Thu.Sep 26, 2024

article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

article thumbnail

An Analysis of the EU’s Cyber Resilience Act

Schneier on Security

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Get Real-World Cybersecurity Skills for $30

Tech Republic Security

Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.

article thumbnail

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

WIRED Threat Level

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Hacking 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

The Hacker News

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.

article thumbnail

Hacking Kia cars made after 2013 using just their license plate

Security Affairs

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Hacking 143

More Trending

article thumbnail

Critical RCE vulnerability found in OpenPLC

Security Affairs

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

article thumbnail

Are You Sabotaging Your Cybersecurity Posture?

Security Boulevard

By investing in robust ITDR solutions and avoiding the common pitfalls of underfunding, over-relying on single solutions and chasing trends, organizations have the power to stop potentially devastating data breaches in their tracks. The post Are You Sabotaging Your Cybersecurity Posture? appeared first on Security Boulevard.

article thumbnail

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

The Hacker News

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.

Spyware 137
article thumbnail

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

Internet 136
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

The Hacker News

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.

Malware 134
article thumbnail

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

We Live Security

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

134
134
article thumbnail

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

Malwarebytes

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution (PPA) in its Firefox browser. Noyb (none of your business) argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design , Privacy Preserving attribution shifts the tracking from the websites to the browser.

article thumbnail

Security Professionals Cite AI as Top Security Risk

Security Boulevard

Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals. The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

Security Affairs

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent.

article thumbnail

VLC Media Player Update Needed: CVE-2024-46461 Discovered

Penetration Testing

Users of the popular VLC media player are being urged to update their software immediately following the discovery of a critical vulnerability that could allow malicious actors to crash the... The post VLC Media Player Update Needed: CVE-2024-46461 Discovered appeared first on Cybersecurity News.

Media 128
article thumbnail

How the Promise of AI Will Be a Nightmare for Data Privacy

Security Boulevard

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare. The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

article thumbnail

HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security

Penetration Testing

HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designated as CVE-2024-7594 and... The post HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security appeared first on Cybersecurity News.

Software 128
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

The Hacker News

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation.

126
126
article thumbnail

Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites

Penetration Testing

Security researchers have uncovered two critical vulnerabilities in the Jupiter X Core WordPress plugin, impacting over 90,000 websites. The flaws could allow unauthenticated attackers to take complete control of a... The post Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites appeared first on Cybersecurity News.

article thumbnail

CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

Graham Cluley

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. Meanwhile, a pro-Israel hacking group claims to have changed chlorine levels at water facilities in Lebanon.

Hacking 116
article thumbnail

Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks

Penetration Testing

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other platforms like... The post Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Delivering Proactive Protection Against Critical Threats to NVIDIA-powered AI Systems

Trend Micro

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.

Risk 114
article thumbnail

Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

The Hacker News

Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats.

113
113
article thumbnail

Amid Air Strikes and Rockets, an SMS From the Enemy

WIRED Threat Level

As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.

111
111
article thumbnail

When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth

Graham Cluley

If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened. People are understandably worried when they read headlines about terror attacks and railway stations - but the facts of the matter are rather less disastrous. Read more in my article on the Hot for Security blog.

Mobile 106
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit

Penetration Testing

NVIDIA has recently issued a security bulletin addressing two vulnerabilities in its Container Toolkit (CTK), which could potentially expose organizations relying on GPU-accelerated containers to a variety of cyber threats.... The post CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit appeared first on Cybersecurity News.

article thumbnail

China-Backed Salt Typhoon Targets U.S. Internet Providers: Report

Security Boulevard

A threat group called Salt Typhoon has infiltrated U.S. ISP networks to collect sensitive information and launch cyberattacks, joining Volt Typhoon and Flax Typhoon as China-backed hackers that are establishing persistence in the IT infrastructures of critical infrastructure organizations. The post China-Backed Salt Typhoon Targets U.S. Internet Providers: Report appeared first on Security Boulevard.

Internet 104
article thumbnail

What is Business Email Compromise and How to Prevent It

GlobalSign

In these days of constant impersonal email communication, BEC has become a common threat. To minimize your company's risk, try implementing the following strategies.

Risk 102
article thumbnail

How hackers could have remotely controlled millions of cars

Zero Day

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.