Thu.Oct 31, 2024

article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

article thumbnail

Android malware FakeCall intercepts your calls to the bank

Malwarebytes

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing incoming and outgoing calls, allowing users to answer or reject calls, as well as initiate calls.

Banking 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.

article thumbnail

Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations

Tech Republic Security

Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.

Phishing 156
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

WIRED Threat Level

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

article thumbnail

CISA Strategic Plan Targets Global Cooperation on Cybersecurity

Security Boulevard

The Cybersecurity and Infrastructure Security Agency (CISA) introduced its inaugural international strategic plan, a roadmap for strengthening global partnerships against cyber threats. The post CISA Strategic Plan Targets Global Cooperation on Cybersecurity appeared first on Security Boulevard.

More Trending

article thumbnail

Small Businesses Boosting Cybersecurity as Threats Grow: ITRC

Security Boulevard

A report by the Identity Theft Resource Center found that while the number of small businesses hit by a cyberattack and the amount of losses continues to grow, companies are adopting stronger security best practices and investing more in security and compliance tools. The post Small Businesses Boosting Cybersecurity as Threats Grow: ITRC appeared first on Security Boulevard.

article thumbnail

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

The Hacker News

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up.

Spyware 114
article thumbnail

Why Data Discovery and Classification are Important

Security Boulevard

What is data discovery and classification? Let's answer that and look at how your organization can improve its data protection program. The post Why Data Discovery and Classification are Important appeared first on Security Boulevard.

122
122
article thumbnail

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

The Hacker News

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

Risk 109
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Constella Intelligence Launches HunterTM Copilot AI Assistant for Dark Web Investigations

Security Boulevard

Automate criminal identity investigations and unmask threat actors with AI-powered link discovery for faster, deeper insights. Constella Intelligence today announced the launch of Hunter Copilot, a transformative new AI assistant feature within its acclaimed deep OSINT investigations platform, Hunter. This innovative tool sets a new standard for efficiency and effectiveness in threat actor attribution.

115
115
article thumbnail

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service.

Backups 115
article thumbnail

dope.security Embeds LLM in CASB to Improve Data Security

Security Boulevard

dope.security this week added a cloud access security broker (CASB) to its portfolio that identifies any externally shared file and leverages a large language model (LLM) to identify sensitive data. The post dope.security Embeds LLM in CASB to Improve Data Security appeared first on Security Boulevard.

article thumbnail

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

This Halloween, haunted houses and ghost stories aren't the only things giving us chills. Lurking behind your network's doors are some real digital monsters waiting for an opportunity to sneak in! From zombie botnets to phishing phantoms, these threats might sound like campfire tales, but they're some of the most sinister forces in cybersecurity today.

IoT 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How SSO and MFA Improves Identity Access Management (IAM)

Security Boulevard

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) - two key solutions that can both streamline access to critical systems and data for more geographically dispersed users, while minimizing the risk of unauthorized entry. The post How SSO and MFA Improves Identity Access Management (IAM) appeared first on Security Boulevard.

article thumbnail

Sick of missing your exit? These new Google Maps features can help

Zero Day

The navigation app is getting enhanced directions like lane indicators, plus Gemini-curated spots to check out along your route.

127
127
article thumbnail

Strata Identity to Host a CSA CloudBytes Webinar on Achieving Zero Trust Identity with the Seven A’s of IAM

Security Boulevard

Session will present a comprehensive framework for managing identity to strengthen security, compliance, and application continuity BOULDER, Colo., Oct. 31, 2024—Strata Identity, the Identity Orchestration company, today announced it will host a CSA CloudBytes webinar on November 7, titled “Achieve Zero Trust Identity with the New 7 A’s of IAM.” The session will introduce a.

107
107
article thumbnail

LottieFiles Issues Warning About Compromised "lottie-player" npm Package

The Hacker News

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library.

97
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Shedding AI Light on Bank Wire Transfer Fraud

Security Boulevard

Wire transfer fraud occurs when scammers convince a company to send money to a fraudulent account. While weeding out suspicious requests like this may seem rudimentary, it’s not. The post Shedding AI Light on Bank Wire Transfer Fraud appeared first on Security Boulevard.

Banking 106
article thumbnail

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

The Hacker News

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms.

article thumbnail

Safeguarding Cyber Insurance Policies With Security Awareness Training

Security Boulevard

With cybersecurity threats continuing to evolve at an accelerated pace, organizations need to ensure that their cyber insurance policies remain active at all times. The post Safeguarding Cyber Insurance Policies With Security Awareness Training appeared first on Security Boulevard.

article thumbnail

Duo Named a TrustRadius Buyer’s Choice Award Winner

Duo's Security Blog

Winning an award, especially one based on feedback from users of your product or service, is gratifying. It’s validation that you are designing and delivering solutions that address your customers’ needs. “Cisco Duo winning the TrustRadius Buyer's Choice Award is a testament to their critical role in security for organizations across the globe,” said Allyson Havener, SVP of Marketing & Community at TrustRadius.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

UnitedHealth Hires Longtime Cybersecurity Executive as CISO

Security Boulevard

UnitedHealth Group, which is still picking up the pieces after a massive ransomware attack that affected more than 100 million people, hired a new and experienced CISO to replace the previous executive who became a target of lawmakers for having no cybersecurity background. The post UnitedHealth Hires Longtime Cybersecurity Executive as CISO appeared first on Security Boulevard.

CISO 101
article thumbnail

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online.

article thumbnail

Android smartwatches can now transcribe and summarize your voice notes, thanks to AI

Zero Day

Jealous of Apple Watch's transcribable voice notes? Android has that, too. Here's how to access this feature.

126
126
article thumbnail

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service.

Backups 98
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Can't quit Windows 10? Microsoft will charge for updates next year. Here's how much

Zero Day

Businesses can expect to pay a shockingly high sum for Windows 10 Extended Security Updates. Educators will fare better. And for the first time, consumers can sign up - but there's a catch.

Education 102
article thumbnail

CVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft SharePoint Server

Penetration Testing

A recent report from Rapid7’s Incident Response team reveals a serious compromise of a Microsoft SharePoint server that enabled an attacker to gain entire domain access, impacting critical systems through... The post CVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft SharePoint Server appeared first on Cybersecurity News.

article thumbnail

Get the Apple Watch SE (2nd Gen) for $189 ahead of Black Friday

Zero Day

The Apple Watch SE is slashed to $189 weeks ahead of Black Friday, and it's the perfect upgrade for those looking for basic features.

111
111
article thumbnail

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

The Hacker News

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.