Wed.Jan 17, 2024

article thumbnail

Inside the Massive Naz.API Credential Stuffing List

Troy Hunt

It feels like not a week goes by without someone sending me yet another credential stuffing list. It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords 353
article thumbnail

Code Written with AI Assistants Is Less Secure

Schneier on Security

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online.

article thumbnail

5 Best VPNs for Android in 2024

Tech Republic Security

Explore the best VPNs for Android devices. Find out which VPN offers the best security, speed and features for your Android device.

VPN 172
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

WIRED Threat Level

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

article thumbnail

AI used to fake voices of loved ones in “I’ve been in an accident” scam

Malwarebytes

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 145

More Trending

article thumbnail

Ivanti vulnerabilities now actively exploited in massive numbers

Malwarebytes

Last week we wrote about two vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways that were being actively exploited. The researchers that discovered the active exploitation are warning that these attacks are now very widespread. “Victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals.”

article thumbnail

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Security Affairs

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, following Ukrainian President Volodymyr Zelensky’s visit to Davos. “We took a look at Switzerland, where the World Economic Forum Davos is currently taking place.

DDOS 141
article thumbnail

Salt Security Adds Governance Engine to API Security Platform

Security Boulevard

Salt Security added a posture governance engine to its API security platform that defines and enforces implementation standards. The post Salt Security Adds Governance Engine to API Security Platform appeared first on Security Boulevard.

article thumbnail

Github rotated credentials after the discovery of a vulnerability

Security Affairs

GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability through its bug bounty program, the Microsoft-owned company rotated some credentials. The vulnerability, tracked as CVE-2024-0200 (CVSS score 7.2), allowed access to the environment variables of a production container and the company confirmed that all affected credentials have been rotated. “On December 26,

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

News alert: Incogni study reveals overwhelming majority of spam calls originate locally

The Last Watchdog

Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound. Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding specific area codes is largely ineffective. The study, based on the latest data from the Federal Trade Commission (FTC), demonstrates that, contrary to popular belief, a staggering 59.81% of all unwanted calls originate from local num

article thumbnail

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

Security Affairs

U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of AndroxGh0st malware. The malware is spreading to create a botnet for victim identification and exploitation in target networks.

Malware 138
article thumbnail

Is Temu safe? What to know before you ‘shop like a billionaire’

We Live Security

Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal

Scams 128
article thumbnail

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Security Affairs

Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. “Exploits of these CVEs on unmitigated appliances have been observed.

VPN 136
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AI’s Role in Cybersecurity for Attackers and Defenders in 2024

Security Boulevard

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

article thumbnail

iShutdown scripts can help detect iOS spyware on your iPhone

Bleeping Computer

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. [.

Spyware 113
article thumbnail

London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry

Security Boulevard

Artificial intelligence (AI)-based attacks would likely possess greater adaptability and evasion capabilities than WannaCry and NotPetya. The post London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry appeared first on Security Boulevard.

article thumbnail

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

The Hacker News

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.

Spyware 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Kaspersky Details Method for Detecting Spyware in iOS

Security Boulevard

Researchers with cybersecurity firm Kaspersky are detailing a lightweight method for detecting the presence of spyware, including The NSO Group’s notorious Pegasus software, in Apple iOS devices. The new method, which calls for looking for traces of spyware in a log file called Shutdown.log on the devices, gives users and cybersecurity professionals an easier and.

Spyware 119
article thumbnail

Bigpanzi botnet infects 170,000 Android TV boxes with malware

Bleeping Computer

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [.

article thumbnail

What is the Difference Between Cyberstalking and Cyberbullying?

Security Boulevard

Understanding distinctions between cyberbullying & cyberstalking requires looking beyond surface similarities at key differences in behaviors, motivations, impacts & societal responses to these rising forms of online harassment. The post What is the Difference Between Cyberstalking and Cyberbullying? appeared first on SternX Technology. The post What is the Difference Between Cyberstalking and Cyberbullying?

article thumbnail

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks.

Malware 110
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn

Security Boulevard

The bad actors behind the Androxgh0st malware are building a botnet they can use to identify victims and exploit vulnerable networks to steal confidential information from such high-profile cloud applications as Amazon Web Services (AWS), Microsoft Office 365, SendGrid, and Twilio, according to two government agencies. The FBI and Cybersecurity and Infrastructure Security Agency (CISA).

article thumbnail

CISA pushes federal agencies to patch Citrix RCE within a week

Bleeping Computer

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks. [.

102
102
article thumbnail

Why Behavioral Threat Hunting is the Big Thing for Cybersecurity in 2024

Security Boulevard

As we surge into 2024, the cybersecurity landscape is witnessing a paradigm shift. Gone are the days when Indicators of Compromise (IOCs) held the throne. 2023 marked the realization within cybersecurity circles that while IOCs serve a purpose, particularly in confirming participation in major breaches, their continuous monitoring leads to an unsustainable level of alert […] The post Why Behavioral Threat Hunting is the Big Thing for Cybersecurity in 2024 appeared first on Cyborg Security.

article thumbnail

Urgent Siemens Update: Addressing SIMATIC’s Near-Perfect CVSS Scores

Penetration Testing

Siemens has released two new advisories to inform customers about four vulnerabilities, which include two critical vulnerabilities (CVE-2023-51438 and CVE-2023-49621) in their SIMATIC IPC and SIMATIC NC 4100 products. The vulnerabilities have a Common... The post Urgent Siemens Update: Addressing SIMATIC’s Near-Perfect CVSS Scores appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The Hacker News

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code.

article thumbnail

SBSCAN: penetration testing tool specifically designed for the Spring framework

Penetration Testing

SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:... The post SBSCAN: penetration testing tool specifically designed for the Spring framework appeared first on Penetration Testing.

article thumbnail

Microsoft: Iranian hackers target researchers with new MediaPl malware

Bleeping Computer

Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. [.

Malware 97
article thumbnail

NIST Report Highlights Rising Tide of Threats Facing AI Systems

SecureWorld News

Artificial intelligence (AI) promises to transform major sectors like healthcare, transportation, finance, and government over the coming years. But the advanced machine learning (ML) models powering this AI revolution also introduce new vectors of attack for malicious actors. As adoption accelerates, so too do emerging cybersecurity risks. That troubling dynamic motivates a comprehensive new report on AI security published by the U.S.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.