Wed.Oct 30, 2024

article thumbnail

Change Healthcare Breach Hits 100M Americans

Krebs on Security

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s c

article thumbnail

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch now! New Chrome update for two critical vulnerabilities

Malwarebytes

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

Spyware 144
article thumbnail

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Best Antivirus Software for Small Businesses in 2024

Tech Republic Security

Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.

article thumbnail

From Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with CloudScout

Penetration Testing

In a recent discovery, ESET researchers unveiled “CloudScout,” a sophisticated cyberespionage toolset employed by the advanced persistent threat (APT) group called Evasive Panda. This China-aligned group has reportedly used CloudScout... The post From Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with CloudScout appeared first on Cybersecurity News.

More Trending

article thumbnail

CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Penetration Testing

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now! appeared first on Cybersecurity News.

Hacking 128
article thumbnail

Google fixed a critical vulnerability in Chrome browser

Security Affairs

Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation.

article thumbnail

ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)

Penetration Testing

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 141
article thumbnail

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as CVE-2024-50388, which was exploited by white hat hackers against a TS-464 NAS device during the recent Pwn2Own Ireland 2024 hacking competition. The flaw is an OS command injection vulnerability in HBS 3 Hybrid Backup Sync , a remote attacker could exploit it to execute arbitrary code commands on

Backups 127
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

Tech Republic Security

Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.

Malware 148
article thumbnail

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

The Hacker News

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News.

article thumbnail

Survey Surfaces Fundamental Weaknesses in API Security

Security Boulevard

Traceable AI today published a global survey of 1,548 IT and cybersecurity professionals that finds well over half (57%) work for organizations that have experienced a data breach incident involving application programming interfaces (APIs) in the last two years, with nearly three-quarters of those organizations experiencing three or more incidents.

article thumbnail

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

The Hacker News

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure

Security Boulevard

The Cloud Security Alliance, noting the increasing cyberthreats to critical infrastructure in a highly interconnected world, released a report outlining steps organizations can take to implement zero trust policies to protect against nation-state actors and other threat groups. The post Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure appeared first on Security Boulevard.

article thumbnail

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

The Hacker News

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.

article thumbnail

How to remove your personal information from Google Search results

We Live Security

Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results.

127
127
article thumbnail

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

The Hacker News

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Citrix Boosts Security for Remote Application Accesses With “More Security Layers”

Security Boulevard

Connections on the internet are not secure by default, and bad actors frequently take advantage of users accessing organizations’ applications and resources from remote locations, to burrow into corporate networks. Experts recommend picking a remote access management solution and adjusting the settings to the organization’s individual access control policy to establish remote connections securely.

Internet 126
article thumbnail

This Lenovo laptop is my surprise pick for best MacBook Pro alternative (even for Apple users)

Zero Day

Lenovo's Yoga Slim 7i Aura Edition pairs several unique and helpful features with the high-performing and efficient Intel Core Ultra 7 (Series 2).

124
124
article thumbnail

Embarking on a Compliance Journey? Here’s How Intruder Can Help

The Hacker News

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe.

122
122
article thumbnail

This $99 Android phone is no Pixel 9 Pro, but performs better than handsets twice the price

Zero Day

Not everyone needs a $1,000 phone​. If you're on a tight budget or you're shopping for the kids, the NUU N10 is a truly impressive budget handset.

122
122
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Proofpoint Boosting Data Security with Normalyze Acquisition

Security Boulevard

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world. The post Proofpoint Boosting Data Security with Normalyze Acquisition appeared first on Security Boulevard.

article thumbnail

M4 Mac Mini vs. M2 Mac Mini: Which Apple desktop should you buy?

Zero Day

Apple's new Mac Mini offers a big performance boost thanks to the M4 chipset, but is it enough to warrant a purchase?

116
116
article thumbnail

QNAP Patches Critical Zero-Day Exploited at Pwn2Own Ireland 2024 – CVE-2024-50388

Penetration Testing

QNAP has swiftly addressed a critical zero-day vulnerability in its HBS 3 Hybrid Backup Sync software, following its successful exploitation at the recent Pwn2Own Ireland 2024 competition. The vulnerability, tracked... The post QNAP Patches Critical Zero-Day Exploited at Pwn2Own Ireland 2024 – CVE-2024-50388 appeared first on Cybersecurity News.

Backups 112
article thumbnail

I tested sleep earbuds made by ex-Bose engineers, and they worked like a charm

Zero Day

The Ozlo Sleepbuds, with their calming audio output and comforting fit, are the best sleep earbuds I've ever used.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Penetration Testing

In a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim resources and harvest rewards from the Titan Network—a... The post Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining appeared first on Cybersecurity News.

article thumbnail

AI Cyberattacks Rise but Businesses Still Lack Insurance

Security Boulevard

Cybersecurity is a leading concern for risk managers as AI-related cyber risks surge, and despite growing investments, many businesses still lack comprehensive cyber insurance, according to a Nationwide survey. The post AI Cyberattacks Rise but Businesses Still Lack Insurance appeared first on Security Boulevard.

Insurance 120
article thumbnail

We have an official open-source AI definition now, but the fight is far from over

Zero Day

Which of the three sides are you on?

109
109
article thumbnail

U.S. CISA Goes Global with First International Strategic Plan

SecureWorld News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step forward by introducing its first international strategic plan in an effort to help contain cyber threats that continue to transcend national borders. The initiative recognizes that protecting America's digital infrastructure requires robust global collaboration.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.