Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa

VPN 304

VPN Encryption Internet Internet 304

The Last Watchdog

MAY 7, 2024

SAN FRANCISCO — Cloud security is stirring buzz as RSA Conference 2024 ramps up at Moscone Convention Center here. Related: The fallacy of ‘security-as-a-cost-center’ Companies are clambering to mitigate unprecedented exposures spinning out of their increasing reliance on cloud hosted resources. The unfolding disruption of Generative AI — and rising compliance requirements — add to the mix.

Threat Detection 264

Threat Detection Internet Internet Risk 264

Tech Republic Security

MAY 7, 2024

VPNs are popular due to the fact they add security and privacy to what are otherwise daily open Wi-Fi and public internet channels. But can VPNs be tracked by the police?

Internet 181

Internet Internet VPN 181

The Last Watchdog

MAY 7, 2024

SAN FRANCISCO – The already simmering MSSP global market just got hotter. Related: The transformative power of GenAI/LLM This week at RSA Conference 2024 , AT&T announced the launch of LevelBlue – a top-tier managed security services business formed by an alliance with AT&T and WillJam Ventures. I had the chance to sit down earlier with Theresa Lanowitz , Chief Evangelist of AT&T Cybersecurity /Agent at LevelBlue, to discuss this alliance.

Marketing 130

Marketing Cyber Risk Risk Cybersecurity 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MAY 7, 2024

The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.

Manufacturing 154

Manufacturing Artificial Intelligence Big data Technology 154

Penetration Testing

MAY 7, 2024

A significant security flaw has been identified in PDF.js, a widely-used, Mozilla-supported PDF viewer developed with HTML5, and React-PDF, a popular npm package for displaying PDFs within React applications. This vulnerability, which allows for... The post CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

The Hacker News

MAY 7, 2024

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week.

Social Engineering 132

Social Engineering Media Engineering Hacking 132

Security Boulevard

MAY 7, 2024

Google is making it easier for users to implement two-factor authentication (2FA) for their personal or business Workspace accounts, part of the company’s larger push to adopt stronger verification methods, whether it’s multi-factor authentication (MFA) or passwordless tools like biometrics or passkeys. The changes to what Google also calls 2-Step Verification (2SV) that were unveiled.

Authentication 126

Authentication Accountability Mobile Malware 126

The Hacker News

MAY 7, 2024

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S.

Ransomware 130

Ransomware 130

Bleeping Computer

MAY 7, 2024

Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. [.

120

120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

MAY 7, 2024

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023.

Cyber Attacks 124

Cyber Attacks 124

Security Affairs

MAY 7, 2024

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. MITRE has shared more details on the recent hack , including the new malware involved in the attack and a timeline of the attacker’s activities. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Malware 124

Malware Hacking Accountability Authentication 124

The Hacker News

MAY 7, 2024

Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called, 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen.

Authentication 122

Authentication Accountability Passwords 122

Security Affairs

MAY 7, 2024

The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of the LockBit operation and sanctioned him. The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’ , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.

Ransomware 126

Ransomware Cybercrime Healthcare Encryption 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MAY 7, 2024

Last week, Microsoft announced the public preview of external authentication methods (EAM) for Entra ID. As a close partner, HYPR has worked extensively with Microsoft on the new offering and we are excited to be one of the first external authentication method integrations. This means organizations can now choose HYPR phishing-resistant authentication for their Entra ID MFA method, use it in Entra ID Conditional Access policies, Privileged Identity Management, and more.

Authentication 110

Authentication Phishing 110

The Hacker News

MAY 7, 2024

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022.

Cryptocurrency 110

Cryptocurrency 110

Bleeping Computer

MAY 7, 2024

The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time. [.

Ransomware 106

Ransomware 106

WIRED Threat Level

MAY 7, 2024

Law enforcement officials say they’ve identified, sanctioned, and indicted the person behind LockBitSupp, the administrator at the heart of LockBit’s $500 million hacking rampage.

Ransomware 103

Ransomware Hacking 103

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

MAY 7, 2024

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. [.

VPN 105

VPN Encryption Software 105

Cisco Security

MAY 7, 2024

Announcing the public availability of Cisco Cloud Controls Framework (CCF) V3.0 - a “build-once-use-many” approach for SaaS compliance with global standards. Announcing the public availability of Cisco Cloud Controls Framework (CCF) V3.0 - a “build-once-use-many” approach for SaaS compliance with global standards.

Marketing 109

Marketing 109

Penetration Testing

MAY 7, 2024

Veeam, a major provider of backup and data protection solutions, has issued a security advisory warning of remote code execution (RCE) vulnerability in its Service Provider Console (VSPC). This flaw (CVE-2024-29212) opens a door... The post CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Risk Backups 98

Cisco Security

MAY 7, 2024

In 2007, there was a study from the University of Maryland proving that internet-connected systems were attacked every 39 seconds on average. Today, that number has grown more than 60%. Cisco sees… Read more on Cisco Blogs Learn how the Cisco AI Assistant in XDR adds powerful functionality to Cisco XDR that increases defenders efficiency and accuracy.

Cybersecurity 109

Cybersecurity Internet Internet Threat Detection 109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

MAY 7, 2024

How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a ‘Thank you’ not a ‘Thank you’?

100

100

Penetration Testing

MAY 7, 2024

Security researchers at Juniper Threat Labs have uncovered a dangerous escalation in attacks targeting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways. Attackers are weaponizing two critical vulnerabilities, CVE-2023-46805 (authentication bypass) and CVE-2024-21887... The post Mirai Botnet Exploits Ivanti Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Authentication Malware 96

SecureList

MAY 7, 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape. In this report, we present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the mos

Software 94

Software Internet Internet Social Engineering 94

Bleeping Computer

MAY 7, 2024

The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network. [.

Data breaches 94

Data breaches Government 94

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

MAY 7, 2024

Multiple U.S. and allied cybersecurity agencies are sounding the alarm over an ongoing campaign by pro-Russia hacktivist groups to target and compromise operational technology (OT) systems across critical infrastructure sectors in North America and Europe. According to a new joint cybersecurity alert , the hacktivists have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed h

Passwords 86

Passwords Manufacturing Technology Authentication 86

Bleeping Computer

MAY 7, 2024

BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. [.

Advertising 85

Advertising 85

Security Boulevard

MAY 7, 2024

AI is rapidly increasing the pace of API creation within organizations, leading to API security becoming as significant as traditional application security. Here’s what you can learn from the top five API breaches of the last quarter. The post API Vulnerabilities Found Across AI Infrastructure Projects at NVIDIA, Mercedes appeared first on Security Boulevard.

Cybersecurity 83

Cybersecurity 83

Bleeping Computer

MAY 7, 2024

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. [.

Internet 91

Internet Internet 91

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government