Schneier on Security

OCTOBER 31, 2024

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

Data privacy 298

Data privacy 298

Tech Republic Security

OCTOBER 31, 2024

Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.

Phishing 174

Phishing 174

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.

Cybersecurity 249

Cybersecurity Risk Authentication 249

Malwarebytes

OCTOBER 31, 2024

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing incoming and outgoing calls, allowing users to answer or reject calls, as well as initiate calls.

Banking 145

Banking Malware Phishing Risk 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online.

Data breaches 135

Data breaches Financial Services Hacking Mobile 135

SecureWorld News

OCTOBER 31, 2024

This Halloween, haunted houses and ghost stories aren't the only things giving us chills. Lurking behind your network's doors are some real digital monsters waiting for an opportunity to sneak in! From zombie botnets to phishing phantoms, these threats might sound like campfire tales, but they're some of the most sinister forces in cybersecurity today.

IoT 111

IoT Phishing DDOS Backups 111

Security Affairs

OCTOBER 31, 2024

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service.

Backups 126

Backups Manufacturing Hacking Information Security 126

Security Boulevard

OCTOBER 31, 2024

A report by the Identity Theft Resource Center found that while the number of small businesses hit by a cyberattack and the amount of losses continues to grow, companies are adopting stronger security best practices and investing more in security and compliance tools. The post Small Businesses Boosting Cybersecurity as Threats Grow: ITRC appeared first on Security Boulevard.

Small Business 127

Small Business Identity Theft Cybersecurity Data privacy 127

The Hacker News

OCTOBER 31, 2024

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up.

Spyware 137

Spyware Surveillance Cybersecurity 137

Security Boulevard

OCTOBER 31, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) introduced its inaugural international strategic plan, a roadmap for strengthening global partnerships against cyber threats. The post CISA Strategic Plan Targets Global Cooperation on Cybersecurity appeared first on Security Boulevard.

Cybersecurity 129

Cybersecurity Cyber threats Security Awareness 129

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 31, 2024

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

Risk 135

Risk 135

Zero Day

OCTOBER 31, 2024

The navigation app is getting enhanced directions like lane indicators, plus Gemini-curated spots to check out along your route.

128

128

The Hacker News

OCTOBER 31, 2024

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library.

125

125

Zero Day

OCTOBER 31, 2024

Jealous of Apple Watch's transcribable voice notes? Android has that, too. Here's how to access this feature.

126

126

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

OCTOBER 31, 2024

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms.

Threat Reports 122

Threat Reports 122

Security Boulevard

OCTOBER 31, 2024

What is data discovery and classification? Let's answer that and look at how your organization can improve its data protection program. The post Why Data Discovery and Classification are Important appeared first on Security Boulevard.

122

122

Zero Day

OCTOBER 31, 2024

Microsoft's project management tools help plan, execute, and complete projects -- and they're on sale right now.

116

116

Security Boulevard

OCTOBER 31, 2024

With cybersecurity threats continuing to evolve at an accelerated pace, organizations need to ensure that their cyber insurance policies remain active at all times. The post Safeguarding Cyber Insurance Policies With Security Awareness Training appeared first on Security Boulevard.

Cyber Insurance 105

Cyber Insurance Security Awareness Insurance Cybersecurity 105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

PCI perspectives

OCTOBER 31, 2024

The PCI Security Standards Council (PCI SSC) is pleased to announce a simplified onboarding process for laboratories seeking to conduct Mobile Payments on COTS (MPoC) evaluations and become MPoC-certified labs. This new streamlined approach removes previous barriers to entry while maintaining the Council’s rigorous security and quality standards.

Mobile 112

Mobile 112

Security Boulevard

OCTOBER 31, 2024

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) - two key solutions that can both streamline access to critical systems and data for more geographically dispersed users, while minimizing the risk of unauthorized entry. The post How SSO and MFA Improves Identity Access Management (IAM) appeared first on Security Boulevard.

Authentication 114

Authentication Risk Security Awareness Cybersecurity 114

The Hacker News

OCTOBER 31, 2024

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage.

Cybersecurity 111

Cybersecurity 111

Zero Day

OCTOBER 31, 2024

The Apple Watch SE is slashed to $189 weeks ahead of Black Friday, and it's the perfect upgrade for those looking for basic features.

111

111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

OCTOBER 31, 2024

dope.security this week added a cloud access security broker (CASB) to its portfolio that identifies any externally shared file and leverages a large language model (LLM) to identify sensitive data. The post dope.security Embeds LLM in CASB to Improve Data Security appeared first on Security Boulevard.

Security Awareness 115

Security Awareness Cybersecurity 115

Zero Day

OCTOBER 31, 2024

SDesk is a lightweight, open-source alternative to Windows and MacOS. It'll look familiar to most people, and that's the best part.

107

107

Security Boulevard

OCTOBER 31, 2024

Wire transfer fraud occurs when scammers convince a company to send money to a fraudulent account. While weeding out suspicious requests like this may seem rudimentary, it’s not. The post Shedding AI Light on Bank Wire Transfer Fraud appeared first on Security Boulevard.

Banking 110

Banking Accountability Social Engineering Technology 110

Zero Day

OCTOBER 31, 2024

Need a research assistant to help you digest dense and complex material? AI-powered Illuminate transforms published papers into audio discussions.

107

107

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

OCTOBER 31, 2024

Session will present a comprehensive framework for managing identity to strengthen security, compliance, and application continuity BOULDER, Colo., Oct. 31, 2024—Strata Identity, the Identity Orchestration company, today announced it will host a CSA CloudBytes webinar on November 7, titled “Achieve Zero Trust Identity with the New 7 A’s of IAM.” The session will introduce a.

107

107

Zero Day

OCTOBER 31, 2024

The Edifier QR65 speakers prove you don't need to spend thousands on high-end audio products for immersive sound.

105

105

Security Boulevard

OCTOBER 31, 2024

Automate criminal identity investigations and unmask threat actors with AI-powered link discovery for faster, deeper insights. Constella Intelligence today announced the launch of Hunter Copilot, a transformative new AI assistant feature within its acclaimed deep OSINT investigations platform, Hunter. This innovative tool sets a new standard for efficiency and effectiveness in threat actor attribution.

115

115

Zero Day

OCTOBER 31, 2024

If you had to treat yourself to one thing this holiday shopping season, Ridge's Bolt Pen will give you your money's worth.

105

105

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity