Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Internet 301

Internet Internet Technology Engineering 301

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance 274

Surveillance 274

Tech Republic Security

AUGUST 27, 2024

The number of organisations that experienced a SaaS data breach in the last 12 months is 5% higher than the previous year according to AppOmni.

Data breaches 192

Data breaches CISO 192

Security Affairs

AUGUST 27, 2024

China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director to upload a custom webshell in target networks. China-linked APT Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717 , in Versa Director, to deploy a custom webshell on breached networks. Versa Director is a centralized management and orchestration platform used primarily by Internet Service Providers (ISPs) and Managed Service Providers (MSPs) to manage and monitor Software-Defined Wide Area N

Energy and Utilities 130

Energy and Utilities Firewall Technology Malware 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 27, 2024

Global ransomware attacks surged by 19% in July compared to June, climbing from 331 to 395 incidents, according to the latest data from NCC Group. The post LockBit, RansomHub Lead Ransomware Attacks in July appeared first on Security Boulevard.

Ransomware 123

Ransomware Security Awareness Cybersecurity 123

The Hacker News

AUGUST 27, 2024

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes.

Phishing 121

Phishing Cybersecurity 121

Security Affairs

AUGUST 27, 2024

A critical flaw in the WPML WordPress plugin, which is installed on 1 million websites, could allow potential compromise of affected sites. The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. An authenticated (Contributor+) Remote Code Execution (RCE) vulnerability, tracked CVE-2024-6386 (CVSS score of 9.9), in WPML Plugin potentially allows the compromise of impacted websites.

Engineering 125

Engineering Authentication Hacking Information Security 125

Security Boulevard

AUGUST 27, 2024

SaaS breaches are on the rise, and nearly half the corporate victims have more than 2,500 employees. Those are among the sobering conclusions from a survey of security experts at 644 organizations in six countries — the U.S., UK, France, Germany, Japan and Australia — by AppOmni, which found a third of organizations suffered a SaaS data.

Cybersecurity 118

Cybersecurity 118

The Hacker News

AUGUST 27, 2024

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S.

Internet 117

Internet Internet Technology 117

Security Boulevard

AUGUST 27, 2024

Ransomware has rapidly escalated from being a financial nuisance to a significant, multi-dimensional threat that jeopardizes the core of our most essential services. Sectors like healthcare, education, and government are particularly vulnerable, where a single attack can cripple critical operations, expose sensitive information, and, in the most severe cases, put lives at risk.

Education 118

Education Healthcare Ransomware Government 118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

AUGUST 27, 2024

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said.

117

117

Tech Republic Security

AUGUST 27, 2024

Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this in-depth guide.

117

117

The Hacker News

AUGUST 27, 2024

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024.

Authentication 115

Authentication 115

Graham Cluley

AUGUST 27, 2024

In episode 13 of "The AI Fix"", meat avatar Cluley learns that AI doesn't pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird. Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody's voice, and discover an AI that rick rolls its users. Graham tells Mark about AI's political ambitions and discovers what ChatGPT has in common with the reluctant ruler of the universe, while Mark introduces Graham to th

Artificial Intelligence 110

Artificial Intelligence 110

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

PCI perspectives

AUGUST 27, 2024

The excitement is building as we get closer to this year’s Europe Community Meeting ! To add to the anticipation, we’re giving you a sneak peek of some of the amazing sessions that will be featured in Barcelona, 8-10 October. Don't pass up the chance to collaborate and gain knowledge into the latest developments in payment security. The PCI SSC Community Meetings are open to all in the payments industry.

110

110

Penetration Testing

AUGUST 27, 2024

Security researcher Zeyad Azima from SecureLayer7 published the proof-of-concept exploit for arbitrary file write vulnerability (CVE-2024-22263) in Spring Cloud Data Flow, a widely-used tool for cloud-based data processing. The flaw... The post PoC Exploit Released for Arbitrary File Write Flaw (CVE-2024-22263) in Spring Cloud Data Flow appeared first on Cybersecurity News.

Cybersecurity 119

Cybersecurity 119

NetSpi Technical

AUGUST 27, 2024

At NetSPI, our mission is to uncover and mitigate security vulnerabilities before they can be exploited. This blog post explores the discovery of CVE-2024-37888 , a cross-site scripting (XSS) vulnerability in the CKEditor 4 Open Link plugin. We’ll discuss the nature of this vulnerability, how it was discovered, and its implications. What is CVE-2024-37888?

Software 107

Software 107

Penetration Testing

AUGUST 27, 2024

The largest credit union in Texas, Texas Dow Employees Credit Union (TDECU), has reported a significant data breach affecting more than 500,000 individuals. The incident may have compromised Social Security... The post SSN, Banking Details at Risk in Major Texas Credit Union Breach appeared first on Cybersecurity News.

Banking 114

Banking Risk Data breaches Cybersecurity 114

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

AUGUST 27, 2024

CrowdStrike researchers have identified the notorious hacker USDoD who is behind several high-profile data leaks. The notorious hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil, according to a CrowdStrike investigation. The news was first reported by the Brazilian website TecMundo who received a CrowdStrike report via an anonymous source.

Media 125

Media Cybercrime Accountability Hacking 125

SecureList

AUGUST 27, 2024

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server.

Malware 106

Malware Wireless Encryption Password Management 106

eSecurity Planet

AUGUST 27, 2024

A virtual private network (VPN) does more than just mask your identity—it fundamentally changes how your data moves across the internet. But what’s really going on under the hood when you browse the web using a VPN? Understanding this can be crucial for IT managers and professionals who are keen on maintaining robust cybersecurity practices. In this article, we’ll explain how a VPN works, explore its encryption mechanisms, review common VPN protocols, and discuss its various business appli

VPN 103

VPN Encryption Internet Internet 103

Tech Republic Security

AUGUST 27, 2024

Organizations of all sizes are being targeted by bad actors, which is why cybersecurity awareness training is more important than ever. Unfortunately, most organizations are not motivated to implement such training. A study by IBM found that barely half (51%) of organizations that had already experienced a data breach in the past year planned to.

Cybersecurity 88

Cybersecurity Data breaches 88

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

eSecurity Planet

AUGUST 27, 2024

If you updated Chrome and SolarWinds Web Help Desk in the last couple of weeks due to vulnerabilities, get ready to update them again — each has a new flaw. Additionally, a popular WordPress plugin has a critical issue, and AWS’s Application Load Balancer feature has a configuration vulnerability. As always, the best way to get flaws quickly patched is to scan for vulnerabilities frequently and have a plan for fixing and documenting them.

Authentication 102

Authentication Firewall Software Security Defenses 102

The Hacker News

AUGUST 27, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.

Cybersecurity 101

Cybersecurity 101

We Live Security

AUGUST 27, 2024

Out-of-date Internet of Things (IoT) devices can easily become exploited by bad actors looking to use them for their own agenda.

IoT 116

IoT Risk Internet Internet 116

Malwarebytes

AUGUST 27, 2024

The Texas Dow Employees Credit Union (TDECU) has filed a data breach notification , reporting that the data of 500,474 people has been accessed in an external system breach. TDECU is the largest Houston-area credit union, and the fourth largest in the state of Texas. The credit union was founded by employees of Dow Chemical Company in December 1954 and membership was initially limited to Dow and Ethyl-Dow employees.

Data breaches 99

Data breaches Passwords Phishing Password Management 99

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

AUGUST 27, 2024

The U.S. Securities and Exchange Commission (SEC) recently reached a settlement with Equiniti Trust Company, formerly known as American Stock Transfer & Trust, following two separate cyber intrusions that resulted in the loss of $6.6 million in client funds. Equiniti has agreed to pay $850,000 to settle charges that it failed to implement sufficient cybersecurity measures to protect its clients' assets.

Cybersecurity 97

Cybersecurity Education Risk Scams 97

Tech Republic Security

AUGUST 27, 2024

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a.

Data breaches 83

Data breaches 83

Trend Micro

AUGUST 27, 2024

We provide a technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Cyber threats 96

Cyber threats Malware 96

ZoneAlarm

AUGUST 27, 2024

In an alarming escalation of cyber threats targeting critical infrastructure, Seattle-Tacoma International Airport (SEA) recently fell victim to a cyberattack that caused widespread disruptions. The incident, which occurred over the weekend, led to significant delays, triggering a swift response from airport authorities and cybersecurity experts. As airports become increasingly digitized, this attack underscores the vulnerability … The post Cyberattack Disrupts Operations at Seattle-Tacoma

Cyber threats 90

Cyber threats Cybersecurity 90

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government