Security Training Program appeared first on Security Boulevard.

article thumbnail

Cybersecurity Glossary Pack

Tech Republic Security

It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation, cybersecurity will be an important issue. With this TechRepublic Premium pack, readers can get four cybersecurity glossaries for a bargain price. Each glossary explains the terminology and will help you understand the language with clear, concise definitions.

article thumbnail

The QAnon Shaman Isn’t Even the Most Extreme Candidate in His Race for Congress

WIRED Threat Level

Jacob Chansley, the January 6 rioter known as the QAnon Shaman, will run for Congress in Arizona. The most remarkable thing about his campaign so far is how unremarkable it is in a state that’s embraced election conspiracies.

123
123
article thumbnail

Rackspace Ransomware Costs Soar to Nearly $12M

Dark Reading

Rackspace's 2022 ransomware attack costs only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

The Hacker News

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF].

article thumbnail

'AlphaLock' Hackers Launch 'Pen-Testing Training' Group

Dark Reading

With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services.

article thumbnail

Securing Sensitive Data: Cybersecurity in Asset Management

Security Boulevard

The asset management sector, a critical component of the financial industry, is facing a pressing challenge in the form of cybersecurity. During the first quarter of 2023, the number of weekly cyberattacks witnessed a 7% increase when compared to the corresponding period in the previous year. This rise in cyberattacks has significant implications for asset.

article thumbnail

Microsoft fixes Windows Server VMs broken by October updates

Bleeping Computer

Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts. [.

120
120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Social Media Sleuths, Armed With AI, Are Identifying Dead Bodies

WIRED Threat Level

Poverty, fentanyl, and lack of public funding mean morgues are overloaded with unidentified bodies. TikTok and Facebook pages are filling the gap—with AI proving a powerful and controversial new tool.

Media 119
article thumbnail

How to Get Better Business Security by Embracing Certificate Automation

GlobalSign

Let’s take a look at some of the key reasons why IT teams should implement automation within their organization.

116
116
article thumbnail

FBI and CISA Say the Royal Ransomware Group May Rebrand

Security Boulevard

The prolific Royal ransomware group, which has demanded more than $275 million in ransom from as many as 350 targets since September 2022, may be preparing to rebrand itself or spin off a variant, according to a U.S. government advisory. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) wrote in its advisory this week. The post FBI and CISA Say the Royal Ransomware Group May Rebrand appeared first on Security Boulevard.

article thumbnail

Update now! Microsoft patches 3 actively exploited zero-days

Malwarebytes

Another important update round for this month’s Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it is publicly disclosed or actively exploited with no official fix available.

Internet 114
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Navigating Open-Source Supply Chain Threats: Protecting Your Software Ecosystem

Security Boulevard

In today’s business world, companies are determined to create software faster than ever before. Developers are under immense pressure to deliver products to customers quickly. To accelerate this process, developers often rely on pre-made “building blocks” – open-source components. This means that modern software is frequently assembled from existing parts rather than being built entirely […] The post Navigating Open-Source Supply Chain Threats: Protecting Your Software Ecosystem appeared first o

Software 115
article thumbnail

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

The Hacker News

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.

article thumbnail

Using SD-WAN to Optimize Security and Connectivity of Satellite Networks

Security Boulevard

Deploying SD-WAN across multiple multi-orbit satellite links creates a reliable virtual network on top of the physical infrastructure. The post Using SD-WAN to Optimize Security and Connectivity of Satellite Networks appeared first on Security Boulevard.

article thumbnail

U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty

The Hacker News

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle

WIRED Threat Level

The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative.

Passwords 108
article thumbnail

Samsung hit by new data breach impacting UK store customers

Bleeping Computer

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. [.

article thumbnail

Understanding the Combined Power of Data Loss Prevention (DLP) and Secure Collaboration

Digital Guardian

Leveraging DLP with Digital Guardian Secure Collaboration can help organizations control their data regardless of where it lands.

105
105
article thumbnail

Defending Against Attacks on Vulnerable IoT Devices

Dark Reading

Organizations must approach cybersecurity as if they are defending themselves in a cyberwar.

IoT 103
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Gamblers’ data compromised after casino giant Strendus fails to set password

Security Affairs

Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. Strendus, one of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. The data was likely compromised by unauthorized actors.

Passwords 102
article thumbnail

EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services

Dark Reading

Organizations in "essential" sectors have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2).

article thumbnail

Smashing Security podcast #348: Hacking for chimp change, and AI chatbot birthday

Graham Cluley

Who's more incompetent - the cryptocurrency exchanges or some of the people who hack them? Plus a closer look at the reliability of AI chatbots. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Hacking 101
article thumbnail

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Security Affairs

The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm. The IPStorm botnet was first uncovered in May 2019 while targeting Windows systems, not experts from Intezer reported that the bot evolved to infect other platforms, including Android, Linux, and Mac devices. IPStorm botnet continues to infect systems across the world, its size passed from around 3,000 infected systems in May 2019 to more than 13,500 devices in October 2020.

Hacking 101
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.