Thu.Oct 26, 2023

article thumbnail

New NSA Information from (and About) Snowden

Schneier on Security

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He told Computer Weekly that: As far as he knows, a copy of the documents is still locked in the New York Times office.

article thumbnail

Everything You Need to Know About Microsoft’s New $5 Billion Investment in Australia

Tech Republic Security

Microsoft plans to more than double its cloud computing capacity in Australia over the next two years and expand its support for critical national cyber security and technology skills priorities.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to catch a wild triangle

SecureList

In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform (KUMA) SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in the connections, and that the devices could have been infected, we initiated a standard digital forensics and incident response (DFIR) protocol for such cases – moving around the office, collecting th

article thumbnail

ESET APT Activity Report Q2–Q3 2023

We Live Security

This issue of the ESET APT Activity Report features an overview of the activities of selected APT groups as analyzed by ESET Research between April and September 2023.

145
145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Seiko confirmed a data breach after BlackCat attack

Security Affairs

Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.

article thumbnail

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

Trend Micro

This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.

Media 141

More Trending

article thumbnail

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

The Hacker News

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10.

139
139
article thumbnail

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

IT Security Guru

Ah, the Internet: a treasure trove of memes, cat videos, and—let’s be honest—some stuff you’d rather keep under wraps. Security is crucial, but let’s face it, a password like “Fluffy123” won’t fool anyone for long. So how do you beef up your digital fortress? Enter Two-Factor Authentication, or 2FA for short. What Exactly is 2FA?

article thumbnail

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

The Hacker News

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser.

137
137
article thumbnail

StripedFly malware framework infects 1 million Windows, Linux hosts

Bleeping Computer

A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. [.

Malware 131
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A cascade of compromise: unveiling Lazarus’ new campaign

SecureList

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems continued to use the flawed software, allowing the threat actor to exploit them.

Malware 128
article thumbnail

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

The Hacker News

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a.NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence team said in a Wednesday analysis.

Malware 126
article thumbnail

Scott Hermann, CEO of IDIQ, Joins Entryway’s National Board of Directors

Identity IQ

Scott Hermann, CEO of IDIQ, Joins Entryway’s National Board of Directors IdentityIQ – Hermann brings his expertise in financial services, data security and analytics to further advance the national nonprofit’s mission of assisting families with gaining economic independence– VIENNA, VA – October 26, 2023 – Entryway , a workforce development, employment and housing program, announced today that Scott Hermann, Chief Executive Officer of IDIQ, has joined its National Board of Directors to ser

article thumbnail

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

Graham Cluley

A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair. Read more in my article on the Tripwire State of Security blog.

Malware 124
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

France says Russian state hackers breached numerous critical networks

Bleeping Computer

The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. [.

article thumbnail

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

The Hacker News

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world.

article thumbnail

Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues

Bleeping Computer

Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe. [.

116
116
article thumbnail

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

The Hacker News

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS).

DDOS 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Navigating Algorithmic Accountability in AI

TrustArc

Guiding solutions that address AI algorithmic discrimination risks is a tricky but necessary business. Privacy professionals need to be at the forefront of developing safeguards against algorithmic biases. The post Navigating Algorithmic Accountability in AI appeared first on TrustArc Privacy Blog.

article thumbnail

Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status

Dark Reading

The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.

114
114
article thumbnail

Microsoft: Octo Tempest is one of the most dangerous financial hacking groups

Bleeping Computer

Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks. [.

article thumbnail

Nigerian Cybercrime Hub Shut Down With 6 Arrests

Dark Reading

The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

Bleeping Computer

The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter. [.

DDOS 109
article thumbnail

What Would a Government Shutdown Mean for Cybersecurity?

Dark Reading

Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too.

article thumbnail

Android adware apps on Google Play amass two million installs

Bleeping Computer

Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. [.

Adware 105
article thumbnail

SMBs Need to Balance Cybersecurity Needs and Resources

Dark Reading

Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

ASVEL basketball club slam dunked by NoEscape ransomware gang, data stolen

Graham Cluley

A high profile French basketball team has fallen victim to the NoEscape ransomware-as-a-service group, who claim to have stolen 32 GB of data including sensitive personal information about the club's star players. Read more in my article on the Hot for Security blog.

article thumbnail

Maine Mass Shooting Disinformation Floods Social Media as Suspect Remains at Large

WIRED Threat Level

In the hours following the worst mass shooting in Maine’s history, disinformation about the suspected gunman flooded social media with false claims that he had been arrested.

Media 103
article thumbnail

12 Best Vulnerability Management Systems & Tools 2023

Heimadal Security

Industry reports highlight the urgency: malicious actors can exploit a vulnerability within just 15 days of its discovery (CISA). The longer you wait, the larger the target on your back grows. Without proper vulnerability management, your business not only risks data breaches but also the loss of customer trust, and revenue, and potentially faces legal […] The post 12 Best Vulnerability Management Systems & Tools 2023 appeared first on Heimdal Security Blog.

article thumbnail

Complex Spy Platform StripedFly Bites 1M Victims

Dark Reading

Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.

Malware 102
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.