Schneier on Security

MAY 17, 2024

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.

Hacking 264

Hacking Accountability Ransomware Internet 264

Tech Republic Security

MAY 17, 2024

Read about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.

Ransomware 192

Ransomware Big data Cybersecurity 192

Security Affairs

MAY 17, 2024

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data exfiltration, and maintaining control over compromised systems.

Phishing 141

Phishing Software Government Malware 141

Tech Republic Security

MAY 17, 2024

Regardless of how badly your files, or their formats, are damaged, EaseUS Fixo can restore your office files, videos and photos, even in batches. Get a lifetime subscription for $49.99 at TechRepublic Academy.

129

129

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MAY 17, 2024

Overall ransomware frequency grew by 64% in 2023, with increases in both direct and indirect ransomware. Victims paid $282,000 in ransom on average, a 77% drop in price, and half the companies avoided paying a ransom completely. The post Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million appeared first on Security Boulevard.

Ransomware 122

Ransomware 122

Tech Republic Security

MAY 17, 2024

This $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.

Cybersecurity 137

Cybersecurity 137

Security Affairs

MAY 17, 2024

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genius Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response. The nation-state actor attack used a fake account posing as a South Korean public official in the North Korean human rights sector.

Malware 131

Malware Phishing Accountability Media 131

Bleeping Computer

MAY 17, 2024

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. [.

Authentication 127

Authentication 127

The Hacker News

MAY 17, 2024

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.

Cyber Attacks 120

Cyber Attacks 120

Graham Cluley

MAY 17, 2024

Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. Read more in my article on the Hot for Security blog.

VPN 115

VPN Ransomware Data breaches Malware 115

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MAY 17, 2024

The City of Wichita disclosed a data breach after the ransomware attack that hit the Kansas’s city earlier this month. On May 5th, 2024, the City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. The city immediately started its incident response procedure to prevent the threat from spreading and announced an investigation into the attack.

Data breaches 125

Data breaches Ransomware Hacking Cybercrime 125

The Hacker News

MAY 17, 2024

Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year.

Hacking 118

Hacking Cybersecurity 118

Security Affairs

MAY 17, 2024

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [ 1 , 2 ] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-4761 Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page.

Engineering 131

Engineering Hacking Risk Cybersecurity 131

The Hacker News

MAY 17, 2024

The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet.

Cryptocurrency 112

Cryptocurrency 112

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MAY 17, 2024

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev.

Firmware 128

Firmware Authentication Passwords Hacking 128

Penetration Testing

MAY 17, 2024

A new critical-severity security vulnerability, tracked as CVE-2024-22120, has been discovered in Zabbix, the popular open-source IT infrastructure monitoring tool. With a CVSS score of 9.1, this time-based SQL injection flaw poses a significant... The post CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

The Hacker News

MAY 17, 2024

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside.

Risk 108

Risk 108

Elie

MAY 17, 2024

Exploring the societal impact of the GenAI workforce entering the market.

Marketing 149

Marketing 149

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Heimadal Security

MAY 17, 2024

The Singing River Health System stated that the August 2023 ransomware attack impacted 895,204 individuals. The Mississippi-based healthcare provider operates multiple hospitals and medical facilities across the Gulf Coast region. What data was exposed in the breach? According to the data breached notice, the exposed information includes: full names dates of birth physical addresses Social […] The post Singing River Health System Ransomware Attack Affects Nearly 900,000 appeared first on H

Ransomware 101

Ransomware Healthcare Data breaches Cybersecurity 101

Bleeping Computer

MAY 17, 2024

The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. [.

Data breaches 97

Data breaches 97

Cisco Security

MAY 17, 2024

Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service. Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service.

Threat Detection 108

Threat Detection 108

Bleeping Computer

MAY 17, 2024

This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. [.

Ransomware 96

Ransomware 96

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

MAY 17, 2024

The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the notorious Log4j campaign. Initially detected within their honeypot collection, the team promptly initiated an in-depth analysis to unravel the complexities of... The post Log4j Campaign Exploited to Deploy XMRig Cryptominer appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Malware 104

Bleeping Computer

MAY 17, 2024

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. [.

Data breaches 92

Data breaches Insurance Healthcare 92

Security Boulevard

MAY 17, 2024

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans. The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Scams 83

Scams Malware Social Engineering Data privacy 83

Heimadal Security

MAY 17, 2024

The notorious BreachForums has been seized by the FBI. The hacking forum is renowned for leaking and selling corporate data to other cybercriminals. The seizure occurred on Wednesday morning, shortly after the data leak of a Europol law enforcement portal. Now, the forum is displaying a message informing users that the FBI has taken possession […] The post BreachForums Seized by the FBI!

Hacking 77

Hacking Cybersecurity 77

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

MAY 17, 2024

Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping unwanted. This allows you to maximize your marketing investments, achieve genuine engagement, and ensure accurate […] The post Why Bot Management Should Be a Crucial Element of Your Marketing Strategy appe

Marketing 64

Marketing 64

Digital Guardian

MAY 17, 2024

This past week, BreachForums was taken down for a second time, an Arizona woman was arrested for her role in a North Korean remote work scheme, CISA and the NIST released new guidance, and more. Catch up on all the latest news in this week's Friday Five.

64

64

Heimadal Security

MAY 17, 2024

Click and execute! A new vulnerability in the open-source LibreOffice is being exploited by threat actors. As per reports, attackers can run malicious code on victims by deceiving them into opening and clicking on a maliciously crafted document. The LibreOffice developers warn users in a security advisory that the office software supports linking scripts to […] The post Click to Hack?

Hacking 62

Hacking Malware Software Cybersecurity 62

Security Boulevard

MAY 17, 2024

via the comic artistry and dry wit of Randall Munroe , creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Elementary Physics Paths’ appeared first on Security Boulevard.

59

59

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government