Wed.Jul 03, 2024

article thumbnail

New Open SSH Vulnerability

Schneier on Security

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

Firewall 328
article thumbnail

Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack

Tech Republic Security

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 194
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Twilio's Authy App Breach Exposes Millions of Phone Numbers

The Hacker News

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.

article thumbnail

Bitwarden vs KeePass (2024): Battle of the Best – Who Wins?

Tech Republic Security

Bitwarden vs KeePass: Who comes out on top? Dive into our 2024 analysis and make the best decision for your security needs!

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks

Penetration Testing

Recently, a critical local privilege escalation vulnerability has been identified in MSI Center, a popular system management application for Windows OS. Tracked as CVE-2024-37726, this vulnerability affects all versions of MSI Center up to... The post CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks appeared first on Cybersecurity News.

article thumbnail

Brazil Halts Meta's AI Data Processing Amid Privacy Concerns

The Hacker News

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms.

More Trending

article thumbnail

The Emerging Role of AI in Open-Source Intelligence

The Hacker News

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”.

141
141
article thumbnail

American Patelco Credit Union suffered a ransomware attack

Security Affairs

The American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country. With more than $9 billion in assets, it is the 22nd largest credit union in the country.

article thumbnail

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

The Hacker News

The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif," the company said in a Tuesday analysis.

Malware 141
article thumbnail

Hackers abused API to verify millions of Authy MFA phone numbers

Bleeping Computer

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [.

Phishing 133
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike

The Hacker News

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol.

article thumbnail

No room for error: Don’t get stung by these common Booking.com scams

We Live Security

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Scams 133
article thumbnail

Proton Is Launching Encrypted Documents to Take On Google Docs

WIRED Threat Level

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps.

article thumbnail

Affirm says Evolve Bank data breach also compromised some of its customers

Malwarebytes

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K , submitted to the Securities and Exchange Commission (SEC), Affirm states: “Because the Company [Affirm Holdings, Inc] shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Proton launches free, privacy-focused Google Docs alternative

Bleeping Computer

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool.

article thumbnail

Survey Surfaces Growing Lack of Cybersecurity Confidence

Security Boulevard

A survey of 706 IT and security professionals finds half are not very confident that they can stop a damaging security incident in the next 12 months, with 30% admitting they are less prepared to detect threats and respond to incidents than they were a year ago. The post Survey Surfaces Growing Lack of Cybersecurity Confidence appeared first on Security Boulevard.

article thumbnail

OVHcloud blames record-breaking DDoS attack on MikroTik botnet

Bleeping Computer

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [.

DDOS 113
article thumbnail

The Secret Threat Hiding in Your SaaS Stack: Shadow IT

Security Boulevard

While SaaS apps enable better business operations, a secret threat is hiding in your SaaS stack: "Shadow IT.” The post The Secret Threat Hiding in Your SaaS Stack: Shadow IT appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Bleeping Computer

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. [.

110
110
article thumbnail

Man-In-The-Middle Attacks are Still a Serious Security Threat

Security Boulevard

Man-in-the-middle attacks have increased in the age of digital connectivity and remote work, forcing companies to develop strategies to mitigate them. The post Man-In-The-Middle Attacks are Still a Serious Security Threat appeared first on Security Boulevard.

article thumbnail

Formula 1 governing body discloses data breach after email hacks

Bleeping Computer

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [.

article thumbnail

Embracing the Absurd: Finding Freedom in Cyber Security 

Security Boulevard

Life can be overwhelming. When you’re young, change is exciting, but as we grow older, it often brings uncertainty. In cyber security, our quest for certainty mirrors Albert Camus’ philosophy of the absurd. Let me break it down for you: we’re bombarded with CVEs and vulnerabilities, constant scans and assessments, and countless fixes to apply. […] The post Embracing the Absurd: Finding Freedom in Cyber Security appeared first on VERITI.

116
116
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Trend Micro

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.

Banking 100
article thumbnail

Researchers Uncover UEFI Vulnerability Affecting Intel CPUs

Security Boulevard

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […] The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on TuxCare.

Firmware 105
article thumbnail

Infostealer malware logs used to identify child abuse website members

Bleeping Computer

Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. [.

Malware 93
article thumbnail

Ensuring Data Security in Global Talent Outsourcing: Strategies for Mitigating Risks

SecureWorld News

Organizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise. However, this trend also introduces significant data security risks that cannot be overlooked.

Risk 89
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

HealthEquity data breach exposes protected health information

Bleeping Computer

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [.

article thumbnail

Smashing Security podcast #379: Private nights, evil twins, and crypto home invasions

Graham Cluley

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast.

article thumbnail

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations

Security Boulevard

With new frameworks for cyber metrics and reporting being implemented globally, regulators have effectively elevated risk to the same level of board awareness as financial risks. The post Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations appeared first on Security Boulevard.

Risk 75
article thumbnail

CVE-2024-32498: Critical OpenStack Flaw Exposes Cloud Data to Attackers

Penetration Testing

The OpenStack Foundation has issued an urgent security advisory, disclosing a critical vulnerability (CVE-2024-32498, CVSS 8.8) affecting multiple core components of its cloud infrastructure platform. This flaw could allow malicious actors to gain unauthorized... The post CVE-2024-32498: Critical OpenStack Flaw Exposes Cloud Data to Attackers appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.