Wed.Oct 09, 2024

article thumbnail

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.

article thumbnail

Auto-Identification Smart Glasses

Schneier on Security

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article.

180
180
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data

Tech Republic Security

On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.

article thumbnail

JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data

Penetration Testing

The Japan Aerospace Exploration Agency (JAXA) has become the target of a series of sophisticated cyberattacks, resulting in the hijacking of accounts belonging to high-ranking officials, including President Hiroshi Yamakawa... The post JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data appeared first on Cybersecurity News.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Firefox Zero-Day Under Attack: Update Your Browser Immediately

The Hacker News

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.

144
144
article thumbnail

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platf

More Trending

article thumbnail

Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

Security Affairs

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. The vulnerabilities reside in the Palo Alto Networks’ Expedition solution, which is a migration tool designed to help organizations move configurations from other firewall platforms (like Check Point, Cisco, and others) to Palo Alto’s PAN-OS. R

Firewall 126
article thumbnail

iPhone Mirroring Flaw Could Expose Employee Personal Information

Security Boulevard

A flaw in Apple's mirroring feature within the iOS 18 and macOS Sequoia software updates compromises personal privacy when used on work Macs, according to a report from Sevco Security. The post iPhone Mirroring Flaw Could Expose Employee Personal Information appeared first on Security Boulevard.

Software 120
article thumbnail

Cybercriminals Are Targeting AI Conversational Platforms

Security Affairs

Resecurity reports a rise in attacks on AI Conversational platforms, targeting chatbots that use NLP and ML to enable automated, human-like interactions with consumers. Resecurity has observed a spike in malicious campaigns targeting AI agents and Conversational AI platforms that leverage chatbots to provide automated, human-like interactions for consumers.

article thumbnail

69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail

WIRED Threat Level

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the recording-breaking sum, meanwhile, languishes in a Nigerian jail cell.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. A recent investigation by Kaspersky researchers into the APT group Awaken Likho (aka Core Werewolf and PseudoGamaredon) uncovered a new campaign from June to August 2024, showing a shift from UltraVNC to the MeshCentral platform for remote access.

article thumbnail

Internet Archive Breach Exposes 31 Million Users

WIRED Threat Level

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Internet 123
article thumbnail

Two Crypto Exchanges Face US Sanctions For Money Laundering

Security Boulevard

Recent media reports have shed light on the US sanctions that were imposed on two crypto exchanges. In addition, the government also issued an indictment against a Russian national who was involved in money laundering crimes. In this article we’ll dive into the details of the sanctions and determine what these exchanges are, the details […] The post Two Crypto Exchanges Face US Sanctions For Money Laundering appeared first on TuxCare.

Media 109
article thumbnail

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

The Hacker News

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023.

Malware 115
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Protect Your Personal Apps With Duo MFA

Duo's Security Blog

October is Cybersecurity Awareness Month. So, is there a better time to think about securing your personal life? With cyber threats becoming more sophisticated, it's essential to safeguard your personal information. One of the easiest and most effective ways to do that is by using Duo Mobile, a mobile security app designed to keep your online accounts safe.

Mobile 109
article thumbnail

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.

article thumbnail

AI-Driven eCommerce Fraud to Top $107 Billion by 2029

Security Boulevard

There has been a dramatic rise in e-commerce fraud as the increasing use of AI-generated deepfakes poses an unprecedented security challenge for online merchants. The post AI-Driven eCommerce Fraud to Top $107 Billion by 2029 appeared first on Security Boulevard.

eCommerce 104
article thumbnail

Palo Alto Networks Issues Fix for Critical Vulnerabilities, Including CVE-2024-9463 (CVSS 9.9)

Penetration Testing

Palo Alto Networks recently issued a security advisory (PAN-SA-2024-0010) detailing several high-severity vulnerabilities affecting its Expedition migration tool, with CVSS scores ranging from 7.0 to 9.9. These flaws, if exploited,... The post Palo Alto Networks Issues Fix for Critical Vulnerabilities, Including CVE-2024-9463 (CVSS 9.9) appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024

NSTIC

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.

article thumbnail

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

The Hacker News

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments.

article thumbnail

OpenBAS: A Powerful Open-Source Platform for Cyber Adversary Simulations

Penetration Testing

In today’s rapidly evolving cybersecurity landscape, organizations need tools that can help them stay ahead of threats by identifying vulnerabilities and preparing for potential cyberattacks. OpenBAS (Open-source Breach and Attack... The post OpenBAS: A Powerful Open-Source Platform for Cyber Adversary Simulations appeared first on Cybersecurity News.

article thumbnail

American Water Company Cyber Attack Highlights Risks to Sector

SecureWorld News

A New Jersey-based utility, American Water , which supplies water to more than 14 million people, reported a cyberattack in an SEC filing on October 3, 2024. The attack appears to have impacted only the company's billing systems, with no disruption to water or wastewater services. The company, which operates in 14 states and supports 18 military installations, emphasized that no ransom demand has been made, and no known group has claimed responsibility for the breach.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Smashing Security podcast #388: Vacuum cleaner voyeur, and pepperoni pact blocks payout

Graham Cluley

Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

article thumbnail

CVE-2024-9164 (CVSS 9.6): GitLab Users Urged to Update Now

Penetration Testing

GitLab, a leading platform for DevOps and continuous integration/continuous delivery (CI/CD), has just released crucial security updates in versions 17.4.2, 17.3.5, and 17.2.9 for both Community Edition (CE) and Enterprise... The post CVE-2024-9164 (CVSS 9.6): GitLab Users Urged to Update Now appeared first on Cybersecurity News.

article thumbnail

Social Media Accounts: The Weak Link in Organizational SaaS Security

The Hacker News

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security.

Media 93
article thumbnail

Digital Crack for Kids: TikTok Sued Again by 14 AGs

Security Boulevard

For You Plague: TikTok’s in trouble once more—this time, some states complain it’s breaking laws by harvesting children’s data and keeping them addicted. The post Digital Crack for Kids: TikTok Sued Again by 14 AGs appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

The Hacker News

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams.

DNS 94
article thumbnail

The Countdown Has Begun: Getting Started on Your Post-Quantum Journey

Cisco Security

Using existing encryption and key management technologies, enterprises can realize quantum-safe encryption today without waiting for implementations. Using existing encryption and key management technologies, enterprises can realize quantum-safe encryption today without waiting for implementations.

article thumbnail

Palo Alto Expedition: From N-Day to Full Compromise

Security Boulevard

On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks.

article thumbnail

The Best Proxies for Sneaker Bots: A Comprehensive Guide

SecureBlitz

Want the best proxies for Sneaker bots? Read on! Sneaker bots have revolutionized how sneakerheads acquire limited edition releases, enabling them to secure coveted pairs that would otherwise be nearly impossible to obtain. However, a robust proxy setup is essential to effectively use sneaker bots and avoid detection. Proxies mask your IP address, allowing you […] The post The Best Proxies for Sneaker Bots: A Comprehensive Guide appeared first on SecureBlitz Cybersecurity.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.