Thu.Aug 08, 2024

article thumbnail

How to Get Rid of a Crisis, Once and for All

Jane Frankland

Recently, the world witnessed one of the biggest IT outages in history when CrowdStrike, a renowned cybersecurity firm, with a customer base of around 24,000, caused an unprecedented IT outage and Blue Screen of Deaths (BSODs) for Microsoft Windows devices, globally. It’s astonishing how routine maintenance and a glitch in software can lead to global chaos whereby banks, airlines, train companies, telcos, healthcare providers, supermarkets, TV and radio broadcasters are taken offline, and the co

article thumbnail

Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers

Penetration Testing

Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

WIRED Threat Level

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

Scams 144
article thumbnail

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

The Hacker News

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) related to BlackSuit operation, which rebrands legacy Royal ransomware , identified by FBI investigations as recent as July 20

article thumbnail

How to Offer Secure IVR Banking and Authenticate Callers

Tech Republic Security

Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.

Banking 123

More Trending

article thumbnail

Over $40 million recovered and arrests made within days of firm realising it had fallen for Business Email Compromise scam

Graham Cluley

According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news. However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent BEC heist just two days after being told about it.

Scams 123
article thumbnail

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

Security Affairs

An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security’s research team warns of an 18-year-old bug, dubbed “0.0.0.0 Day,” that allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks.

DNS 116
article thumbnail

A Dive into Earth Baku’s Latest Campaign

Trend Micro

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures.

Malware 126
article thumbnail

Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege

Security Boulevard

Embracing a just-in-time and just-enough privilege approach that harnesses context and automation can remove the tension between security and productivity, enabling teams to run faster without compromising on security standards. The post Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

WIRED Threat Level

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.

Hacking 123
article thumbnail

Ransomware Attack Costs loanDepot Almost $27 Million

Security Boulevard

The January ransomware attack on loanDepot has so far cost the mortgage lender $26.9 million, including $25 million toward the possible settlement of a related class action lawsuit, company executives said in their Q2 financial report. The post Ransomware Attack Costs loanDepot Almost $27 Million appeared first on Security Boulevard.

article thumbnail

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

The Hacker News

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.

article thumbnail

Humans are Top Factor in Cloud Security: CSA Study

Security Boulevard

A study by the CSA found that the human element continues to play a key role in the top threats facing cloud computing environments, including misconfigurations, IAM, and insecurity interfaces and APIs. The post Humans are Top Factor in Cloud Security: CSA Study appeared first on Security Boulevard.

Mobile 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.

Software 117
article thumbnail

Web-Connected Industrial Control Systems Vulnerable to Attack

Security Boulevard

Half of the 40,000 internet-connected industrial control systems (ICS) devices in the U.S., more than half of which are associated with building control and automation protocols, run low-level automation protocols found in wireless and consumer access networks, including those of Verizon and Comcast. The post Web-Connected Industrial Control Systems Vulnerable to Attack appeared first on Security Boulevard.

Wireless 108
article thumbnail

University Professors Targeted by North Korean Cyber Espionage Group

The Hacker News

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers.

article thumbnail

Operational Technology (OT) Security a Top Priority for CIOs

Security Boulevard

The convergence of operational technology (OT) and information technology (IT) networks has created a complex environment increasingly vulnerable to cyberattacks, a challenge compounded by a backlog of legacy systems, an expanding attack surface and an overstretched workforce. The post Operational Technology (OT) Security a Top Priority for CIOs appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

The Hacker News

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.

Phishing 113
article thumbnail

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

WIRED Threat Level

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Phishing 125
article thumbnail

 How Situational Awareness Enhances the Security of Your Facility

Security Boulevard

Situational awareness means what is happening around you, making educated judgments, and responding appropriately to any given scenario. It can be helpful on an individual level and also to organizations for making better decisions. The post How Situational Awareness Enhances the Security of Your Facility appeared first on Security Boulevard.

Education 100
article thumbnail

CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover

Penetration Testing

Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed CVE-2024-5290 and assigned a CVSS score of 8.8 (High severity),... The post CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The Importance of Domain and DNS Lifecycle Management with Mergers and Acquisitions

Security Boulevard

As a curious reader of global consulting service reports, one report especially around Global Mergers and Acquisitions (M&A) caught my eye. The world of strategic M&A saw deals totaling about $3.1 trillion USD (source: J.P. Morgan 2024 Global M&A Roadmap). The M&A landscape continues to evolve, driven by factors such as advancements in artificial intelligence, […] The post The Importance of Domain and DNS Lifecycle Management with Mergers and Acquisitions appeared first on Securi

DNS 100
article thumbnail

CrowdStrike Class Action Lawsuit for Massive Software Outage

eSecurity Planet

CrowdStrike, a cybersecurity behemoth renowned for its cloud-based endpoint protection platform, was in the eye of a storm on July 19, 2024. A catastrophic software update unleashed a domino effect of disruptions, paralyzing millions of computers across the globe. The impact was far-reaching and unprecedented, from bustling airports to critical healthcare facilities.

Software 103
article thumbnail

MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products

Penetration Testing

MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553 (CVSS 7.3), could allow a malicious local... The post MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products appeared first on Cybersecurity News.

article thumbnail

Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework

The Hacker News

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale.

Risk 94
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Stolen data from scraping service National Public Data leaked online

Malwarebytes

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD. In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million.

article thumbnail

Ransomware Attack on Blood Supplier OneBlood Disrupts Healthcare System

ZoneAlarm

A recent ransomware attack on OneBlood, a major blood supplier, has severely disrupted the blood supply chain in Florida, prompting urgent health warnings and a call for donations. This cyberattack underscores the critical vulnerability of healthcare infrastructures and the far-reaching implications of such breaches. OneBlood is a leading blood supplier in the southeastern United States, … The post Ransomware Attack on Blood Supplier OneBlood Disrupts Healthcare System appeared first on Zo

article thumbnail

Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

The Hacker News

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical.

article thumbnail

GhostHook Framework: A New Fileless Malware Threatens Android Devices

Penetration Testing

Security researchers from iVerify have recently detected a sophisticated fileless malware-spreading framework named GhostHook, which is currently being circulated across various cybercrime forums and networks. Designed for disseminating malware and other malicious payloads, GhostHook... The post GhostHook Framework: A New Fileless Malware Threatens Android Devices appeared first on Cybersecurity News.

Malware 86
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.