Thu.Sep 26, 2024

article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

article thumbnail

An Analysis of the EU’s Cyber Resilience Act

Schneier on Security

A good —long, complex—analysis of the EU’s new Cyber Resilience Act.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

WIRED Threat Level

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Hacking 145
article thumbnail

Hacking Kia cars made after 2013 using just their license plate

Security Affairs

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Hacking 139
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Are You Sabotaging Your Cybersecurity Posture?

Security Boulevard

By investing in robust ITDR solutions and avoiding the common pitfalls of underfunding, over-relying on single solutions and chasing trends, organizations have the power to stop potentially devastating data breaches in their tracks. The post Are You Sabotaging Your Cybersecurity Posture? appeared first on Security Boulevard.

article thumbnail

Critical RCE vulnerability found in OpenPLC

Security Affairs

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

More Trending

article thumbnail

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

Internet 128
article thumbnail

Security Professionals Cite AI as Top Security Risk

Security Boulevard

Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals. The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.

article thumbnail

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

Security Affairs

Privacy non-profit noyb filed a complaint with the Austrian DPA against Firefox for enabling tracking in Firefox without user consent. Privacy non-profit None Of Your Business (noyb) has filed a complaint with Austria’s data protection authority (DSB) against Mozilla for enabling the privacy feature Privacy-Preserving Attribution (PPA) in Firefox without user consent.

article thumbnail

How the Promise of AI Will Be a Nightmare for Data Privacy

Security Boulevard

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare. The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

Graham Cluley

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. Meanwhile, a pro-Israel hacking group claims to have changed chlorine levels at water facilities in Lebanon.

Hacking 119
article thumbnail

HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security

Penetration Testing

HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designated as CVE-2024-7594 and... The post HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security appeared first on Cybersecurity News.

Software 121
article thumbnail

Get Real-World Cybersecurity Skills for $30

Tech Republic Security

Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.

article thumbnail

VLC Media Player Update Needed: CVE-2024-46461 Discovered

Penetration Testing

Users of the popular VLC media player are being urged to update their software immediately following the discovery of a critical vulnerability that could allow malicious actors to crash the... The post VLC Media Player Update Needed: CVE-2024-46461 Discovered appeared first on Cybersecurity News.

Media 120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth

Graham Cluley

If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened. People are understandably worried when they read headlines about terror attacks and railway stations - but the facts of the matter are rather less disastrous. Read more in my article on the Hot for Security blog.

Mobile 110
article thumbnail

Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites

Penetration Testing

Security researchers have uncovered two critical vulnerabilities in the Jupiter X Core WordPress plugin, impacting over 90,000 websites. The flaws could allow unauthenticated attackers to take complete control of a... The post Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites appeared first on Cybersecurity News.

article thumbnail

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

We Live Security

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

119
119
article thumbnail

Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks

Penetration Testing

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other platforms like... The post Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

The Hacker News

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.

113
113
article thumbnail

China-Backed Salt Typhoon Targets U.S. Internet Providers: Report

Security Boulevard

A threat group called Salt Typhoon has infiltrated U.S. ISP networks to collect sensitive information and launch cyberattacks, joining Volt Typhoon and Flax Typhoon as China-backed hackers that are establishing persistence in the IT infrastructures of critical infrastructure organizations. The post China-Backed Salt Typhoon Targets U.S. Internet Providers: Report appeared first on Security Boulevard.

Internet 104
article thumbnail

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

The Hacker News

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.

Spyware 107
article thumbnail

What is Business Email Compromise and How to Prevent It

GlobalSign

In these days of constant impersonal email communication, BEC has become a common threat. To minimize your company's risk, try implementing the following strategies.

Risk 102
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

Malwarebytes

A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution (PPA) in its Firefox browser. Noyb (none of your business) argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design , Privacy Preserving attribution shifts the tracking from the websites to the browser.

article thumbnail

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

The Hacker News

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.

Malware 102
article thumbnail

CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit

Penetration Testing

NVIDIA has recently issued a security bulletin addressing two vulnerabilities in its Container Toolkit (CTK), which could potentially expose organizations relying on GPU-accelerated containers to a variety of cyber threats.... The post CVE-2024-0132 (CVSS 9.0): Critical Vulnerabilities Found in NVIDIA Container Toolkit appeared first on Cybersecurity News.

article thumbnail

Smashing Security podcast #386: The $230 million crypto handbag heist, and misinformation on social media

Graham Cluley

Two men are accused of stealing almost a quarter of a billion dollars from one person's cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Media 94
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Delivering Proactive Protection Against Critical Threats to NVIDIA-powered AI Systems

Trend Micro

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.

Risk 99
article thumbnail

How hackers could have remotely controlled millions of cars

Zero Day

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

article thumbnail

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

The Hacker News

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation.

93
article thumbnail

Plan your path in tech with the right certification: Here’s what to know

CompTIA on Cybersecurity

Want a tech career but not sure where to start? The right tech certification can help. Discover how CompTIA certifications can unlock the next chapter in your career.

85
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.