Tue.Jun 18, 2024

article thumbnail

Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends

Tech Republic Security

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%. Three of the other vulnerability trends in this report relate to Microsoft.

Mobile 194
article thumbnail

Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM

The Hacker News

A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Is Zero Trust Security?

Tech Republic Security

In today’s dynamic threat environment, traditional security perimeters are proving to be increasingly vulnerable. Ray Fernandez, writing for TechRepublic Premium, presents an in-depth exploration of zero trust security that offers professionals a clear path to strengthening their security posture and compliance by providing a deep understanding of the concepts and principles, delving into its operational.

159
159
article thumbnail

The Financial Dynamics Behind Ransomware Attacks

Security Affairs

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate sensitive data and then threaten to publicly expose it if a ransom demand is not paid.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks

Penetration Testing

Trellix, a prominent cybersecurity provider, has issued urgent patches for two critical vulnerabilities discovered in its Intrusion Prevention System (IPS). The flaws, tracked as CVE-2024-5671 and CVE-2024-5731, leave unprotected systems vulnerable to remote code... The post CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks appeared first on Cybersecurity News.

article thumbnail

Analysis of user password strength

SecureList

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of same-case English letters and digits, or 36 combinable characters, within just 17 seconds.

Passwords 143

More Trending

article thumbnail

Explained: Android overlays and how they are used to trick people

Malwarebytes

Sometimes you’ll see the term “overlays” used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are visiting a legitimate website or using a trusted app while in reality they are not.

article thumbnail

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

The Hacker News

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

article thumbnail

VMware fixed RCE and privilege escalation bugs in vCenter Server

Security Affairs

VMware addressed vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. VMware addressed multiple vCenter Server vulnerabilities that remote attackers can exploit to achieve remote code execution or privilege escalation. vCenter Server is a centralized management platform developed by VMware for managing virtualized environments.

article thumbnail

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

The Hacker News

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.

140
140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ASUS Router User? Patch ASAP!

Security Boulevard

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto. The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

Firmware 135
article thumbnail

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Hacker News

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.

Malware 137
article thumbnail

CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials

Penetration Testing

A critical vulnerability has been discovered in the Rancher Kubernetes Engine (RKE), a widely used Kubernetes distribution that simplifies the installation and operation of Kubernetes. This vulnerability, identified as CVE-2023-32191 and rated with a... The post CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials appeared first on Cybersecurity News.

article thumbnail

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

The Hacker News

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA).

CISO 134
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

VMware fixes critical vCenter RCE vulnerability, patch now

Bleeping Computer

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. [.

133
133
article thumbnail

43% of couples experience pressure to share logins and locations, Malwarebytes finds

Malwarebytes

All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of physical or emotional harm. These are latest findings from original research conducted by Malwarebytes to explore how romantic couples navigate shared digital access to one another’s devices, accounts, and loc

article thumbnail

The 5 Best VPNs With Free Trials in 2024

Tech Republic Security

Here are the best VPNs with free trials available today. They offer access to premium VPN features and let you test drive paid VPNs without purchasing a subscription.

VPN 132
article thumbnail

Meta delays training its AI using public content shared by EU users 

Security Affairs

Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU. Meta announced it is delaying the training of its large language models (LLMs) using public content shared by adults on Facebook and Instagram following the Irish Data Protection Commission (DPC) request. “The DPC welcomes the decision by Meta to pause its plans to train its large language model using public content shared by adults on Facebook a

Hacking 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Survey Surfaces Lack of Confidence in Security Tools

Security Boulevard

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches. The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

article thumbnail

AMD investigates breach after data for sale on hacking forum

Bleeping Computer

AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [.

Hacking 121
article thumbnail

Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated.

Security Boulevard

Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face. The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.

article thumbnail

Malvertising Campaign Uses Fake Installers to Spread Oyster Backdoor

Penetration Testing

Rapid7, a cybersecurity firm, has uncovered a recent malvertising campaign using fake software installers to distribute the Oyster backdoor, also known as Broomstick. This sophisticated malware targets users searching for popular downloads like Google... The post Malvertising Campaign Uses Fake Installers to Spread Oyster Backdoor appeared first on Cybersecurity News.

Malware 113
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

AI is Changing Cybersecurity – So Defenders Need Change Tactics Too

BH Consulting

Deepfakes are in more places than we realise, and they’re more convincing than we expect. Some time ago, I bought an electric guitar that looked like a genuine name-brand classic, right down to the familiar logo on the headstock; it turned out to be an elaborate knock-off. The line between what’s real and what’s artificial is becoming more blurred and harder to ascertain.

article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.

Firmware 103
article thumbnail

ONNX phishing service targets Microsoft 365 accounts at financial firms

Bleeping Computer

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [.

Phishing 101
article thumbnail

Convicted BEC scammer could face over 100 years in prison

Graham Cluley

A US court has found a Nigerian national guilty of charges related to a US $1.5 million business email compromise (BEC) scam and could face the rest of his life in prison as a consequence. Read more in my article on the Hot for Security blog.

Scams 101
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Globe Life Discloses Security Breach of Consumer Data Portal

SecureWorld News

Globe Life Inc., a major life insurance provider, disclosed in a recent SEC filing that it is investigating a security breach involving unauthorized access to consumer and policyholder information through a company web portal. In the June 13th filing , Christopher T. Moore, Globe Life's Corporate Senior Vice President, Associate Counsel, and Corporate Secretary, stated that following an inquiry from a state insurance regulator, the company "initiated a review of potential vulnerabilities related

article thumbnail

Scathing report on Medibank cyberattack highlights unenforced MFA

Bleeping Computer

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [.

93
article thumbnail

How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report

Cisco Security

The Cisco Cyber Threat Trends report examines malicious domains for trends and patterns. See what the data tells us about the threat landscape. The Cisco Cyber Threat Trends report examines malicious domains for trends and patterns. See what the data tells us about the threat landscape.

article thumbnail

Microsoft says bug causes Windows 10 apps to display Open With dialogs

Bleeping Computer

Microsoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [.

86
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.