Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Cryptocurrency 202

Cryptocurrency Cybercrime Retail Government 202

Schneier on Security

SEPTEMBER 26, 2024

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

Cybersecurity 190

Cybersecurity 190

WIRED Threat Level

SEPTEMBER 26, 2024

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Hacking 143

Hacking Engineering 143

The Hacker News

SEPTEMBER 26, 2024

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.

Cybersecurity 134

Cybersecurity 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 26, 2024

Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.

Cybersecurity 135

Cybersecurity 135

Security Boulevard

SEPTEMBER 26, 2024

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare. The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

Data privacy 124

Data privacy Security Awareness Cybersecurity 124

Security Boulevard

SEPTEMBER 26, 2024

Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals. The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.

Artificial Intelligence 121

Artificial Intelligence Risk Cybersecurity Security Awareness 121

Penetration Testing

SEPTEMBER 26, 2024

Security researchers have uncovered two critical vulnerabilities in the Jupiter X Core WordPress plugin, impacting over 90,000 websites. The flaws could allow unauthenticated attackers to take complete control of a... The post Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites appeared first on Cybersecurity News.

Cybersecurity 113

Cybersecurity 113

The Hacker News

SEPTEMBER 26, 2024

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.

Spyware 112

Spyware Cybersecurity 112

Penetration Testing

SEPTEMBER 26, 2024

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other platforms like... The post Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks appeared first on Cybersecurity News.

Cybersecurity 110

Cybersecurity 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 26, 2024

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.

Malware 108

Malware 108

Penetration Testing

SEPTEMBER 26, 2024

Users of the popular VLC media player are being urged to update their software immediately following the discovery of a critical vulnerability that could allow malicious actors to crash the... The post VLC Media Player Update Needed: CVE-2024-46461 Discovered appeared first on Cybersecurity News.

Media 103

Media Software Cybersecurity 103

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Hacking 103

Hacking Accountability Mobile Internet 103

The Hacker News

SEPTEMBER 26, 2024

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation.

101

101

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Heimadal Security

SEPTEMBER 26, 2024

The bustling metropolis of New York is not only a hub for finance, media, and culture but also a dynamic space for technology services, including top Managed Service Providers. Managed Service Providers (MSPs) play a pivotal role in supporting businesses by managing their IT needs. This article will shine a spotlight on the top […] The post Top 10 Managed Service Providers in New York for 2024 appeared first on Heimdal Security Blog.

Media 95

Media Technology 95

Security Boulevard

SEPTEMBER 26, 2024

A threat group called Salt Typhoon has infiltrated U.S. ISP networks to collect sensitive information and launch cyberattacks, joining Volt Typhoon and Flax Typhoon as China-backed hackers that are establishing persistence in the IT infrastructures of critical infrastructure organizations. The post China-Backed Salt Typhoon Targets U.S. Internet Providers: Report appeared first on Security Boulevard.

Internet 92

Internet Internet Data privacy Mobile 92

Penetration Testing

SEPTEMBER 26, 2024

HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designated as CVE-2024-7594 and... The post HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security appeared first on Cybersecurity News.

Software 92

Software Cybersecurity 92

The Hacker News

SEPTEMBER 26, 2024

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.

90

90

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

SEPTEMBER 26, 2024

NVIDIA has recently issued a security bulletin addressing two vulnerabilities in its Container Toolkit (CTK), which could potentially expose organizations relying on GPU-accelerated containers to a variety of cyber threats.... The post CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit appeared first on Cybersecurity News.

Cyber threats 98

Cyber threats Cybersecurity 98

We Live Security

SEPTEMBER 26, 2024

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

98

98

Graham Cluley

SEPTEMBER 26, 2024

If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened. People are understandably worried when they read headlines about terror attacks and railway stations - but the facts of the matter are rather less disastrous. Read more in my article on the Hot for Security blog.

Mobile 92

Mobile 92

Zero Day

SEPTEMBER 26, 2024

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

Engineering 98

Engineering 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 26, 2024

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent.

Advertising 88

Advertising Hacking Technology Software 88

Graham Cluley

SEPTEMBER 26, 2024

Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Media 87

Media Cryptocurrency Cybersecurity 87

The Hacker News

SEPTEMBER 26, 2024

Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats.

83

83

Zero Day

SEPTEMBER 26, 2024

Soundcore's most expensive headphones have a powerful ANC feature that delivers an immersive audio experience.

98

98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

SEPTEMBER 26, 2024

In a recent security bulletin, Progress Software has announced the discovery of six critical vulnerabilities affecting its popular network monitoring application, WhatsUp Gold. Organizations worldwide rely on WhatsUp Gold to... The post Critical WhatsUp Gold Vulnerabilities Demand Immediate Action appeared first on Cybersecurity News.

Software 75

Software Cybersecurity 75

Zero Day

SEPTEMBER 26, 2024

Meta's new AI features bring a combination of image editing, voice interaction, and real-time translation to the forefront. Learn how Llama 3.2 is reshaping user experiences across Meta's ecosystem of apps.

98

98

CompTIA on Cybersecurity

SEPTEMBER 26, 2024

Want a tech career but not sure where to start? The right tech certification can help. Discover how CompTIA certifications can unlock the next chapter in your career.

69

69

Zero Day

SEPTEMBER 26, 2024

I never thought I'd say this, but Meta's announcements - from affordable Quest 3 headsets to updated Ray-Ban smart glasses - are a lot more exciting than Apple's right now.

75

75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare