Tue.Nov 07, 2023

article thumbnail

Spaf on the Morris Worm

Schneier on Security

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988—35 years ago. His lessons from then are still applicable today.

Malware 316
article thumbnail

GUEST ESSAY: The many channels law enforcement pursues to mitigate cyber threats

The Last Watchdog

Throughout 2023, we’ve witnessed numerous significant cyber incidents. One of the largest this year was the MOVEit breach, which impacted various state motor vehicle organizations and exposed driver’s license information for nearly 9.5 million individuals. Related: The Golden Age of cyber espionage We have also seen ransomware outbreaks at MGM and Caesar’s Casino , causing losses in the millions of dollars and targeted assaults on the healthcare sector, affecting over 11 millio

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

IT Pros in Australian Crypto Need to Brace for Regulation

Tech Republic Security

The Australian government is moving towards regulating cryptocurrency, with a focus on those involved in developing and maintaining crypto platforms.

article thumbnail

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

WIRED Threat Level

The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

VMware Explore Barcelona 2023: Enhanced Private AI and Sovereign Cloud Services Announced

Tech Republic Security

VMware's Private AI platform will include interoperability with Intel, IBM's watsonx and Kyndryl.

Big data 140
article thumbnail

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Security Affairs

Veeam addressed multiple vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform, including two critical issues. Veeam addressed four vulnerabilities (CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723) in the Veeam ONE IT infrastructure monitoring and analytics platform. The vulnerability CVE-2023-38547 (CVSS score 9.9) can be exploited by an unauthenticated attacker to gain information about the SQL server connection Veeam ONE uses to access its configu

Backups 137

More Trending

article thumbnail

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Security Affairs

Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. Iran-linked Agonizing Serpens group (aka Agrius , BlackShadow , Pink Sandstorm , DEV-0022 ) has been targeting Israeli organizations in higher education and tech sectors with destructive cyber attacks since January 2023. Palo Alto Networks’ s Unit 42 researchers reported that threat actors first attempt to steal sensitive data (i.e. personally identifiable informat

article thumbnail

Microsoft Authenticator now blocks suspicious MFA alerts by default

Bleeping Computer

Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. [.

article thumbnail

Marina Bay Sands Luxury Hotel in Singapore Suffers a Data Breach

Security Affairs

The iconic integrated resort Marina Bay Sands in Singapore has disclosed a data breach that impacted 665,000 customers. The Marina Bay Sands (MBS) luxury resort in Singapore has suffered a data breach that impacted 665,000 customers. Marina Bay Sands discovered the security breach on 20 October 2023, an unauthorized third party gained access to some of our customers’ loyalty programme membership data on 19 and 20 October 2023.

article thumbnail

Offensive and Defensive AI: Let’s Chat(GPT) About It

The Hacker News

ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.

Risk 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Google hopes to better fight malicious apps with real-time scanning on Android devices

Graham Cluley

Google has added a new real-time app scanning capability to Google Play Protect in order to help it better protect against malicious apps installed from outside the official app store. Read more in my article on the Tripwire State of Security blog.

Malware 132
article thumbnail

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

The Hacker News

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.

Malware 128
article thumbnail

Okta breach happened after employee logged into personal Google account

Malwarebytes

Okta has revealed details about a recent breach which exposed files belonging to customers. As we explained in our article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. Having this file allows the team to troubleshoot issues by replicating what’s going on in the browser.

article thumbnail

YouTube's Ad Blocker Detection Believed to Break EU Privacy Law

WIRED Threat Level

A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive.

Media 122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Speedify Review 2023: Features, Security & Performance

Tech Republic Security

Speedify VPN offers speed-centered features that may not make up for its lack of security and pricey plan. Find out how this VPN measured up in our review.

article thumbnail

N. Korea's BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware

The Hacker News

The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign, which came to light earlier this year.

Malware 119
article thumbnail

Microsoft: Some Outlook.com users can't send emails with attachments

Bleeping Computer

In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. [.

118
118
article thumbnail

Secret Scanner for Jira and Confluence: CVE-2023–22515 Defense in Depth

Pen Test

TLDR; Upgrade Confluence to a patched version and employ the open-source security scanner n0s1 to proactively address potential secret leaks. Why do I need a secret scanner? It is a widely recognized best practice for Product Security Engineers to conduct scans of the software codebase in search of potential inadvertent secret leaks. Developers may find themselves working on a new feature that requires integration with AWS and might, initially for convenience during testing, hardcode the AWS acc

Passwords 115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

News alert: AppMap launches ‘Runtime Code Review’ — GitHub integration innovation

The Last Watchdog

Boston, Mass., Nov. 7, 2023 — AppMap today announces its innovative Runtime Code Review solution that will transform software quality and the developer experience. AppMap’s mission is to deliver actionable insights to developers where they work, and AppMap continues to deliver on the promise with its latest release for the GitHub Marketplace. Unexpected runtime defects account for a staggering 40% of performance problems and 50% of security defects.

Software 113
article thumbnail

Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable

Dark Reading

Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.

article thumbnail

What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance

WIRED Threat Level

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.

article thumbnail

Marina Bay Sands discloses data breach impacting 665,000 customers

Bleeping Computer

The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Hacker News

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat.

article thumbnail

How to become a cybersecurity engineer: ultimate career guide

Hack the Box

Wondering what it takes to become a cybersecurity engineer? Here’s a complete career guide with insights from experienced security professionals!

article thumbnail

CVSS 4.0 Offers Significantly More Patching Context

Dark Reading

The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of it.

104
104
article thumbnail

Global Cybersecurity Skills Gap Still Widening Despite Growing Workforce

SecureWorld News

Cyber threats pose one of the most significant risks to businesses, governments, and individuals today. As the world becomes more interconnected and data-driven, the need for cybersecurity talent has never been greater. However, a new study from ISC2 reveals that the supply of cybersecurity professionals worldwide continues to lag far behind demand.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Confidence in File Upload Security is Alarmingly Low. Why?

The Hacker News

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are undeniable; however, this shift presents new security challenges. OPSWAT's 2023 Web Application Security report reveals: 75% of organizations have modernized their infrastructure this year.

article thumbnail

News alert: Risk Ledger secures £6.25 million to prevent cyber attacks on enterprise supply chains

The Last Watchdog

London, United Kingdom, Nov. 7, 2023 — Organisations have been laser focussed on protecting their own networks, applications, physical premises and people against cyber security attacks but have neglected their exposure to suppliers. Indeed, over the past 3 years, a staggering 73% of organisations have been affected by a third-party security breach.

article thumbnail

Marina Bay Sands Becomes Latest Hospitality Cyber Victim

Dark Reading

Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment.

99
article thumbnail

Fake Ledger Live app in Microsoft Store steals $768,000 in crypto

Bleeping Computer

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.