Schneier on Security

SEPTEMBER 23, 2024

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

Hacking 254

Hacking Manufacturing Scams 254

Penetration Testing

SEPTEMBER 23, 2024

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for unauthenticated remote code execution (RCE), has been... The post Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

SEPTEMBER 23, 2024

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.

136

136

Malwarebytes

SEPTEMBER 23, 2024

A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, work at their firm, or be granted a loan.

Data breaches 133

Data breaches Passwords Phishing Password Management 133

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

SEPTEMBER 23, 2024

The IAM platform developed by PureID will allow ColorTokens to further extend the reach and scope of the company’s zero-trust IT portfolio. The post ColorTokens Acquires PureID to Advance Zero-Trust IT appeared first on Security Boulevard.

Security Awareness 129

Security Awareness Cybersecurity 129

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401.

DNS 139

DNS Government Phishing Telecommunications 139

SecureList

SEPTEMBER 23, 2024

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don’t have. Unfortunately, it’s not uncommon for popular mods to contain malware. This often happens because they’re distributed on unofficial websites that don’t have any moderation.

Malware 122

Malware Encryption Mobile Architecture 122

Security Boulevard

SEPTEMBER 23, 2024

The threat group UNC1860, linked to Iran's security intelligence agency, gains initial access into networks around the region and hands that access off to other Iranian-associated hackers to established persistent and long-term access, Mandiant says. The post Iranian-Linked Group Facilitates APT Attacks on Middle East Networks appeared first on Security Boulevard.

Security Intelligence 118

Security Intelligence Malware Cybersecurity Network Security 118

The Hacker News

SEPTEMBER 23, 2024

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0.

IoT 118

IoT Risk Software 118

Security Boulevard

SEPTEMBER 23, 2024

Understanding business risk empowers CISOs to provide a comprehensive picture of the business’ cloud security posture, which will help teams detect, prioritize and remediate threats to stop cloud and app-related breaches. The post Cloud Security Risk Prioritization is Broken. Here’s How to Fix It. appeared first on Security Boulevard.

Risk 117

Risk CISO Security Awareness Cybersecurity 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

SEPTEMBER 23, 2024

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption ("E2EE A/V").

Encryption 117

Encryption 117

Security Affairs

SEPTEMBER 23, 2024

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products. The first vulnerability, tracked as CVE-2024-7400 (CVSS score of 7.3), could allow an attacker to misuse ESET’s file operations during the removal of a detected file to delete files without having proper permissions to do so.

Antivirus 128

Antivirus Small Business Engineering Internet 128

Tech Republic Security

SEPTEMBER 23, 2024

Cybersecurity awareness training is educational content designed to teach employees how to recognize cyberattacks and prevent or mitigate them. Given that human elements play a role in almost three-quarters (74%) of all data breaches, teaching people how to stop a cyberattack (instead of contributing to it) through cybersecurity awareness training can reap major dividends for.

Cybersecurity 96

Cybersecurity Data breaches Education 96

eSecurity Planet

SEPTEMBER 23, 2024

Cloud security controls are methods and protocols to protect cloud environments’ data, applications, and infrastructure. They enforce security measures to prevent threats and unauthorized access. These controls comprise physical, technical, and administrative safeguards. Understanding the various controls, their applications, benefits, and associated risks will help you gain full, secure operations during and after cloud migration.

Risk 106

Risk Threat Detection Architecture Data breaches 106

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

SEPTEMBER 23, 2024

What is PIPEDA? The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s main privacy law for businesses. It sets out the rules for how companies should collect, use, and share personal information in a way that respects individuals’ privacy rights. Essentially, PIPEDA helps protect people’s personal details—like their names, contact info, or financial […] The post PIPEDA appeared first on Centraleyes.

101

101

Security Affairs

SEPTEMBER 23, 2024

Telegram will provide user data to law enforcement agencies in response to valid legal requests, according to a recent policy update Telegram has updated its privacy policy informing users that it will share users’ phone numbers and IP addresses with law enforcement in response to valid legal requests. The company CEO Pavel Durov announced the policy update this week.

Hacking 113

Hacking Mobile Information Security 113

Security Boulevard

SEPTEMBER 23, 2024

Third-party breaches pose a significant challenge to organizations, demanding meticulous attention and measures to prevent data compromises. The post The Problem With Third-Party Breaches: A Data Protection Dilemma appeared first on Security Boulevard.

Encryption 101

Encryption Security Awareness Government Cybersecurity 101

Zero Day

SEPTEMBER 23, 2024

Ready to unlock your Amazon Echo's true potential? Here's how Alexa routines can automate your home, simplify tasks, and save you time with just a few taps in the Alexa app.

98

98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

SEPTEMBER 23, 2024

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden.

Passwords 98

Passwords 98

Zero Day

SEPTEMBER 23, 2024

What's the difference between OLED and QLED TVs? Brightness level, picture quality, and price are just a few factors in deciding why you should buy one over the other.

98

98

The Hacker News

SEPTEMBER 23, 2024

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama.

Cybersecurity 98

Cybersecurity Malware 98

Penetration Testing

SEPTEMBER 23, 2024

Recently, the eSentire Threat Response Unit (TRU) discovered a concerning new malware delivery chain involving a Go-based Injector that ultimately led to the execution of Lumma Stealer, a well-known information-stealing... The post Information Stealer Alert: Lumma Strikes Again with Go-Based Injector appeared first on Cybersecurity News.

Malware 95

Malware Cybersecurity 95

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Malwarebytes

SEPTEMBER 23, 2024

A cybercriminal has released internal data online that they say has come from leaks at several high-profile sources, including SpaceX, CNN, and the White House. However, there are some questions around the reliability and usefulness of the released data, so we took a closer look. When it comes to the the SpaceX data set, the poster is apparently not a big fan of Elon Musk.

Data breaches 93

Data breaches Risk Cybersecurity 93

Security Boulevard

SEPTEMBER 23, 2024

The SEC’s new incident reporting requirements have brought about many questions and concerns among security professionals and government bodies. The post Will Smaller Companies Buckle Under the SEC’s Incident Reporting Requirements? appeared first on Security Boulevard.

Government 90

Government CISO Security Awareness Risk 90

Malwarebytes

SEPTEMBER 23, 2024

Breaking up is hard to do. The internet has made it harder. With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into sensitive, shared online accounts , a vindictive ex could track someone who is actively using services like DoorDash, Uber, or Airbnb, spy on someone through a Ring doorbell, raise the temperature on a N

Accountability 90

Accountability Passwords Media Banking 90

Security Boulevard

SEPTEMBER 23, 2024

Insider threats, which involve individuals within an organization who exploit their access for malicious purposes or unwittingly cause security breaches due to human error, are a significant security challenge. The post The Importance of Cybersecurity Awareness and Insider Threat Management appeared first on Security Boulevard.

Cybersecurity 85

Cybersecurity Cyber Attacks Security Awareness Ransomware 85

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Zero Day

SEPTEMBER 23, 2024

Doubling as a smart home hub, the new streaming device comes with Google TV Freeplay and a Sports Page. You can buy it now.

97

97

Security Boulevard

SEPTEMBER 23, 2024

Last week, the CMMC Final Rule (known as CFR 32) was released from OIRA, meaning no more changes can be made. Since CFR 32 is considered a Major Rule, it will next undergo a Congressional review of up to 60 days, after which it becomes law. Any inaction by Congress results in it becoming law. […] The post The CMMC Rule is Final! appeared first on PreVeil.

80

80

Digital Shadows

SEPTEMBER 23, 2024

ReliaQuest anticipates election-related targeting will pose substantial threats to businesses through phishing, distributed denial of service (DDoS), and data theft.

Cyber threats 81

Cyber threats DDOS Phishing 81

Security Affairs

SEPTEMBER 23, 2024

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet ), who previously distributed the macOS remote administration tool POOLRAT (aka SIMPLESEA ).

Malware 79

Malware Cryptocurrency Risk Encryption 79

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government