Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Cryptocurrency 244

Cryptocurrency Cybercrime Retail Government 244

Schneier on Security

SEPTEMBER 26, 2024

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

Cybersecurity 192

Cybersecurity 192

WIRED Threat Level

SEPTEMBER 26, 2024

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Hacking 145

Hacking Engineering 145

The Hacker News

SEPTEMBER 26, 2024

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.

Cybersecurity 140

Cybersecurity 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

SEPTEMBER 26, 2024

By investing in robust ITDR solutions and avoiding the common pitfalls of underfunding, over-relying on single solutions and chasing trends, organizations have the power to stop potentially devastating data breaches in their tracks. The post Are You Sabotaging Your Cybersecurity Posture? appeared first on Security Boulevard.

Cybersecurity 138

Cybersecurity Data breaches Security Awareness 138

Security Affairs

SEPTEMBER 26, 2024

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

Energy and Utilities 140

Energy and Utilities Manufacturing Hacking Information Security 140

Tech Republic Security

SEPTEMBER 26, 2024

Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.

Cybersecurity 135

Cybersecurity 135

Security Boulevard

SEPTEMBER 26, 2024

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare. The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

Data privacy 128

Data privacy Security Awareness Cybersecurity 128

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Hacking 140

Hacking Accountability Mobile Internet 140

Graham Cluley

SEPTEMBER 26, 2024

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. Meanwhile, a pro-Israel hacking group claims to have changed chlorine levels at water facilities in Lebanon.

Hacking 121

Hacking Technology Cybersecurity 121

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

SEPTEMBER 26, 2024

HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designated as CVE-2024-7594 and... The post HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security appeared first on Cybersecurity News.

Software 127

Software Cybersecurity 127

Security Affairs

SEPTEMBER 26, 2024

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

Internet 129

Internet Internet DNS Telecommunications 129

Penetration Testing

SEPTEMBER 26, 2024

Users of the popular VLC media player are being urged to update their software immediately following the discovery of a critical vulnerability that could allow malicious actors to crash the... The post VLC Media Player Update Needed: CVE-2024-46461 Discovered appeared first on Cybersecurity News.

Media 127

Media Software Cybersecurity 127

We Live Security

SEPTEMBER 26, 2024

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

126

126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

SEPTEMBER 26, 2024

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.

119

119

Penetration Testing

SEPTEMBER 26, 2024

Security researchers have uncovered two critical vulnerabilities in the Jupiter X Core WordPress plugin, impacting over 90,000 websites. The flaws could allow unauthenticated attackers to take complete control of a... The post Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites appeared first on Cybersecurity News.

Cybersecurity 124

Cybersecurity 124

Graham Cluley

SEPTEMBER 26, 2024

If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened. People are understandably worried when they read headlines about terror attacks and railway stations - but the facts of the matter are rather less disastrous. Read more in my article on the Hot for Security blog.

Mobile 111

Mobile 111

The Hacker News

SEPTEMBER 26, 2024

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.

Spyware 114

Spyware Cybersecurity 114

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

SEPTEMBER 26, 2024

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other platforms like... The post Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks appeared first on Cybersecurity News.

Cybersecurity 119

Cybersecurity 119

The Hacker News

SEPTEMBER 26, 2024

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.

Malware 109

Malware 109

Security Boulevard

SEPTEMBER 26, 2024

A threat group called Salt Typhoon has infiltrated U.S. ISP networks to collect sensitive information and launch cyberattacks, joining Volt Typhoon and Flax Typhoon as China-backed hackers that are establishing persistence in the IT infrastructures of critical infrastructure organizations. The post China-Backed Salt Typhoon Targets U.S. Internet Providers: Report appeared first on Security Boulevard.

Internet 104

Internet Internet Data privacy Mobile 104

Malwarebytes

SEPTEMBER 26, 2024

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution (PPA) in its Firefox browser. Noyb (none of your business) argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design , Privacy Preserving attribution shifts the tracking from the websites to the browser.

Advertising 105

Advertising 105

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

GlobalSign

SEPTEMBER 26, 2024

In these days of constant impersonal email communication, BEC has become a common threat. To minimize your company's risk, try implementing the following strategies.

Risk 102

Risk 102

Trend Micro

SEPTEMBER 26, 2024

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.

Risk 95

Risk Artificial Intelligence Cyber threats 95

Security Affairs

SEPTEMBER 26, 2024

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent.

Advertising 118

Advertising Hacking Technology Software 118

Graham Cluley

SEPTEMBER 26, 2024

Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Media 96

Media Cryptocurrency Cybersecurity 96

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

SEPTEMBER 26, 2024

NVIDIA has recently issued a security bulletin addressing two vulnerabilities in its Container Toolkit (CTK), which could potentially expose organizations relying on GPU-accelerated containers to a variety of cyber threats.... The post CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit appeared first on Cybersecurity News.

Cyber threats 106

Cyber threats Cybersecurity 106

The Hacker News

SEPTEMBER 26, 2024

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation.

98

98

Zero Day

SEPTEMBER 26, 2024

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

Engineering 98

Engineering 98

The Hacker News

SEPTEMBER 26, 2024

Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats.

86

86

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government