Schneier on Security

SEPTEMBER 23, 2024

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

Hacking 181

Hacking Manufacturing Scams 181

The Hacker News

SEPTEMBER 23, 2024

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.

137

137

The Last Watchdog

SEPTEMBER 23, 2024

LEHI, Utah, Sept. 23, 2024 – DigiCert, backed by Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake”), Crosspoint Capital Partners L.P. (“Crosspoint”), and TA Associates Management L.P. (“TA”), today announced it has completed its acquisition of Vercara, a leader in cloud-based services that secure the online experience, including managed authoritative Domain Name System (DNS) and Distributed Denial-of-Service (DDoS) security offerings that protect organizations’ network

DNS 100

DNS DDOS Technology Software 100

Penetration Testing

SEPTEMBER 23, 2024

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for unauthenticated remote code execution (RCE), has been... The post Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure appeared first on Cybersecurity News.

Cybersecurity 120

Cybersecurity 120

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

SEPTEMBER 23, 2024

The IAM platform developed by PureID will allow ColorTokens to further extend the reach and scope of the company’s zero-trust IT portfolio. The post ColorTokens Acquires PureID to Advance Zero-Trust IT appeared first on Security Boulevard.

Security Awareness 116

Security Awareness Cybersecurity 116

The Hacker News

SEPTEMBER 23, 2024

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption ("E2EE A/V").

Encryption 124

Encryption 124

The Hacker News

SEPTEMBER 23, 2024

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0.

IoT 124

IoT Risk Software 124

Tech Republic Security

SEPTEMBER 23, 2024

Cybersecurity awareness training is educational content designed to teach employees how to recognize cyberattacks and prevent or mitigate them. Given that human elements play a role in almost three-quarters (74%) of all data breaches, teaching people how to stop a cyberattack (instead of contributing to it) through cybersecurity awareness training can reap major dividends for.

Cybersecurity 85

Cybersecurity Data breaches Education 85

Security Boulevard

SEPTEMBER 23, 2024

The threat group UNC1860, linked to Iran's security intelligence agency, gains initial access into networks around the region and hands that access off to other Iranian-associated hackers to established persistent and long-term access, Mandiant says. The post Iranian-Linked Group Facilitates APT Attacks on Middle East Networks appeared first on Security Boulevard.

Security Intelligence 93

Security Intelligence Malware Cybersecurity Network Security 93

The Hacker News

SEPTEMBER 23, 2024

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama.

Cybersecurity 114

Cybersecurity Malware 114

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Penetration Testing

SEPTEMBER 23, 2024

Recently, the eSentire Threat Response Unit (TRU) discovered a concerning new malware delivery chain involving a Go-based Injector that ultimately led to the execution of Lumma Stealer, a well-known information-stealing... The post Information Stealer Alert: Lumma Strikes Again with Go-Based Injector appeared first on Cybersecurity News.

Malware 91

Malware Cybersecurity 91

Zero Day

SEPTEMBER 23, 2024

What's the difference between OLED and QLED TVs? Brightness level, picture quality, and price are just a few factors in deciding why you should buy one over the other.

93

93

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401.

DNS 90

DNS Government Phishing Telecommunications 90

Malwarebytes

SEPTEMBER 23, 2024

A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, work at their firm, or be granted a loan.

Data breaches 86

Data breaches Passwords Phishing Password Management 86

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

SEPTEMBER 23, 2024

Third-party breaches pose a significant challenge to organizations, demanding meticulous attention and measures to prevent data compromises. The post The Problem With Third-Party Breaches: A Data Protection Dilemma appeared first on Security Boulevard.

Encryption 83

Encryption Security Awareness Government Cybersecurity 83

Penetration Testing

SEPTEMBER 23, 2024

In a recent cybersecurity revelation, Nicholas Starke, a threat researcher at Aruba, a Hewlett Packard Enterprise company, unveiled the details of CVE-2024-20439, a severe vulnerability affecting Cisco’s Smart Licensing Utility... The post Researcher Details CVE-2024-20439 (CVSS 9.8) Flaw in Cisco Smart Licensing Utility appeared first on Cybersecurity News.

Cybersecurity 80

Cybersecurity 80

Security Boulevard

SEPTEMBER 23, 2024

Insider threats, which involve individuals within an organization who exploit their access for malicious purposes or unwittingly cause security breaches due to human error, are a significant security challenge. The post The Importance of Cybersecurity Awareness and Insider Threat Management appeared first on Security Boulevard.

Cybersecurity 83

Cybersecurity Cyber Attacks Security Awareness Ransomware 83

Security Affairs

SEPTEMBER 23, 2024

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products. The first vulnerability, tracked as CVE-2024-7400 (CVSS score of 7.3), could allow an attacker to misuse ESET’s file operations during the removal of a detected file to delete files without having proper permissions to do so.

Antivirus 77

Antivirus Small Business Engineering Internet 77

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

SEPTEMBER 23, 2024

The SEC’s new incident reporting requirements have brought about many questions and concerns among security professionals and government bodies. The post Will Smaller Companies Buckle Under the SEC’s Incident Reporting Requirements? appeared first on Security Boulevard.

Government 74

Government CISO Security Awareness Risk 74

The Hacker News

SEPTEMBER 23, 2024

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden.

Passwords 90

Passwords 90

Malwarebytes

SEPTEMBER 23, 2024

Last week on Malwarebytes Labs: “Simply staggering” surveillance conducted by social media and streaming services, FTC finds Tor anonymity compromised by law enforcement. Is it still safe to use? Walmart customers scammed via fake shopping lists, threatened with arrest Snapchat wants to put your AI-generated face in its ads iOS 18 is out.

Surveillance 74

Surveillance Scams Data breaches Media 74

Security Boulevard

SEPTEMBER 23, 2024

Last week, the CMMC Final Rule (known as CFR 32) was released from OIRA, meaning no more changes can be made. Since CFR 32 is considered a Major Rule, it will next undergo a Congressional review of up to 60 days, after which it becomes law. Any inaction by Congress results in it becoming law. […] The post The CMMC Rule is Final! appeared first on PreVeil.

73

73

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Zero Day

SEPTEMBER 23, 2024

Ready to unlock your Amazon Echo's true potential? Here's how Alexa routines can automate your home, simplify tasks, and save you time with just a few taps in the Alexa app.

72

72

Security Boulevard

SEPTEMBER 23, 2024

Helping government agencies and organizations operating in the public sector navigate password and credential security. The post Public Sector Compliance: Passwords and Credentials Matter appeared first on Security Boulevard.

Passwords 70

Passwords Government Data breaches 70

Penetration Testing

SEPTEMBER 23, 2024

Singapore-based cryptocurrency exchange BingX has reported a significant cyberattack resulting in the loss of over $44 million in digital assets. The incident, which was detected last week following unusual large-scale... The post BingX Suffers $44 Million Cyberattack, Highlighting Web3 Security Concerns appeared first on Cybersecurity News.

Cryptocurrency 69

Cryptocurrency Cybersecurity 69

Malwarebytes

SEPTEMBER 23, 2024

Breaking up is hard to do. The internet has made it harder. With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into sensitive, shared online accounts , a vindictive ex could track someone who is actively using services like DoorDash, Uber, or Airbnb, spy on someone through a Ring doorbell, raise the temperature on a N

Accountability 67

Accountability Passwords Media Banking 67

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

SEPTEMBER 23, 2024

Lattice-based cryptography is a quantum-resistant encryption method that uses complex mathematical lattices, offering security against quantum computing attacks. Unlike traditional encryption methods such as RSA and ECC, which are vulnerable to quantum computers, lattice-based cryptography remains secure due to the computational difficulty of solving lattice problems.

Encryption 70

Encryption Government 70

Security Affairs

SEPTEMBER 23, 2024

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet ), who previously distributed the macOS remote administration tool POOLRAT (aka SIMPLESEA ).

Malware 70

Malware Cryptocurrency Risk Encryption 70

Penetration Testing

SEPTEMBER 23, 2024

In a concerning development for Android users, Kaspersky Labs has uncovered a new version of the Necro Trojan, a multi-stage malware loader capable of infecting millions of devices. This latest... The post New Necro Trojan Targets Over 11 Million Android Devices Through Google Play and Unofficial Apps appeared first on Cybersecurity News.

Malware 69

Malware Cybersecurity 69

Malwarebytes

SEPTEMBER 23, 2024

A cybercriminal has released internal data online that they say has come from leaks at several high-profile sources, including SpaceX, CNN, and the White House. However, there are some questions around the reliability and usefulness of the released data, so we took a closer look. When it comes to the the SpaceX data set, the poster is apparently not a big fan of Elon Musk.

Data breaches 68

Data breaches Risk Cybersecurity 68

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare