Fri.Apr 26, 2024

article thumbnail

Long Article on GM Spying on Its Cars’ Drivers

Schneier on Security

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance 309
article thumbnail

BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

Tech Republic Security

Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop.

Software 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bogus npm Packages Used to Trick Software Developers into Installing Malware

The Hacker News

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 144
article thumbnail

pphack: The Most Advanced Client-Side Prototype Pollution Scanner

Penetration Testing

pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a... The post pphack: The Most Advanced Client-Side Prototype Pollution Scanner appeared first on Penetration Testing.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

The Hacker News

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday.

Malware 144
article thumbnail

Kaiser Permanente data breach may have impacted 13.4 million patients

Security Affairs

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the regional Permanente Medical Groups.

More Trending

article thumbnail

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector.

article thumbnail

10 Critical Endpoint Security Tips You Should Know

The Hacker News

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks.

138
138
article thumbnail

Fake job interviews target developers with new Python backdoor

Bleeping Computer

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). [.

Software 132
article thumbnail

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

The Hacker News

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.

Software 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Understanding Cybersecurity Vulnerabilities

Security Boulevard

What is a cybersecurity vulnerability, how do they happen, and what can organizations do to avoid falling victim? Among the many cybersecurity pitfalls, snares, snags, and hazards, cybersecurity vulnerabilities and the likes of zero-day attacks are perhaps the most insidious. Our lives are unavoidably woven into the fabric of digital networks, and cybersecurity has become.

article thumbnail

Hanwha Vision Announces Critical Security Updates for NVR and DVR Models

Penetration Testing

Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security... The post Hanwha Vision Announces Critical Security Updates for NVR and DVR Models appeared first on Penetration Testing.

article thumbnail

Kaiser Permanente: Data breach may impact 13.4 million patients

Bleeping Computer

Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. [.

article thumbnail

apidetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains

Penetration Testing

APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security professionals and developers who... The post apidetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Network Security Architecture: Best Practices & Tools

eSecurity Planet

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

article thumbnail

Security Update for Webmin: Addressing Privilege Escalation Vulnerability

Penetration Testing

Attention server administrators! A serious security vulnerability in Webmin, a widely used web-based system administration tool for Unix-like servers, has been discovered. This critical flaw could allow attackers with minimal access to a system... The post Security Update for Webmin: Addressing Privilege Escalation Vulnerability appeared first on Penetration Testing.

article thumbnail

Telegram is down with "Connecting" error

Bleeping Computer

Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [.

Mobile 110
article thumbnail

LightSpy Malware Strikes macOS: Your Mac Could be the Target

Penetration Testing

Researchers at Huntress have revealed a critical development in the LightSpy malware threat landscape. Previously focused on iOS and Android, this newly analyzed macOS variant confirms cybercriminal interest in compromising Apple systems. This calls... The post LightSpy Malware Strikes macOS: Your Mac Could be the Target appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Creating practical pathways with DoDM 8140.03

CompTIA on Cybersecurity

The U.S. Department of Defense (DoD) is making a huge impact on cybersecurity skills training as organizations align course offerings with Department of Defense Manual 8140.03 (DoDM 8140.03). Don't get left behind!

article thumbnail

Fake Browser Updates Drop Dangerous FakeBat Malware – Don’t Be Fooled

Penetration Testing

Security experts at eSentire have sounded the alarm on a new wave of FakeBat malware attacks. Threat actors are refining their methods, exploiting the familiar tactic of fake browser updates to trick unsuspecting users... The post Fake Browser Updates Drop Dangerous FakeBat Malware – Don’t Be Fooled appeared first on Penetration Testing.

article thumbnail

Accelerating incident response using generative AI

Google Security

Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident Response Introduction As security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content , block threats, and discover and fix vulnerabilities.

Risk 94
article thumbnail

The #1 Reason Why Organizations Skip Security

SecureBlitz

In this post, I will show the #1 reason why organizations skip security. Imagine you have the best recipe in the world for chocolate, and you decide to make a business out of it: you rent a place, buy the required machinery and hire the best manpower available. You have spent all this time, money […] The post The #1 Reason Why Organizations Skip Security appeared first on SecureBlitz Cybersecurity.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Announcing two new LMS libraries

Security Boulevard

By Will Song The Trail of Bits cryptography team is pleased to announce the open-sourcing of our pure Rust and Go implementations of Leighton-Micali Hash-Based Signatures (LMS), a well-studied NIST-standardized post-quantum digital signature algorithm. If you or your organization are looking to transition to post-quantum support for digital signatures, both of these implementations have been […] The post Announcing two new LMS libraries appeared first on Security Boulevard.

72
article thumbnail

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

We Live Security

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 4/26/24

Security Boulevard

Insight #1 AI is clearly becoming a problem, with headlines capturing incidents such as a deepfake audio impersonating a Chief Information Security Officer (CISO) and explicit deepfake photographs of high-school students being passed around in a Nevada, Iowa High School. We as an industry need to get our hands around all of this before it gets even worse.

CISO 72
article thumbnail

ReliaQuest Labs Program at the University of South Florida Creates Direct Pipeline into Cybersecurity Industry

Digital Shadows

ReliaQuest Labs at USF bridges education to cybersecurity careers, offering real-world experience and high job placement rates.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Open-Source Software Security

Security Boulevard

Open-source software security is crucial in today's cloud-native world. Learn about vulnerabilities, dependencies, and tools to improve security in this in-depth blog post. The post Open-Source Software Security appeared first on Security Boulevard.

article thumbnail

Friday Five: Controversial Data Privacy Legislation, Protecting Critical Infrastructure, & More

Digital Guardian

A major data privacy bill and proposed regulation have taken steps forward to becoming reality this past week. Meanwhile, China looms large as a significant cybersecurity threat and agencies are taking action to prepare. Catch up on these stories and more in this week's Friday Five.

article thumbnail

Agile by Design: Cybersecurity at the Heart of Transformation

Security Boulevard

Unlock the dynamic interplay between cybersecurity and agility in today’s business landscape. Explore how organizations can fortify their defenses, foster innovation, and thrive amidst uncertainty. In an era defined by rapid technology advances, geopolitical complexities, and economic uncertainties, organizations face a daunting challenge: how to thrive amidst constant disruption and change.

article thumbnail

The L.A. County Department of Health Services Breached

Heimadal Security

Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach exposing thousands of patients’ personal and medical information. This is the second largest public health care system in the nation, behind NYC Health + Hospitals, and runs the public hospitals and clinics […] The post The L.A.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.