Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this: These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any

Phishing 356

Phishing Scams Banking Social Engineering 356

Schneier on Security

FEBRUARY 23, 2024

New research : LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity.

Hacking 314

Hacking Cybersecurity Artificial Intelligence 314

Troy Hunt

FEBRUARY 23, 2024

It's just been a joy to watch the material produced by the NCA and friends following the LockBit takedown this week. So much good stuff from the agencies themselves, not just content but high quality trolling too. Then there's the whole ecosystem of memes that have since emerged and provided endless hours of entertainment 😊 I'm sure we'll see a lot more come out of this yet and inevitably there's seized material that will still be providing value to further inves

Phishing 275

Phishing 275

Tech Republic Security

FEBRUARY 23, 2024

Learn more about IAM and its importance in securing digital identities and managing access privileges in this comprehensive guide.

160

160

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

FEBRUARY 23, 2024

A high-severity vulnerability, designated CVE-2024-26582, has been discovered within the Transport Layer Security (TLS) subsystem of the Linux kernel. This flaw stems from a use-after-free error in the way kTLS (the kernel’s TLS implementation)... The post CVE-2024-26582 (CVSS 8.4): Linux Kernel Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

The Hacker News

FEBRUARY 23, 2024

Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems.

Artificial Intelligence 144

Artificial Intelligence Risk 144

The Hacker News

FEBRUARY 23, 2024

A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel.

Malware 140

Malware Software 140

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The security breach occurred on Sunday 18 February 2024, but Tangerine management became aware of the incident on Tuesday 20 February 2024.

Data breaches 138

Data breaches Telecommunications Banking Mobile 138

Malwarebytes

FEBRUARY 23, 2024

On February 20, Joomla! posted details about four vulnerabilities it had fixed in its Content Management System (CMS), and one in the Joomla! Framework that affects the CMS. Joomla! is an open-source CMS that’s been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites.

Authentication 137

Authentication Firewall Risk Media 137

The Hacker News

FEBRUARY 23, 2024

Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.

135

135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

FEBRUARY 23, 2024

ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage millions of endpoints (clients). A Shadowserver scan revealed approximately 3,800 vulnerable ConnectWise ScreenConnect instances on Wednesday, most of them in the US. ~3800 vulnerable ConnectWise Screen

Authentication 129

Authentication Software Ransomware Cybersecurity 129

Bleeping Computer

FEBRUARY 23, 2024

Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. [.

Healthcare 129

Healthcare Hacking 129

Graham Cluley

FEBRUARY 23, 2024

Prescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Read more in my article on the Hot for Security blog.

Cyber Attacks 124

Cyber Attacks Healthcare Technology Ransomware 124

Bleeping Computer

FEBRUARY 23, 2024

Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [.

Banking 122

Banking Accountability Software Mobile 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

FEBRUARY 23, 2024

The Cloud Security Alliance (CSA) State of Security Remediation report underscored the difficult balancing act cloud security experts face. The post Organizations Unprepared to Face Cloud Security Threats appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity 122

Bleeping Computer

FEBRUARY 23, 2024

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. [.

Accountability 121

Accountability 121

Security Boulevard

FEBRUARY 23, 2024

Cyberattacks exploiting critical vulnerabilities in ConnectWise’s remote monitoring and management (RMM) tool revealed this week have snowballed and some bad actors are using it to deploy LockBit ransomware, which was the target of a recent international law enforcement operation. The information shows the merging of two of the more significant news stories in the cybersecurity.

Ransomware 116

Ransomware Cybersecurity Data privacy Mobile 116

Bleeping Computer

FEBRUARY 23, 2024

Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [.

Banking 115

Banking Accountability Software Mobile 115

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 23, 2024

Avast Software will pay a $16.5 million fine to settle a federal complaint accusing the antivirus vendor of collecting users’ browsing data over six years and selling it to advertising companies without their consent. In fact, Avast did all this while promising users that its products would protect consumers from being tracked online, according to. The post Avast Hit With $16.5 Million Fine for Selling Customer Data appeared first on Security Boulevard.

Antivirus 112

Antivirus Advertising Software Data privacy 112

Penetration Testing

FEBRUARY 23, 2024

brutespray Brutespray has been updated to golang. Without needing to rely on other tools this version will be extensible to bruteforce many different services and is way faster than its Python counterpart. Currently, Brutespray... The post brutespray: Automatically attempts default creds on found services appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Passwords 109

Bleeping Computer

FEBRUARY 23, 2024

The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. [.

Ransomware 109

Ransomware Cryptocurrency 109

Heimadal Security

FEBRUARY 23, 2024

Researchers in security are issuing warnings about threat actors misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. With Google Cloud Run, customers can manage workloads and launch front-end and back-end services, websites, and apps without having to worry about scaling or maintaining an infrastructure.

Banking 96

Banking Cybersecurity 96

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

eSecurity Planet

FEBRUARY 23, 2024

An application gateway, also known as an application level gateway (ALG), functions as a critical firewall proxy for network security. Its filtering capability ensures that only certain network application data is transmitted, which has an impact on the security of protocols including FTP, Telnet, RTSP, and BitTorrent. Understanding ALGs involves knowing how they work, their pros and cons, and how they integrate with or differ from other types of firewalls.

Firewall 96

Firewall VPN Network Security Architecture 96

Penetration Testing

FEBRUARY 23, 2024

What is Minder? Minder by Stacklok is an open-source platform that helps development teams and open-source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners... The post minder: Software Supply Chain Security Platform appeared first on Penetration Testing.

Software 94

Software Penetration Testing 94

Bleeping Computer

FEBRUARY 23, 2024

Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content.

91

91

Heimadal Security

FEBRUARY 23, 2024

President Joe Biden has signed an executive order to enhance cybersecurity at U.S. ports. $20 billion will be invested in port upgrades, including a shift to trusted crane suppliers. This measure counteracts risks posed by the use of cranes made by China, and aims to expand the Coast Guard’s authority. Strengthening U.S. Port Cybersecurity The […] The post Biden Signs Executive Order to Boost Maritime Cybersecurity Amid China Concerns appeared first on Heimdal Security Blog.

Cybersecurity 86

Cybersecurity Risk 86

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

FEBRUARY 23, 2024

Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. [.

Data breaches 89

Data breaches Ransomware 89

Security Boulevard

FEBRUARY 23, 2024

Before understanding the need for endpoint security, let’s make you see through a recent study on the same. Around 68% of businesses experienced a targeted endpoint attack that compromised their IT infrastructure. Devices also experienced the same percentage rise in cyber attacks compared to previous years. What is Endpoint Security? Endpoint security can be defined […] The post Why Do We Need Endpoint Security in 2024?

Cyber Attacks 80

Cyber Attacks Network Security 80

Bleeping Computer

FEBRUARY 23, 2024

The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. [.

Advertising 84

Advertising Technology Government 84

Heimadal Security

FEBRUARY 23, 2024

While Datto is undoubtedly a powerful solution, it has certain limitations which can be frustrating for MSPs. Let’s learn more about some of these limitations, and explore alternative solutions you should consider. Reasons MSPs Are Looking for Datto Alternatives Datto is a data backup and recovery provider. They build hardware which sits in client offices […] The post The 9 Best Datto Alternatives in 2024 (for MSPs) appeared first on Heimdal Security Blog.

Backups 79

Backups 79

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity