Jane Frankland

AUGUST 8, 2024

Recently, the world witnessed one of the biggest IT outages in history when CrowdStrike, a renowned cybersecurity firm, with a customer base of around 24,000, caused an unprecedented IT outage and Blue Screen of Deaths (BSODs) for Microsoft Windows devices, globally. It’s astonishing how routine maintenance and a glitch in software can lead to global chaos whereby banks, airlines, train companies, telcos, healthcare providers, supermarkets, TV and radio broadcasters are taken offline, and the co

Technology 130

Technology Insurance Accountability Marketing 130

Penetration Testing

AUGUST 8, 2024

Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

AUGUST 8, 2024

Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.

Banking 130

Banking Authentication Software Network Security 130

WIRED Threat Level

AUGUST 8, 2024

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

Scams 141

Scams Hacking 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

AUGUST 8, 2024

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

Cybersecurity 142

Cybersecurity 142

Trend Micro

AUGUST 8, 2024

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures.

Malware 122

Malware 122

The Hacker News

AUGUST 8, 2024

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.

Architecture 125

Architecture Risk 125

Security Boulevard

AUGUST 8, 2024

Embracing a just-in-time and just-enough privilege approach that harnesses context and automation can remove the tension between security and productivity, enabling teams to run faster without compromising on security standards. The post Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege appeared first on Security Boulevard.

Security Awareness 117

Security Awareness Cybersecurity 117

The Hacker News

AUGUST 8, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.

Software 122

Software Cybersecurity 122

Security Boulevard

AUGUST 8, 2024

The January ransomware attack on loanDepot has so far cost the mortgage lender $26.9 million, including $25 million toward the possible settlement of a related class action lawsuit, company executives said in their Q2 financial report. The post Ransomware Attack Costs loanDepot Almost $27 Million appeared first on Security Boulevard.

Ransomware 116

Ransomware Financial Services Cybersecurity Malware 116

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

AUGUST 8, 2024

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers.

Cybersecurity 119

Cybersecurity 119

WIRED Threat Level

AUGUST 8, 2024

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.

Hacking 114

Hacking 114

The Hacker News

AUGUST 8, 2024

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.

Phishing 118

Phishing Scams Cybersecurity 118

Security Boulevard

AUGUST 8, 2024

A study by the CSA found that the human element continues to play a key role in the top threats facing cloud computing environments, including misconfigurations, IAM, and insecurity interfaces and APIs. The post Humans are Top Factor in Cloud Security: CSA Study appeared first on Security Boulevard.

Mobile 112

Mobile Cybersecurity Network Security 112

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) related to BlackSuit operation, which rebrands legacy Royal ransomware , identified by FBI investigations as recent as July 20

Ransomware 130

Ransomware VPN Manufacturing Healthcare 130

Security Boulevard

AUGUST 8, 2024

Half of the 40,000 internet-connected industrial control systems (ICS) devices in the U.S., more than half of which are associated with building control and automation protocols, run low-level automation protocols found in wireless and consumer access networks, including those of Verizon and Comcast. The post Web-Connected Industrial Control Systems Vulnerable to Attack appeared first on Security Boulevard.

Wireless 108

Wireless Internet Internet VPN 108

Security Affairs

AUGUST 8, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw ( CVE-2024-36971 ) and an Apache OFBiz Path Traversal issue ( CVE-2024-32113 ) to its Known Exploited Vulnerabilities (KEV) catalog.

Spyware 125

Spyware Cybersecurity Hacking Risk 125

Security Boulevard

AUGUST 8, 2024

The convergence of operational technology (OT) and information technology (IT) networks has created a complex environment increasingly vulnerable to cyberattacks, a challenge compounded by a backlog of legacy systems, an expanding attack surface and an overstretched workforce. The post Operational Technology (OT) Security a Top Priority for CIOs appeared first on Security Boulevard.

Technology 104

Technology Security Awareness Cybersecurity Network Security 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

eSecurity Planet

AUGUST 8, 2024

CrowdStrike, a cybersecurity behemoth renowned for its cloud-based endpoint protection platform, was in the eye of a storm on July 19, 2024. A catastrophic software update unleashed a domino effect of disruptions, paralyzing millions of computers across the globe. The impact was far-reaching and unprecedented, from bustling airports to critical healthcare facilities.

Software 104

Software Healthcare Penetration Testing Cybersecurity 104

Security Boulevard

AUGUST 8, 2024

Situational awareness means what is happening around you, making educated judgments, and responding appropriately to any given scenario. It can be helpful on an individual level and also to organizations for making better decisions. The post How Situational Awareness Enhances the Security of Your Facility appeared first on Security Boulevard.

Education 100

Education Security Awareness Cybersecurity 100

WIRED Threat Level

AUGUST 8, 2024

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Phishing 114

Phishing Hacking 114

Security Boulevard

AUGUST 8, 2024

As a curious reader of global consulting service reports, one report especially around Global Mergers and Acquisitions (M&A) caught my eye. The world of strategic M&A saw deals totaling about $3.1 trillion USD (source: J.P. Morgan 2024 Global M&A Roadmap). The M&A landscape continues to evolve, driven by factors such as advancements in artificial intelligence, […] The post The Importance of Domain and DNS Lifecycle Management with Mergers and Acquisitions appeared first on Securi

DNS 100

DNS Artificial Intelligence 100

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

AUGUST 8, 2024

Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed CVE-2024-5290 and assigned a CVSS score of 8.8 (High severity),... The post CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover appeared first on Cybersecurity News.

Software 98

Software Cybersecurity 98

The Hacker News

AUGUST 8, 2024

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale.

Risk 99

Risk 99

Security Affairs

AUGUST 8, 2024

An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security’s research team warns of an 18-year-old bug, dubbed “0.0.0.0 Day,” that allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks.

DNS 116

DNS VPN Hacking Information Security 116

The Hacker News

AUGUST 8, 2024

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical.

Network Security 94

Network Security Cybersecurity Technology 94

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

AUGUST 8, 2024

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD. In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million.

Identity Theft 94

Identity Theft Data collection Encryption Risk 94

Penetration Testing

AUGUST 8, 2024

MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553 (CVSS 7.3), could allow a malicious local... The post MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products appeared first on Cybersecurity News.

Cybersecurity 94

Cybersecurity 94

ZoneAlarm

AUGUST 8, 2024

A recent ransomware attack on OneBlood, a major blood supplier, has severely disrupted the blood supply chain in Florida, prompting urgent health warnings and a call for donations. This cyberattack underscores the critical vulnerability of healthcare infrastructures and the far-reaching implications of such breaches. OneBlood is a leading blood supplier in the southeastern United States, … The post Ransomware Attack on Blood Supplier OneBlood Disrupts Healthcare System appeared first on Zo

Healthcare 85

Healthcare Ransomware Cybersecurity 85

Penetration Testing

AUGUST 8, 2024

Security researchers from iVerify have recently detected a sophisticated fileless malware-spreading framework named GhostHook, which is currently being circulated across various cybercrime forums and networks. Designed for disseminating malware and other malicious payloads, GhostHook... The post GhostHook Framework: A New Fileless Malware Threatens Android Devices appeared first on Cybersecurity News.

Malware 90

Malware Cybercrime Cybersecurity 90

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government