The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289

Phishing Internet Internet 289

Schneier on Security

AUGUST 21, 2024

Rolling Stone has a long investigative story (non-paywalled version here ) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.

282

282

Tech Republic Security

AUGUST 21, 2024

A new survey found that 78% of tech leaders are worried about SaaS security threats — and their concerns could worsen as more SaaS apps find their way into the enterprise.

184

184

The Hacker News

AUGUST 21, 2024

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.

Engineering 144

Engineering 144

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

AUGUST 21, 2024

Compare the top six malware removal software for 2024. Bitdefender leads, with Norton and Malwarebytes as strong contenders.

Software 158

Software Malware 158

Security Affairs

AUGUST 21, 2024

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics. The experts announced the discovery of a hardware backdoor and successfully cracked its key allowing the instantaneous cloning of RFID smart cards. “In this paper, we present several attacks

Manufacturing 141

Manufacturing Authentication Risk Marketing 141

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.

Malware 139

Malware Hacking Software Cybersecurity 139

Security Affairs

AUGUST 21, 2024

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, and machines used by the group to test their implants.

Malware 139

Malware Phishing Hacking Information Security 139

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.

Authentication 139

Authentication Cybersecurity 139

Malwarebytes

AUGUST 21, 2024

Recently, I received a letter in the mail from a company about a data breach. The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled (what we know as ransomware). The attacker had also accessed sensitive files and customer health data. Sadly, this is a pretty normal occurrence these days. However, this time it wasn’t my own data that was stolen.

Identity Theft 138

Identity Theft Data breaches Passwords Insurance 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

Cybersecurity 139

Cybersecurity 139

Malwarebytes

AUGUST 21, 2024

Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the data “We have hacked a branch in United State to one of the biggest automotive manufacturer in the world (TOYOTA).

Passwords 138

Passwords Manufacturing Data breaches Phishing 138

The Hacker News

AUGUST 21, 2024

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.

Hacking 137

Hacking 137

WIRED Threat Level

AUGUST 21, 2024

Protesters took to Citi Field Wednesday to raise awareness of the facial recognition systems that have become common at major league sporting venues.

136

136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware. Vermin is a pro-Russian hacker group, also tracked as UAC-0020 , that operates under the control of the law enforcement agencies of the temporarily occupied Luhansk.

Malware 135

Malware Spyware Phishing Cyber threats 135

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

Malware 133

Malware Cryptocurrency Passwords Cybersecurity 133

Malwarebytes

AUGUST 21, 2024

Earlier this month, a huge trove of data from scraping service National Public Data was posted online. The dump made international headlines because it included data on hundreds of millions of people, and included Social Security Numbers. As if that wasn’t bad enough, KrebsOnSecurity is now reporting on another National Public Data company found hosting a file online that included the usernames and passwords for the back-end of its website, including for the site’s administrator.

Passwords 132

Passwords Data breaches Phishing Password Management 132

The Hacker News

AUGUST 21, 2024

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.

133

133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 21, 2024

Researchers have disclosed a critical security vulnerability in Microsoft’s Copilot Studio that could lead to the exposure of sensitive information. Researchers disclosed a critical security vulnerability, tracked as CVE-2024-38206 (CVSS score: 8.5), impacting Microsoft’s Copilot Studio. An attacker can exploit the vulnerability to access sensitive information.

Authentication 131

Authentication Hacking Risk Cybersecurity 131

WIRED Threat Level

AUGUST 21, 2024

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.

Government 131

Government Technology Hacking 131

We Live Security

AUGUST 21, 2024

Should the payment of a ransomware demand be illegal? Should it be regulated in some way?

Cyber Insurance 131

Cyber Insurance Insurance Ransomware Cybersecurity 131

Security Boulevard

AUGUST 21, 2024

Redmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft. The post Patch Tuesday not Done ’til LINUX Won’t Run? appeared first on Security Boulevard.

Security Awareness 129

Security Awareness Software Risk Government 129

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 21, 2024

In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses.

128

128

Penetration Testing

AUGUST 21, 2024

A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0). This vulnerability allows remote... The post PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model appeared first on Cybersecurity News.

Firmware 123

Firmware Cybersecurity 123

Security Boulevard

AUGUST 21, 2024

Increasing the frequency of pen testing isn’t just about preventing the next attack but creating an environment where cybersecurity is so advanced The post How Pen Testing is Evolving and Where it’s Headed Next appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity Security Awareness 123

Malwarebytes

AUGUST 21, 2024

In the past year alone, we have reported almost five hundred unique malvertising incidents related to Google search ads. While it can be difficult to attribute each incident to a specific threat actor, we usually notice similarities between campaigns. Some malvertisers go to great lengths to bypass security controls, while others know they will get caught and are willing to burn their accounts and infrastructure.

Advertising 120

Advertising Malware Accountability Marketing 120

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

AUGUST 21, 2024

Attacks today can be executed through a myriad of communication channels, including emails, social media and mobile applications. The post The Golden Age of Impersonation: The Dual Role of AI in Cyber Attacks & Cyber Defense appeared first on Security Boulevard.

Cyber Attacks 123

Cyber Attacks Mobile Media Social Engineering 123

The Hacker News

AUGUST 21, 2024

It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the identities with which we log into these services.

118

118

Security Boulevard

AUGUST 21, 2024

A backdoor found in millions of Chinese-made RFID cards that are used by hotels and other businesses around the world can let bad actors instantly clone the cards to gain unauthorized access into rooms or run supply chain attacks, say researchers with Paris-based Quarkslab. The post Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning appeared first on Security Boulevard.

Data privacy 122

Data privacy Mobile Cybersecurity Network Security 122

Penetration Testing

AUGUST 21, 2024

A critical vulnerability in the popular data protection workflow management tool, Kanister, has been discovered, potentially allowing attackers to gain full control over Kubernetes clusters. The vulnerability, identified as CVE-2024-43403,... The post CVE-2024-43403: Kanister Vulnerability Opens Door to Cluster-Level Privilege Escalation appeared first on Cybersecurity News.

Cybersecurity 117

Cybersecurity 117

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity