Fri.Jan 19, 2024

article thumbnail

Zelle Is Using My Name and Voice without My Consent

Schneier on Security

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

Marketing 309
article thumbnail

Canadian Man Stuck in Triangle of E-Commerce Fraud

Krebs on Security

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

Scams 297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Speaking to the CIA’s Creative Writing Group

Schneier on Security

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

299
299
article thumbnail

Warning: Scammers Are Now PERFECTLY Impersonating Utility Companies

Joseph Steinberg

Several hours ago , I received a phone call; the caller ID displayed the accurate name and phone number of my local utility company. As our area has, at times, suffered from power disruptions during winter storms, and we had winter weather yesterday and are expecting more tomorrow, I answered the call to see if the utility was advising of some repair that could impact service.

Scams 259
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Top IT Trends in Australia for IT Pros to Prepare For in 2024

Tech Republic Security

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data 188
article thumbnail

Google changes wording for Incognito browsing in Chrome

Malwarebytes

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known collectively as Chrome’s “Stable channel”), it can serve for testing and development purposes.

More Trending

article thumbnail

VF Corp December data breach impacts 35 million customers

Security Affairs

American global apparel and footwear company VF Corp revealed that the December data breach impacted 35.5 million customers. VF Corporation is an American global apparel and footwear company that owns 13 brands. In 2015, the company controlled 55% of the U.S. backpack market with the JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, and The North Face brands.

article thumbnail

CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog , and it has set the “due date” a week after they were added. Federal Civilian Executive Branch (FCEB) agencies are handed specific deadlines for when vulnerabilities must be dealt with. Normally, the Directive requires those agencies to remediate internet-facing vulnerabilities on its catalog within 15 days, and all others within 25 days.

article thumbnail

Kansas State University suffered a serious cybersecurity incident

Security Affairs

Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident that impacted a portion of its network and services. On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today emails, and videos on Canvas, or Mediasite.

article thumbnail

How to Opt Out of Comcast’s Xfinity Storing Your Sensitive Data

WIRED Threat Level

One of America’s largest internet providers may collect data about your political beliefs, race, and sexual orientation to serve personalized ads.

Internet 136
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Security Affairs

Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography? Sure, it can. Can it do it within a person’s lifetime? Yes. In fact, it will likely achieve this sometime within your career. Will it be a cryptopocalypse , as some experts suggest?

article thumbnail

VMware confirms critical vCenter flaw now exploited in attacks

Bleeping Computer

VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. [.

127
127
article thumbnail

China-linked APT UNC3886 exploits VMware zero-day since 2021

Security Affairs

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Firewall 138
article thumbnail

Chinese hackers exploit VMware bug as zero-day for two years

Bleeping Computer

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. [.

Hacking 126
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. At the end of July, Ivanti disclosed a security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35078 (CVSS score: 7.8), that was e

Mobile 137
article thumbnail

Latest OpenPubkey Project Initiative Makes SSH More Secure

Security Boulevard

The OpenPubkey project shared an OIDC-based mechanism for remotely logging into IT environments that makes authentication using SSH certificates more secure. The post Latest OpenPubkey Project Initiative Makes SSH More Secure appeared first on Security Boulevard.

article thumbnail

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

The Hacker News

Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said.

Software 111
article thumbnail

Behind the Breach: Pass-The-Cookie Beyond IdPs

Security Boulevard

Pass-The-Cookie (PTC), also known as token compromise, is a common attack technique employed by threat actors in SaaS environments. In the past, Obsidian’s Threat Research team noted a pattern where most PTC attacks focused on stealing the identity provider (IdP) primary authentication cookie. However, there has since been a shift in attacks–now targeting authentication cookies […] The post Behind the Breach: Pass-The-Cookie Beyond IdPs appeared first on Obsidian Security.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

The Hacker News

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments.

article thumbnail

Russian hackers stole Microsoft corporate emails in month-long breach

Bleeping Computer

Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. [.

article thumbnail

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

The Hacker News

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.

Backups 107
article thumbnail

Vans, North Face owner says ransomware breach affects 35 million people

Bleeping Computer

VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

article thumbnail

Payoneer accounts in Argentina hacked in 2FA bypass attacks

Bleeping Computer

Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. [.

article thumbnail

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The Hacker News

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files.

Phishing 105
article thumbnail

VMware Confirms CVE-2023-34048 RCE Flaw in vCenter Exploited in the Wild

Penetration Testing

On October 25, 2023, VMware issued critical security updates to address a severe vulnerability in its vCenter Server, which had the potential to enable remote code execution (RCE) attacks on susceptible servers. vCenter Server... The post VMware Confirms CVE-2023-34048 RCE Flaw in vCenter Exploited in the Wild appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

35.5 million customers of major apparel brands have their data breached after ransomware attack

Graham Cluley

Bought some Timberland shoes? Wear a North Face jacket? You, and millions of purchasers of other popular high-street brands, could have had their data stolen by the ALPHV ransomware group. Read more in my article on the Hot for Security blog.

article thumbnail

ChopChopGo: Rapidly Search and Hunt through Linux Forensics Artifacts

Penetration Testing

ChopChopGo ChopChopGo inspired by Chainsaw utilizes Sigma rules for forensics artifact recovery, enabling rapid and comprehensive analysis of logs and other artifacts to identify potential security incidents and threats on Linux. Features ? Hunt... The post ChopChopGo: Rapidly Search and Hunt through Linux Forensics Artifacts appeared first on Penetration Testing.

article thumbnail

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business

Joseph Steinberg

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business Human society is increasingly dependent on computer systems and the data housed and utilized within IT (information technology) infrastructure. While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks.

article thumbnail

CVE-2024-21733: Apache Tomcat Information Disclosure Vulnerability

Penetration Testing

In the vast expanse of web technology, Apache Tomcat emerges as a cornerstone, being a free and open-source implementation pivotal for the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. As a “pure Java”... The post CVE-2024-21733: Apache Tomcat Information Disclosure Vulnerability appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.