Schneier on Security

MAY 22, 2024

Experiments in unredacting text that has been pixelated.

292

292

Tech Republic Security

MAY 22, 2024

Other announcements included a Snapdragon Dev Kit for Windows, GitHub Copilot Extensions and the general availability of Azure AI Studio.

Artificial Intelligence 183

Artificial Intelligence Big data Software 183

Malwarebytes

MAY 22, 2024

A cybercriminal going by the names of EquationCorp and USDoD have released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more.

Passwords 145

Passwords Data breaches Phishing Password Management 145

Tech Republic Security

MAY 22, 2024

This guide explains how you can change the location of your virtual private network for privacy, security or geolocation issues.

VPN 168

VPN 168

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

MAY 22, 2024

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever.

Hacking 145

Hacking 145

Tech Republic Security

MAY 22, 2024

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

Big data 154

Big data 154

The Hacker News

MAY 22, 2024

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar said.

Technology 144

Technology 144

Security Affairs

MAY 22, 2024

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. The keylogger was used to collect account credentials.

Malware 142

Malware Accountability Technology Internet 142

The Hacker News

MAY 22, 2024

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021.

Education 142

Education Banking Government Technology 142

Security Affairs

MAY 22, 2024

A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor their children’s online activities or by employers to keep track of employee productivity and internet usage.

Spyware 141

Spyware Surveillance Software Internet 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MAY 22, 2024

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News.

Government 142

Government Cybersecurity 142

Security Affairs

MAY 22, 2024

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985 (CVSS score: 10.0), in the GitHub Enterprise Server (GHES). GitHub Enterprise Server (GHES) is a self-hosted version of GitHub designed for use within organizations.

Authentication 141

Authentication Encryption Hacking Information Security 141

The Hacker News

MAY 22, 2024

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE.

Cybersecurity 141

Cybersecurity 141

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 billion. OmniVision Technologies Inc. is an American subsidiary of Chinese semiconductor device and mixed-signal integrated circuit design house Will Semiconductor.

Data breaches 139

Data breaches Ransomware Manufacturing Encryption 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

MAY 22, 2024

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally.

Internet 140

Internet Internet Cyber threats 140

Bleeping Computer

MAY 22, 2024

Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [.

137

137

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication environments.

Backups 136

Backups Authentication Accountability Software 136

Security Boulevard

MAY 22, 2024

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost. The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Data privacy Engineering Technology 131

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

SecureList

MAY 22, 2024

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here , here and here ), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis.

Malware 131

Malware Cryptocurrency Passwords Marketing 131

The Last Watchdog

MAY 22, 2024

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP , is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

Cyber threats 130

Cyber threats Engineering Internet Internet 130

We Live Security

MAY 22, 2024

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response to questions about AI-powere attacks.

128

128

The Hacker News

MAY 22, 2024

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace.

127

127

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

MAY 22, 2024

A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. [.

Government 125

Government 125

IT Security Guru

MAY 22, 2024

When it comes to creating presentations, you want the best chance of succeeding. A great presentation will increase your chances of selling the product, informing, or conveying your message. Google Slides is a popular tool for creating slideshows. However, more is needed to make an excellent presentation. Follow these Google Slides tips from experts to enhance your Google Slides presentation and get the job done.

120

120

Bleeping Computer

MAY 22, 2024

LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. [.

Encryption 114

Encryption Passwords Data breaches Software 114

Malwarebytes

MAY 22, 2024

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

GlobalSign

MAY 22, 2024

The FCRA protects consumer rights and regulates credit reporting agencies. This blog explores what the FCRA is and its requirements.

110

110

Graham Cluley

MAY 22, 2024

The United States Department of Justice has dealt a blow to dark web drug traffickers by arresting a man alleged to operate the dark web drugs marketplace Incognito Market. According to a DOJ press release, the alleged operator of a darknet platform sold over $100 million worth of narcotics worldwide. Read more in my article on the Hot for Security blog.

Marketing 106

Marketing Cryptocurrency 106

Bleeping Computer

MAY 22, 2024

Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. [.

106

106

The Last Watchdog

MAY 22, 2024

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense. Related: Cisco pays $28 billion for Splunk LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Marketing 100

Marketing Internet Internet Cybersecurity 100

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity