The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289

Phishing Internet Internet 289

Schneier on Security

AUGUST 21, 2024

Rolling Stone has a long investigative story (non-paywalled version here ) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.

261

261

Tech Republic Security

AUGUST 21, 2024

A new survey found that 78% of tech leaders are worried about SaaS security threats — and their concerns could worsen as more SaaS apps find their way into the enterprise.

168

168

The Hacker News

AUGUST 21, 2024

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.

Engineering 139

Engineering 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 21, 2024

Redmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft. The post Patch Tuesday not Done ’til LINUX Won’t Run? appeared first on Security Boulevard.

Security Awareness 129

Security Awareness Software Risk Government 129

Security Affairs

AUGUST 21, 2024

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, and machines used by the group to test their implants.

Malware 135

Malware Phishing Hacking Information Security 135

Tech Republic Security

AUGUST 21, 2024

Compare the top six malware removal software for 2024. Bitdefender leads, with Norton and Malwarebytes as strong contenders.

Software 138

Software Malware 138

Anton on Security

AUGUST 21, 2024

Do I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor? Who will secure my cloud use, a CSP or a focused specialty vendor? Who is my primary cloud security tools provider? This question asked in many ways has haunted me since my analyst days , and I’ve been itching for a good, fiery debate on this. So, we did this on our Cloud Security Podcast by Google where the co-hosts divided the positions, researched the arguments in advance of the debate and then j

CISO 100

CISO Risk Media 100

Malwarebytes

AUGUST 21, 2024

Recently, I received a letter in the mail from a company about a data breach. The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled (what we know as ransomware). The attacker had also accessed sensitive files and customer health data. Sadly, this is a pretty normal occurrence these days. However, this time it wasn’t my own data that was stolen.

Identity Theft 125

Identity Theft Data breaches Insurance Passwords 125

Security Boulevard

AUGUST 21, 2024

Increasing the frequency of pen testing isn’t just about preventing the next attack but creating an environment where cybersecurity is so advanced The post How Pen Testing is Evolving and Where it’s Headed Next appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity Security Awareness 123

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.

Authentication 129

Authentication Cybersecurity 129

Security Boulevard

AUGUST 21, 2024

Attacks today can be executed through a myriad of communication channels, including emails, social media and mobile applications. The post The Golden Age of Impersonation: The Dual Role of AI in Cyber Attacks & Cyber Defense appeared first on Security Boulevard.

Cyber Attacks 123

Cyber Attacks Mobile Media Social Engineering 123

Security Affairs

AUGUST 21, 2024

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics. The experts announced the discovery of a hardware backdoor and successfully cracked its key allowing the instantaneous cloning of RFID smart cards. “In this paper, we present several attacks

Manufacturing 138

Manufacturing Authentication Risk Marketing 138

Security Boulevard

AUGUST 21, 2024

A backdoor found in millions of Chinese-made RFID cards that are used by hotels and other businesses around the world can let bad actors instantly clone the cards to gain unauthorized access into rooms or run supply chain attacks, say researchers with Paris-based Quarkslab. The post Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning appeared first on Security Boulevard.

Data privacy 122

Data privacy Mobile Cybersecurity Network Security 122

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.

Malware 125

Malware Hacking Software Cybersecurity 125

eSecurity Planet

AUGUST 21, 2024

Navigating the complexities of password management can be challenging, especially if you’re new to it. LastPass, a leading password manager, offers a robust solution for securely storing and managing your organization’s digital assets. There are many types of network security , so understanding how to use LastPass is essential to managing personal accounts or securing an entire team.

Password Management 113

Password Management Passwords Accountability Authentication 113

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware. Vermin is a pro-Russian hacker group, also tracked as UAC-0020 , that operates under the control of the law enforcement agencies of the temporarily occupied Luhansk.

Malware 129

Malware Spyware Phishing Cyber threats 129

Penetration Testing

AUGUST 21, 2024

A critical vulnerability, identified as CVE-2024-41992, has been discovered in the Arcadyan FMIMG51AX000J model, and potentially other WiFi Alliance-affiliated devices using the same firmware version (DUT-Wi-FiTestSuite-9.0.0). This vulnerability allows remote... The post PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model appeared first on Cybersecurity News.

Firmware 117

Firmware Cybersecurity 117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

Cybersecurity 121

Cybersecurity 121

Security Affairs

AUGUST 21, 2024

Researchers have disclosed a critical security vulnerability in Microsoft’s Copilot Studio that could lead to the exposure of sensitive information. Researchers disclosed a critical security vulnerability, tracked as CVE-2024-38206 (CVSS score: 8.5), impacting Microsoft’s Copilot Studio. An attacker can exploit the vulnerability to access sensitive information.

Authentication 125

Authentication Hacking Risk Cybersecurity 125

The Hacker News

AUGUST 21, 2024

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.

Hacking 119

Hacking 119

Penetration Testing

AUGUST 21, 2024

A critical vulnerability in the popular data protection workflow management tool, Kanister, has been discovered, potentially allowing attackers to gain full control over Kubernetes clusters. The vulnerability, identified as CVE-2024-43403,... The post CVE-2024-43403: Kanister Vulnerability Opens Door to Cluster-Level Privilege Escalation appeared first on Cybersecurity News.

Cybersecurity 110

Cybersecurity 110

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

AUGUST 21, 2024

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.

117

117

Malwarebytes

AUGUST 21, 2024

Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the data “We have hacked a branch in United State to one of the biggest automotive manufacturer in the world (TOYOTA).

Passwords 109

Passwords Manufacturing Data breaches Phishing 109

Security Boulevard

AUGUST 21, 2024

An analysis published by Palo Alto Networks finds a typical large organization adds or updates over 300 services every month, with those new and updated services being responsible for approximately 32% of new high or critical cloud exposures. The post Palo Alto Networks Shines Light on Application Services Security Challenge appeared first on Security Boulevard.

Security Awareness 105

Security Awareness Cybersecurity 105

The Hacker News

AUGUST 21, 2024

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

Malware 112

Malware Cryptocurrency Passwords Cybersecurity 112

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Graham Cluley

AUGUST 21, 2024

In episode 12 of The AI Fix, Mark and Graham meet an LLM having an existential crisis, ChatGPT speaks Welsh for no reason, Graham does an impression of a water spout, Eric Schmidt shares a new and unexpected take on "do no evil", and our hosts feel like David Attenborough as they witness herds of Waymo robotaxis honking their late-night mating calls at each other.

Artificial Intelligence 100

Artificial Intelligence 100

Penetration Testing

AUGUST 21, 2024

A critical security vulnerability (CVE-2024-28000, CVSS 9.8) in the widely-used Litespeed Cache plugin for WordPress has been disclosed, leaving over 5 million websites at risk of complete takeover. The vulnerability... The post CVE-2024-28000 (CVSS 9.8): Active Exploitation of Litespeed Cache Vulnerability, 5 Million WordPress Sites at Risk of Complete Takeover appeared first on Cybersecurity News.

Risk 101

Risk Cybersecurity 101

Zero Day

AUGUST 21, 2024

Cache and cookies can clog your browser and slow your iPhone's performance, but there's a simple way to bring your device back up to speed. Try this today and see the difference.

98

98

WIRED Threat Level

AUGUST 21, 2024

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.

Government 99

Government Technology Hacking 99

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government