Mon.Sep 23, 2024

article thumbnail

Hacking the “Bike Angels” System for Moving Bikeshares

Schneier on Security

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

Hacking 275
article thumbnail

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

Penetration Testing

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for unauthenticated remote code execution (RCE), has been... The post Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

The Hacker News

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.

145
145
article thumbnail

100 million+ US citizens have records leaked by background check service

Malwarebytes

A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, work at their firm, or be granted a loan.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401.

DNS 143
article thumbnail

How the Necro Trojan infiltrated Google Play, again

SecureList

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don’t have. Unfortunately, it’s not uncommon for popular mods to contain malware. This often happens because they’re distributed on unofficial websites that don’t have any moderation.

Malware 141

More Trending

article thumbnail

ESET fixed two privilege escalation flaws in its products

Security Affairs

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products. The first vulnerability, tracked as CVE-2024-7400 (CVSS score of 7.3), could allow an attacker to misuse ESET’s file operations during the removal of a detected file to delete files without having proper permissions to do so.

Antivirus 135
article thumbnail

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

The Hacker News

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0.

IoT 140
article thumbnail

SpaceX, CNN, and The White House internal data allegedly published online. Is it real?

Malwarebytes

A cybercriminal has released internal data online that they say has come from leaks at several high-profile sources, including SpaceX, CNN, and the White House. However, there are some questions around the reliability and usefulness of the released data, so we took a closer look. When it comes to the the SpaceX data set, the poster is apparently not a big fan of Elon Musk.

article thumbnail

ColorTokens Acquires PureID to Advance Zero-Trust IT

Security Boulevard

The IAM platform developed by PureID will allow ColorTokens to further extend the reach and scope of the company’s zero-trust IT portfolio. The post ColorTokens Acquires PureID to Advance Zero-Trust IT appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Why 'Never Expire' Passwords Can Be a Risky Decision

The Hacker News

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden.

Passwords 127
article thumbnail

Relationship broken up? Here’s how to separate your online accounts

Malwarebytes

Breaking up is hard to do. The internet has made it harder. With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into sensitive, shared online accounts , a vindictive ex could track someone who is actively using services like DoorDash, Uber, or Airbnb, spy on someone through a Ring doorbell, raise the temperature on a N

article thumbnail

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

The Hacker News

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama.

article thumbnail

Telegram will provide user data to law enforcement in response to legal requests

Security Affairs

Telegram will provide user data to law enforcement agencies in response to valid legal requests, according to a recent policy update Telegram has updated its privacy policy informing users that it will share users’ phone numbers and IP addresses with law enforcement in response to valid legal requests. The company CEO Pavel Durov announced the policy update this week.

Hacking 120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Iranian-Linked Group Facilitates APT Attacks on Middle East Networks

Security Boulevard

The threat group UNC1860, linked to Iran's security intelligence agency, gains initial access into networks around the region and hands that access off to other Iranian-associated hackers to established persistent and long-term access, Mandiant says. The post Iranian-Linked Group Facilitates APT Attacks on Middle East Networks appeared first on Security Boulevard.

article thumbnail

A week in security (September 16 – September 22)

Malwarebytes

Last week on Malwarebytes Labs: “Simply staggering” surveillance conducted by social media and streaming services, FTC finds Tor anonymity compromised by law enforcement. Is it still safe to use? Walmart customers scammed via fake shopping lists, threatened with arrest Snapchat wants to put your AI-generated face in its ads iOS 18 is out.

article thumbnail

Cloud Security Risk Prioritization is Broken. Here’s How to Fix It.

Security Boulevard

Understanding business risk empowers CISOs to provide a comprehensive picture of the business’ cloud security posture, which will help teams detect, prioritize and remediate threats to stop cloud and app-related breaches. The post Cloud Security Risk Prioritization is Broken. Here’s How to Fix It. appeared first on Security Boulevard.

Risk 117
article thumbnail

How to Create an Effective Cybersecurity Awareness Program

Tech Republic Security

Cybersecurity awareness training is educational content designed to teach employees how to recognize cyberattacks and prevent or mitigate them. Given that human elements play a role in almost three-quarters (74%) of all data breaches, teaching people how to stop a cyberattack (instead of contributing to it) through cybersecurity awareness training can reap major dividends for.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

PIPEDA

Security Boulevard

What is PIPEDA? The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s main privacy law for businesses. It sets out the rules for how companies should collect, use, and share personal information in a way that respects individuals’ privacy rights. Essentially, PIPEDA helps protect people’s personal details—like their names, contact info, or financial […] The post PIPEDA appeared first on Centraleyes.

101
101
article thumbnail

News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection

The Last Watchdog

LEHI, Utah, Sept. 23, 2024 – DigiCert, backed by Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake”), Crosspoint Capital Partners L.P. (“Crosspoint”), and TA Associates Management L.P. (“TA”), today announced it has completed its acquisition of Vercara, a leader in cloud-based services that secure the online experience, including managed authoritative Domain Name System (DNS) and Distributed Denial-of-Service (DDoS) security offerings that protect organizations’ network

DNS 100
article thumbnail

The Problem With Third-Party Breaches: A Data Protection Dilemma  

Security Boulevard

Third-party breaches pose a significant challenge to organizations, demanding meticulous attention and measures to prevent data compromises. The post The Problem With Third-Party Breaches: A Data Protection Dilemma appeared first on Security Boulevard.

article thumbnail

5 handy Alexa routines I depend on every day - and how to build your own

Zero Day

Ready to unlock your Amazon Echo's true potential? Here's how Alexa routines can automate your home, simplify tasks, and save you time with just a few taps in the Alexa app.

98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Information Stealer Alert: Lumma Strikes Again with Go-Based Injector

Penetration Testing

Recently, the eSentire Threat Response Unit (TRU) discovered a concerning new malware delivery chain involving a Go-based Injector that ultimately led to the execution of Lumma Stealer, a well-known information-stealing... The post Information Stealer Alert: Lumma Strikes Again with Go-Based Injector appeared first on Cybersecurity News.

Malware 95
article thumbnail

OLED vs. QLED TV: Which panel type is best suited for your home?

Zero Day

What's the difference between OLED and QLED TVs? Brightness level, picture quality, and price are just a few factors in deciding why you should buy one over the other.

98
article thumbnail

Will Smaller Companies Buckle Under the SEC’s Incident Reporting Requirements?

Security Boulevard

The SEC’s new incident reporting requirements have brought about many questions and concerns among security professionals and government bodies. The post Will Smaller Companies Buckle Under the SEC’s Incident Reporting Requirements? appeared first on Security Boulevard.

article thumbnail

So long, Chromecast: Google TV Streamer available today with these new features

Zero Day

Doubling as a smart home hub, the new streaming device comes with Google TV Freeplay and a Sports Page. You can buy it now.

97
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Types of Cloud Security Controls & Their Uses

eSecurity Planet

Cloud security controls are methods and protocols to protect cloud environments’ data, applications, and infrastructure. They enforce security measures to prevent threats and unauthorized access. These controls comprise physical, technical, and administrative safeguards. Understanding the various controls, their applications, benefits, and associated risks will help you gain full, secure operations during and after cloud migration.

Risk 88
article thumbnail

Researcher Details CVE-2024-20439 (CVSS 9.8) Flaw in Cisco Smart Licensing Utility

Penetration Testing

In a recent cybersecurity revelation, Nicholas Starke, a threat researcher at Aruba, a Hewlett Packard Enterprise company, unveiled the details of CVE-2024-20439, a severe vulnerability affecting Cisco’s Smart Licensing Utility... The post Researcher Details CVE-2024-20439 (CVSS 9.8) Flaw in Cisco Smart Licensing Utility appeared first on Cybersecurity News.

article thumbnail

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

Security Affairs

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet ), who previously distributed the macOS remote administration tool POOLRAT (aka SIMPLESEA ).

Malware 86
article thumbnail

The Importance of Cybersecurity Awareness and Insider Threat Management 

Security Boulevard

Insider threats, which involve individuals within an organization who exploit their access for malicious purposes or unwittingly cause security breaches due to human error, are a significant security challenge. The post The Importance of Cybersecurity Awareness and Insider Threat Management appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.