Mon.Sep 16, 2024

article thumbnail

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Internet 270
article thumbnail

DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity

Tech Republic Security

DuckDuckGo now has AI chat, emphasizing privacy and anonymity. Discover how this new offering aims to protect user data in conversations.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability CVE-2024-38080

Penetration Testing

Security researcher Pwndorei published a detailed analysis alongside a proof-of-concept (PoC) exploit code for a patched zero-day vulnerability in Windows Hyper-V, tracked as CVE-2024-38080. This critical flaw, already being actively... The post PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability CVE-2024-38080 appeared first on Cybersecurity News.

article thumbnail

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

The Hacker News

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.

Malware 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

NordPass Review (2024): Is it a Safe Password Manager?

Tech Republic Security

Nord Security fans will be happy to know that NordPass meets expectations as a high-quality password manager in its suite of security apps. Read more below.

article thumbnail

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer.

Internet 141

More Trending

article thumbnail

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

Security Affairs

A hacker tricked ChatGPT into providing instructions to make homemade bombs demonstrating how to bypass the chatbot safety guidelines. A hacker and artist, who goes online as Amadon, tricked ChatGPT into providing instructions to make homemade bombs bypassing the safety guidelines implemented by the chatbot. Initially, the expert asked for detailed instructions to create a fertilizer bomb similar to the one used in the 1995 Oklahoma City bombing, but the chatbot refused due to ethical responsibi

article thumbnail

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

The Hacker News

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research.

Software 135
article thumbnail

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions. “SolarWinds Access Rights Manager (ARM) was found

article thumbnail

166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)

Penetration Testing

A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popularity... The post 166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

D-Link addressed three critical RCE in wireless router models

Security Affairs

D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials. D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcoded credentials.

Wireless 136
article thumbnail

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

The Hacker News

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.

Software 132
article thumbnail

Apple’s New Passwords App May Solve Your Login Nightmares

WIRED Threat Level

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

Passwords 130
article thumbnail

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

The Hacker News

Imagine this. You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared? Traditional incident response plans are like old maps in a new world.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

News alert: Entro Security Labs report reveals pervasive exposures in ‘Non-Human Identities’

The Last Watchdog

Boston, MA, Sept. 16, 2024, CyberNewsWire — Entro Security , pioneer of the award-winning Non-Human Identity (NHI) and Secrets Management platform, today released its research report, “ 2025 State of Non-Human Identities and Secrets in Cybersecurity.” The Entro Security Lab found that 97% of NHIs have excessive privileges increasing unauthorized access and broadening the attack surface, and 92% of organizations are exposing NHIs to third parties, also resulting in unauthorized access if th

Risk 130
article thumbnail

Critical Flaws Found in VICIdial Contact Center Suite: CVE-2024-8503 and CVE-2024-8504, PoC Published

Penetration Testing

In a concerning development for call centers using VICIdial, a popular open-source contact center solution, two high-severity security vulnerabilities have been discovered that could lead to severe data breaches and... The post Critical Flaws Found in VICIdial Contact Center Suite: CVE-2024-8503 and CVE-2024-8504, PoC Published appeared first on Cybersecurity News.

article thumbnail

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. Apple wants to dismiss its lawsuit against NSO Group due to three key developments.

article thumbnail

AI and Cyber Security: Innovations & Challenges

eSecurity Planet

As cyber threats become increasingly sophisticated, integrating artificial intelligence (AI) into cybersecurity is more than a passing trend — it’s a groundbreaking shift in protecting our digital assets. As cyber-attacks grow increasingly complex, leveraging AI becomes crucial for staying ahead of emerging threats. Let’s dive into how AI and cybersecurity are transforming in today’s highly modern and complex times, explore their benefits and challenges, and see how they shape the fu

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI security bubble already springing leaks

We Live Security

Machine learning and artificial intelligence are just a spoke in the wheel of security – an important spoke but, alas, only one.

article thumbnail

After CrowdStrike Crash, Microsoft Mulls New Windows Security Tools

Security Boulevard

Microsoft is looking to add new security platform features to Windows, including allowing security vendors to operate outside of the OS' kernel to avoid the situation that let a faulty software update by CrowdStrike in July to crash 8.5 million Windows systems around the world. The post After CrowdStrike Crash, Microsoft Mulls New Windows Security Tools appeared first on Security Boulevard.

Software 121
article thumbnail

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

The Hacker News

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism.

113
113
article thumbnail

Five Tools That Can Help Organizations Combat AI-powered Deception

Security Boulevard

As digital exploitation, fraud and deception move deeper into society, it is incumbent on organizations to educate their employees on digital literacy skills, make them aware of the risks posed by phishing and social engineering threats. The post Five Tools That Can Help Organizations Combat AI-powered Deception appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

10 Common Cybersecurity Threats and How to Handle Them

Tech Republic Security

Cybersecurity has always been an arms race where the enemy’s arsenal is more sophisticated than ever. These attacks are getting smarter, faster, and costlier, thanks to the advent of generative AI and the lack of an offense-based security culture. Once, it was enough to fend off the occasional virus with a simple antivirus scan.

article thumbnail

Why Are So Many Public Sector Organizations Getting Attacked?

Security Boulevard

Public sector organizations such as schools, hospitals, manufacturing units, essential services and government offices have become a popular target for cybercriminals. The post Why Are So Many Public Sector Organizations Getting Attacked? appeared first on Security Boulevard.

article thumbnail

A week in security (September 9 – September 15)

Malwarebytes

Last week on Malwarebytes Labs: Ford seeks patent for conversation-based advertising Scammers advertise fake AppleCare+ service via GitHub repos Facebook scrapes photos of kids from Australian user profiles to train its AI PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data Payment provider data breach exposes credit card information of 1.7 million customers Your partner “is cheating on you” scam asks you to pay to see proof What the arr

Scams 99
article thumbnail

Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO

Security Boulevard

Apple wants its three-year-old lawsuit against spyware maker NSO to be dismissed, citing the surveillance software maker's declining dominance of the expanding market and fears that its own threat intelligence could be exposed, which would harm its efforts to protect its users. The post Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO appeared first on Security Boulevard.

Spyware 116
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Amazon Alexa can now be controlled by thought alone - thanks to this brain implant

Zero Day

With this new accessibility innovation from Synchron, the entire Amazon smart home ecosystem can be controlled hands-free and voice-free.

98
article thumbnail

Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered

Penetration Testing

In a recent analysis, security researcher Mikko Kenttälä exposed a critical zero-click vulnerability chain in macOS, potentially affecting millions of users. This exploit, dubbed the “Zero-Click Calendar Invite,” allows attackers... The post Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered appeared first on Cybersecurity News.

article thumbnail

The best iOS 18 features that will make updating your iPhone worthwhile

Zero Day

Here are the best new features coming with Apple's latest software version, available for the iPhone 16 and older models.

article thumbnail

Vulnerability Recap 9/16/24 – Critical Endpoint Flaws Emerged

eSecurity Planet

Recent vulnerability news disclosed significant endpoint vulnerabilities, including side-channel attacks, command injection, remote code execution (RCE), SQL injection, and keystroke interference. Notable events last week include the RAMBO attack, command injection problems in Progress Software’s LoadMaster, and several zero-day vulnerabilities in Microsoft products that may cause privilege escalation and RCE.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.