Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

Firewall 281

Firewall Data breaches Malware Risk 281

Security Boulevard

JULY 3, 2024

While it's unlikely that quantum computers are currently in the hands of cybercriminals or hostile nation-states, they will be. The post How to Achieve Crypto Resilience for a Post-Quantum World appeared first on Security Boulevard.

Security Awareness 139

Security Awareness Risk Government Cybersecurity 139

Tech Republic Security

JULY 3, 2024

Bitwarden vs KeePass: Who comes out on top? Dive into our 2024 analysis and make the best decision for your security needs!

Password Management 154

Password Management Passwords 154

Penetration Testing

JULY 3, 2024

Recently, a critical local privilege escalation vulnerability has been identified in MSI Center, a popular system management application for Windows OS. Tracked as CVE-2024-37726, this vulnerability affects all versions of MSI Center up to... The post CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity 133

Cybersecurity 133

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Bleeping Computer

JULY 3, 2024

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [.

Phishing 131

Phishing Authentication 131

The Hacker News

JULY 3, 2024

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.

Accountability 128

Accountability 128

The Hacker News

JULY 3, 2024

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S.

Spyware 120

Spyware Surveillance 120

Security Boulevard

JULY 3, 2024

A survey of 706 IT and security professionals finds half are not very confident that they can stop a damaging security incident in the next 12 months, with 30% admitting they are less prepared to detect threats and respond to incidents than they were a year ago. The post Survey Surfaces Growing Lack of Cybersecurity Confidence appeared first on Security Boulevard.

Cybersecurity 121

Cybersecurity Security Awareness 121

Security Affairs

JULY 3, 2024

The American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country. With more than $9 billion in assets, it is the 22nd largest credit union in the country.

Ransomware 111

Ransomware Banking Mobile Hacking 111

Security Boulevard

JULY 3, 2024

While SaaS apps enable better business operations, a secret threat is hiding in your SaaS stack: "Shadow IT.” The post The Secret Threat Hiding in Your SaaS Stack: Shadow IT appeared first on Security Boulevard.

Accountability 121

Accountability Security Awareness Risk Cybersecurity 121

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 3, 2024

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool.

Encryption 122

Encryption Software 122

Security Boulevard

JULY 3, 2024

Man-in-the-middle attacks have increased in the age of digital connectivity and remote work, forcing companies to develop strategies to mitigate them. The post Man-In-The-Middle Attacks are Still a Serious Security Threat appeared first on Security Boulevard.

Social Engineering 113

Social Engineering Security Awareness Engineering Phishing 113

Bleeping Computer

JULY 3, 2024

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. [.

110

110

The Hacker News

JULY 3, 2024

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”.

106

106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 3, 2024

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [.

DDOS 110

DDOS 110

The Hacker News

JULY 3, 2024

The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif," the company said in a Tuesday analysis.

Malware 104

Malware 104

Security Boulevard

JULY 3, 2024

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […] The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on TuxCare.

Firmware 104

Firmware Mobile Cybersecurity 104

The Hacker News

JULY 3, 2024

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol.

Cybercrime 103

Cybercrime 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JULY 3, 2024

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [.

Government 96

Government Data breaches Hacking Phishing 96

Security Boulevard

JULY 3, 2024

Life can be overwhelming. When you’re young, change is exciting, but as we grow older, it often brings uncertainty. In cyber security, our quest for certainty mirrors Albert Camus’ philosophy of the absurd. Let me break it down for you: we’re bombarded with CVEs and vulnerabilities, constant scans and assessments, and countless fixes to apply. […] The post Embracing the Absurd: Finding Freedom in Cyber Security appeared first on VERITI.

97

97

The Hacker News

JULY 3, 2024

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms.

Artificial Intelligence 95

Artificial Intelligence Risk 95

Bleeping Computer

JULY 3, 2024

Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. [.

Malware 92

Malware 92

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

JULY 3, 2024

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Scams 101

Scams Phishing 101

Malwarebytes

JULY 3, 2024

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K , submitted to the Securities and Exchange Commission (SEC), Affirm states: “Because the Company [Affirm Holdings, Inc] shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the

Data breaches 83

Data breaches Banking Passwords Phishing 83

SecureWorld News

JULY 3, 2024

Organizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise. However, this trend also introduces significant data security risks that cannot be overlooked.

Risk 81

Risk Data breaches Penetration Testing Encryption 81

WIRED Threat Level

JULY 3, 2024

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps.

Encryption 89

Encryption 89

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JULY 3, 2024

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [.

Data breaches 78

Data breaches Healthcare Accountability 78

Security Boulevard

JULY 3, 2024

With new frameworks for cyber metrics and reporting being implemented globally, regulators have effectively elevated risk to the same level of board awareness as financial risks. The post Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations appeared first on Security Boulevard.

Risk 73

Risk Cyber Risk CISO Security Awareness 73

Graham Cluley

JULY 3, 2024

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast.

Cryptocurrency 65

Cryptocurrency Cybersecurity 65

Security Boulevard

JULY 3, 2024

As businesses continue to expand their reliance on cloud security and privileged access management, the imperative to implement least privilege access in a manner both effective and efficient cannot be overstated. Yet, with the increasing complexity of information systems and the proliferation of privileged accounts, manually administering and enforcing the least privilege principle poses substantial […] The post The Role of Automation in Enforcing the Principle of Least Privilege appeared first

Accountability 67

Accountability 67

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity