Fri.Jan 05, 2024

article thumbnail

Improving Shor’s Algorithm

Schneier on Security

We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.

295
295
article thumbnail

How to Be More Anonymous Online

WIRED Threat Level

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Internet 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MyEstatePoint Property Search Android app leaks user passwords

Security Affairs

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, an India-based software developer, has over half a million downloads on the Google Play store and mainly serves the Indian market.

Passwords 142
article thumbnail

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. In practice, security tools provide many encryption options that confuse uneducated users — including broken encryption options.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters. “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” said Illia Vitiuk, head

Mobile 134
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 1/5/24

Security Boulevard

Insight #1 In light of 23andMe blaming victims for their data getting breached, I have two things to ask: Users, please stop reusing passwords. Providers, please start requiring multifactor authentication (MFA). The post Cybersecurity Insights with Contrast CISO David Lindner | 1/5/24 appeared first on Security Boulevard.

CISO 116

More Trending

article thumbnail

DevSecOps tools: A beginner’s guide

Security Boulevard

DevSecOps , a fusion of development, security , and operations, marks a paradigm shift in software development, seamlessly integrating security throughout the software development life cycle (SDLC). The post DevSecOps tools: A beginner’s guide appeared first on Security Boulevard.

Software 115
article thumbnail

GTFONow: Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

Penetration Testing

GTFONow Automatic privilege escalation on Unix systems by exploiting misconfigured setuid/setgid binaries, capabilities, and sudo permissions. Designed for CTFs but also applicable in real-world pentests. Features Automatically exploit misconfigured sudo permissions. Automatically exploit misconfigured... The post GTFONow: Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries appeared first on Penetration Testing.

article thumbnail

Best of 2023: Enterprises Are Getting Better at Breach Prevention. But Attackers Are Getting Better, Too.

Security Boulevard

2023 ForgeRock Breach Report underscores the need for AI-powered identity We are excited to announce the release of our fifth annual ForgeRock Identity Breach Report. Our goal each year is to discover what's trending — how enterprises are being breached, how many records are being exposed, and how attackers are getting past security controls that cost companies roughly $88 billion a year. 1 As in previous years' reports, we have published our key findings, including the industries most vulnerabl

article thumbnail

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

The Hacker News

Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.

Malware 110
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ransomware Threatens Lives: Report Reveals Impacts on Healthcare Sector

SecureWorld News

Ransomware continues to pose an alarming threat to critical infrastructure, with the healthcare sector being particularly vulnerable to its devastating effects. This malicious software has the power to disrupt medical facilities and compromise patient care, making it a pressing issue that demands immediate attention. A recent report from Emsisoft sheds light on the impact of these attacks, highlighting that ransomware incidents are not just a financial burden but pose a tangible risk to human li

article thumbnail

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

The Hacker News

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted.

Malware 108
article thumbnail

Hackers target Apache RocketMQ servers vulnerable to RCE attacks

Bleeping Computer

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [.

107
107
article thumbnail

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe

We Live Security

What are some of the key cybersecurity trends that people and organizations should have on their radars this year?

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CVE-2024-21633: The Critical Flaw in Apktool and How to Mitigate It

Penetration Testing

In the intricate world of Android application development, tools like Apktool have been indispensable for developers and reverse engineers. Apktool, known for its ability to reverse engineer third-party, closed binary Android apps, has hit... The post CVE-2024-21633: The Critical Flaw in Apktool and How to Mitigate It appeared first on Penetration Testing.

article thumbnail

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – ## 273 — Ensemble Programming

Security Boulevard

vi via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé ! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – ## 273 — Ensemble Programming appeared first on Security Boulevard.

article thumbnail

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

The Hacker News

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic.

article thumbnail

BreachForums admin jailed again for using a VPN, unmonitored PC

Bleeping Computer

The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. [.

VPN 104
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

$22 Million Wake-up Call to Improve Security

Security Boulevard

$22 Million Wake-up Call to Improve SecurityA former Jacksonville Jaguars staff member is facing the possibility of a 30-year prison sentence after admitting guilt to financial crimes, including embezzling over $22 million from the NFL team.Amit Patel entered a guilty plea for felony charges of wire fraud and illegal monetary […] The post $22 Million Wake-up Call to Improve Security appeared first on SafePaaS.

104
104
article thumbnail

Exposed Secrets are Everywhere. Here's How to Tackle Them

The Hacker News

Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative.

article thumbnail

What Is a Firewall Policy? Steps, Examples & Free Template

eSecurity Planet

A firewall policy is a set of rules and standards designed to control network traffic between an organization’s internal network and the internet. It aims to prevent unauthorized access, manage data movement, and guard against potential security threats. There are key components to consider, main types of firewall policies and firewall configurations to be aware of, and sample policies to review that offer valuable context in creating your own effective firewall policy.

article thumbnail

CertiK Twitter account hijacked by cryptocurrency scammer posing as Forbes journalist

Graham Cluley

Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Unit 42’s Insight: The Sophisticated Evasion Tactics of GuLoader and RedLine Stealer

Penetration Testing

Among the myriad of threats, GuLoader and RedLine Stealer stand out for their sophisticated anti-analysis techniques. Unit 42 Incident Response team from Palo Alto Networks reveals the intriguing world of these malware families, unveiling... The post Unit 42’s Insight: The Sophisticated Evasion Tactics of GuLoader and RedLine Stealer appeared first on Penetration Testing.

article thumbnail

Web3 security firm CertiK's X account hacked to push crypto drainer

Bleeping Computer

The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. [.

article thumbnail

Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat

Heimadal Security

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers. It exploits vulnerabilities during the handshake process, especially when using certain encryption modes, compromising the […] The post Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat app

article thumbnail

The Week in Ransomware - January 5th 2024 - Secret decryptors

Bleeping Computer

With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

A Heimdal MXDR Expert on Incident Response Best Practices and Myth Busting

Heimadal Security

I got to talk to DragoÈ™ RoÈ™ioru, a seasoned MXDR expert, about incident response best practices and challenges. Get an in-depth understanding of the do’s and don’ts in incident response as DragoÈ™ explains how to avoid the most common mistakes Security Officers make. While you’re at it, take a glimpse at DragoÈ™’s personal incident response best […] The post A Heimdal MXDR Expert on Incident Response Best Practices and Myth Busting appeared first on Heimdal Security

article thumbnail

Crypto wallet founder loses $125,000 to fake airdrop website

Bleeping Computer

A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users. [.

article thumbnail

SCADA systems: How secure are the systems running our infrastructure??Malav Vyas (Security Researcher at Palo Alto Networks)

Security Boulevard

Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges. The post SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks) appeared first on Security Boulevard.

Risk 72
article thumbnail

US charged 19 suspects linked to xDedic cybercrime marketplace

Bleeping Computer

The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.