Wed.Jun 19, 2024

article thumbnail

New Blog Moderation Policy

Schneier on Security

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.

article thumbnail

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

The Last Watchdog

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber Efficiency vs. Hacker Threat: Is Innovation Losing Ground?

Jane Frankland

As we emerge from an intense season of industry conferences like Infosec and RSA, I believe the cybersecurity community finds itself at a critical juncture. While hot topics like AI’s role in combating hacker threats has dominated discussions, an equally significant issue has remained— mental health and burnout. As an industry veteran, having spent over two decades in cybersecurity, I’ve been thinking a lot about the current state of the field—our relentless pursuit of productivity,

article thumbnail

Google Chrome 126 update addresses multiple high-severity flaws

Security Affairs

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

Hacking 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack

Security Boulevard

While many businesses invest heavily in frontline defense tools to keep out bad actors, they spend far less time and money preparing for what happens when the criminals eventually get in. The post Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack appeared first on Security Boulevard.

article thumbnail

Chip maker giant AMD investigates a data breach

Security Affairs

AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the chip maker told media outlets. “We are working closely with law enforcement officials and a third-party hosting partner to i

More Trending

article thumbnail

Cryptojacking campaign targets exposed Docker APIs

Security Affairs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open.

Internet 131
article thumbnail

Cybersecurity Worker Burnout Costing Businesses Big

Security Boulevard

The constant vigilance required to protect against evolving threats, and the sheer volume of routine tasks that demand attention contribute significantly to burnout. The post Cybersecurity Worker Burnout Costing Businesses Big appeared first on Security Boulevard.

article thumbnail

Alleged researchers stole $3 million from Kraken exchange

Security Affairs

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher.

article thumbnail

Debunking Common Myths About Catastrophic Cyber Incidents

Security Boulevard

The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure. The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

The Hacker News

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.

127
127
article thumbnail

Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe

Security Boulevard

The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology. The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.

Passwords 129
article thumbnail

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The Hacker News

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.

122
122
article thumbnail

IRONSCALES Applies Generative AI to Phishing Simulation

Security Boulevard

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour. The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.

Phishing 121
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Advance Auto Parts confirms data breach exposed employee information

Bleeping Computer

Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [.

article thumbnail

Perplexity Is a B t Machine

WIRED Threat Level

A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.

141
141
article thumbnail

T-Mobile denies it was hacked, links leaked data to vendor breach

Bleeping Computer

T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [.

Mobile 116
article thumbnail

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

The Hacker News

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.

VPN 112
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

This Is What Would Happen if China Invaded Taiwan

WIRED Threat Level

The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028.

116
116
article thumbnail

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

The Hacker News

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.

Scams 110
article thumbnail

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

Bleeping Computer

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [.

article thumbnail

Smashing Security podcast #377: An unhealthy data dump, railway surveillance, and a cheater sues Apple

Graham Cluley

There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce. All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers

Identity IQ

IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers IdentityIQ – Survey Finds Top Consumer Credit Concern is Not Knowing How to Effectively Strengthen Their Credit Profile – TEMECULA, Calif. – June 20, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, today released a report detailing consumer credit concerns voiced by mortgage, real estate, len

article thumbnail

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

The Hacker News

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.

Software 104
article thumbnail

Crown Equipment confirms a cyberattack disrupted manufacturing

Bleeping Computer

Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [.

article thumbnail

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

The Hacker News

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.

99
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Hacktivism is evolving – and that could be bad news for organizations everywhere

We Live Security

Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat

95
article thumbnail

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

The Hacker News

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.

Malware 97
article thumbnail

Fortra Warns: Hard-Coded Password Vulnerability in FileCatalyst – CVE-2024-5275

Penetration Testing

Fortra, the developer of the popular FileCatalyst file transfer solutions, has issued a critical security advisory warning users of a high-severity vulnerability (CVE-2024-5275) in both FileCatalyst Direct and FileCatalyst Workflow. The vulnerability, stemming from... The post Fortra Warns: Hard-Coded Password Vulnerability in FileCatalyst – CVE-2024-5275 appeared first on Cybersecurity News.

article thumbnail

Best DNS, IP, and WebRTC Leaks Test Sites

SecureBlitz

This post will show you the best DNS, IP, and WebRTC leak test sites. Also, how to overcome the leaks. DNS, IP, and WebRTC leaks happen every day when we browse the internet; because we use local ISPs, we are bound to have these leaks. DNS leak is a problem that keeps your privacy on […] The post Best DNS, IP, and WebRTC Leaks Test Sites appeared first on SecureBlitz Cybersecurity.

DNS 79
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.