Schneier on Security

JUNE 28, 2024

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

Surveillance 188

Surveillance 188

Malwarebytes

JUNE 28, 2024

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer’s mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.” Temu quickly denied the allegations.

Malware 145

Malware Manufacturing Spyware Mobile 145

Security Boulevard

JUNE 28, 2024

Chinese fast-fashion-cum-junk retailer “is a data-theft business.” The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Malware 137

Malware Retail Social Engineering Data privacy 137

Security Affairs

JUNE 28, 2024

A cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber attack began targeting the University Hospital Centre Zagreb (KBC Zagreb), the largest Croatian hospital, on Wednesday night, according to a report by Croatian Radiotelevision. The hospital has shut down its IT infrastructure in response to the cyber attack.

Cyber Attacks 131

Cyber Attacks Banking DDOS Government 131

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JUNE 28, 2024

The rate of cyberattacks is rising as the threat level continues to evolve, according to BlackBerry Limited’s latest Global Threat Intelligence Report. The post Cyberattack Rate Surges as Novel Malware Growth Accelerates appeared first on Security Boulevard.

Malware 129

Malware Social Engineering Engineering Security Awareness 129

Bleeping Computer

JUNE 28, 2024

RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. [.

Hacking 113

Hacking Software 113

The Hacker News

JUNE 28, 2024

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort.

117

117

Security Boulevard

JUNE 28, 2024

Microsoft details Skeleton Key, a new jailbreak technique in which a threat actor can convince an AI model to ignore its built-in safeguards and respond to requests for harmful, illegal, or offensive requests that might otherwise have been refused. The post Skeleton Key the Latest Jailbreak Threat to AI Models: Microsoft appeared first on Security Boulevard.

Risk 124

Risk Malware Cybersecurity Network Security 124

eSecurity Planet

JUNE 28, 2024

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers.

Risk 113

Risk Passwords Accountability Malware 113

Security Boulevard

JUNE 28, 2024

Let’s examine why so many applications remain vulnerable despite high-severity warnings and how to minimize the threat to your organization. The post The Urgency to Uplevel AppSec: Securing Your Organization’s Vulnerable Building Blocks appeared first on Security Boulevard.

Security Awareness 117

Security Awareness Software Cybersecurity 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Veracode Security

JUNE 28, 2024

In today's digital landscape, Application Programming Interfaces (APIs) play an important role in driving innovation. They allow you to integrate new applications with existing systems, reuse code and deliver software more efficiently. But, APIs are also prime targets for hackers due to their public availability and the large amounts of web data they transmit.

Data breaches 111

Data breaches Software 111

Security Boulevard

JUNE 28, 2024

For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and mitigating security vulnerabilities in web application security. While both aim to enhance application security, they differ significantly in their approach, execution, and outcomes. … DAST Vs.

Penetration Testing 115

Penetration Testing 115

The Hacker News

JUNE 28, 2024

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.

Internet 113

Internet Internet Technology 113

Graham Cluley

JUNE 28, 2024

More of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. Read more in my article on the Hot for Security blog.

Data breaches 107

Data breaches 107

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JUNE 28, 2024

Crypto-Agility Required to Migrate to a New Certificate Authority (CA) Seamlessly and Highlights Need for Post-Quantum Cryptography (PQC) Readiness This week Google announced that the Google Chrome browser will no longer trust TLS certificates issued by the Entrust Certificate Authority (CA) starting November 1, 2024. Certificates issued by Entrust before October 31, 2024 will remain […] The post Attention: Google To Distrust Entrust TLS Certificates appeared first on Security Boulevard.

Authentication 105

Authentication 105

Bleeping Computer

JUNE 28, 2024

Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. [.

Data breaches 102

Data breaches 102

Security Boulevard

JUNE 28, 2024

Insight #1 Most ransomware deploys a remote-access Trojan (RAT), which allows for secondary infections to occur and enables access to victims’ networks to be sold in Darkweb forums. Insight #2 Most ransomware is delivered initially through the exploitation of a vulnerability. Runtime Security can mitigate this: It’s a highly effective exploit prevention for zero days , unknown vulnerabilities and a broad array of exploit techniques.

Artificial Intelligence 104

Artificial Intelligence Cybersecurity Ransomware 104

The Hacker News

JUNE 28, 2024

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5.

107

107

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

JUNE 28, 2024

WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes.

104

104

Bleeping Computer

JUNE 28, 2024

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. [.

102

102

The Hacker News

JUNE 28, 2024

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server.

Cryptocurrency 104

Cryptocurrency Malware 104

Graham Cluley

JUNE 28, 2024

There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog.

Ransomware 99

Ransomware Data breaches 99

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

JUNE 28, 2024

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.

Technology 103

Technology 103

Digital Guardian

JUNE 28, 2024

Congress' sweeping privacy bill was stopped in its tracks, CISA's own tool was targeted in a January breach, concerns are arising over open-source code, & more. Read more about all these stories in this week's Friday Five.

98

98

Bleeping Computer

JUNE 28, 2024

Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. [.

Ransomware 90

Ransomware 90

Digital Guardian

JUNE 28, 2024

Congress' sweeping privacy bill was stopped in its tracks, CISA's own tool was targeted in a January breach, concerns are arising over open-source code, & more. Read more about all these stories in this week's Friday Five.

95

95

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Graham Cluley

JUNE 28, 2024

Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack. The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct their everyday business, to down its IT systems and data centers. Read more in my article on the Exponential-e blog.

Ransomware 91

Ransomware Software Data breaches Malware 91

The Hacker News

JUNE 28, 2024

The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.

Accountability 92

Accountability Software 92

Heimadal Security

JUNE 28, 2024

A new critical authentication bypass flaw in Progress MOVEit Transfer was disclosed, and threat actors are already trying their best to exploit it. The new security flaw, which goes by the number CVE-2024-5806, enables attackers to get around the Secure File Transfer Protocol (SFTP) module’s authentication procedure, which is in charge of handling file transfers […] The post New MOVEit Transfer Critical Vulnerability Targeted by Threat Actors appeared first on Heimdal Security Blog.

Authentication 82

Authentication Cybersecurity 82

Bleeping Computer

JUNE 28, 2024

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. [.

Data breaches 84

Data breaches 84

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government