Schneier on Security

JULY 29, 2024

The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames.

Artificial Intelligence 296

Artificial Intelligence 296

Tech Republic Security

JULY 29, 2024

NordPass, Bitwarden and Dashlane are among a handful of secure and feature-packed password managers for those looking for quality 1Password alternatives.

Password Management 189

Password Management Passwords 189

The Hacker News

JULY 29, 2024

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis.

Phishing 145

Phishing Social Engineering Scams Engineering 145

Tech Republic Security

JULY 29, 2024

“Digital intensity” caused by multiple cloud environments, application growth and AI is putting pressure on IT leaders in medium-sized businesses to manage costs while modernising their infrastructure.

Technology 178

Technology Digital transformation Artificial Intelligence Cybersecurity 178

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JULY 29, 2024

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various legitimate companies.

Phishing 144

Phishing Scams Authentication 144

Tech Republic Security

JULY 29, 2024

Separately, iPhone users will need to wait until October for Apple Intelligence LLM services.

Government 177

Government Artificial Intelligence Big data 177

Tech Republic Security

JULY 29, 2024

SentinelOne Singularity and Microsoft Defender for Endpoint are among the top CrowdStrike alternatives to consider following the recent IT outage in July.

Software 172

Software 172

The Hacker News

JULY 29, 2024

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.

Ransomware 140

Ransomware Encryption Authentication Malware 140

WIRED Threat Level

JULY 29, 2024

Long-distance cables were severed across France in a move that disrupted internet connectivity.

Internet 138

Internet Internet 138

The Hacker News

JULY 29, 2024

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year.

Accountability 135

Accountability Malware 135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JULY 29, 2024

Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target.

Passwords 135

Passwords Malware Hacking 135

Security Affairs

JULY 29, 2024

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. ACI is a comprehensive IT solution designed to provide cyber protection and data management.

Data breaches 135

Data breaches Software Passwords Hacking 135

Bleeping Computer

JULY 29, 2024

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [.

Cybersecurity 134

Cybersecurity 134

The Hacker News

JULY 29, 2024

Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running.

Encryption 133

Encryption Cybersecurity 133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JULY 29, 2024

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. [.

Ransomware 130

Ransomware Authentication 130

The Hacker News

JULY 29, 2024

Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.

Passwords 131

Passwords Cybersecurity 131

Malwarebytes

JULY 29, 2024

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have urged the Federal Trade Commission (FTC) to investigate automakers’ disclosure of millions of Americans’ driving data to data brokers, and to share new-found details about the practice.

Insurance 128

Insurance Data collection Data breaches Manufacturing 128

Bleeping Computer

JULY 29, 2024

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [.

Spyware 127

Spyware Mobile 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

JULY 29, 2024

This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks.

Data collection 128

Data collection Firewall Advertising Cybersecurity 128

Security Boulevard

JULY 29, 2024

G Suite Sours: Domain owners flummoxed as strangers get Google for their domains. The post WTH? Google Auth Bug Lets Hackers Login as You appeared first on Security Boulevard.

Digital transformation 127

Digital transformation Social Engineering Data privacy Engineering 127

We Live Security

JULY 29, 2024

Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants

Malware 124

Malware 124

Security Boulevard

JULY 29, 2024

The European Union (EU) is currently confronting a significant surge in cyberattacks, primarily originating from Russia and these brute-force assaults are targeting corporate and institutional networks. The post Russia-Backed Brute-Force Campaign Targets Microsoft Infrastructure in EU appeared first on Security Boulevard.

Passwords 126

Passwords Security Awareness Cybersecurity Network Security 126

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JULY 29, 2024

A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. [.

Phishing 113

Phishing 113

Security Boulevard

JULY 29, 2024

Biometrics can be a force for major good in our society and around various facets of the upcoming Paris Olympics, most notably public safety. The post Why Biometrics are Key to a Safe Paris Olympics appeared first on Security Boulevard.

Social Engineering 119

Social Engineering Data privacy Engineering Security Awareness 119

Malwarebytes

JULY 29, 2024

Last week on Malwarebytes Labs: Meta takes down 63,000 sextortion-related accounts on Instagram Windows update may present users with a BitLocker recovery screen TracFone will pay $16 million to settle FCC data breach investigation Google admits it can’t quite quit third-party cookies Heritage Foundation data breach containing personal data is available online Last week on ThreatDown: New phishing campaign uses Discord for payload delivery Rhysida using Oyster Backdoor to deliver ransomware Bigg

Data breaches 108

Data breaches Ransomware Phishing Accountability 108

Security Boulevard

JULY 29, 2024

Some 4.3 million people had their personal and health care information compromised by hackers who were were able to access the data by breaching the account of a business partner of HealthEquity. The post HealthEquity: 4.3 Million People Affected by Data Breach appeared first on Security Boulevard.

Data breaches 115

Data breaches Accountability Data privacy Cybersecurity 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JULY 29, 2024

HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [.

Data breaches 107

Data breaches Cybersecurity Healthcare 107

Security Boulevard

JULY 29, 2024

Organizations are increasingly implementing generative AI (GenAI) solutions to boost productivity and introduce new operational efficiencies. Unfortunately, so are cybercriminals, and they’re doing so with alarming effectiveness. The post Fighting Fire with Fire: Using AI to Thwart Cybercriminals appeared first on Security Boulevard.

Social Engineering 111

Social Engineering Engineering Security Awareness Cybersecurity 111

Graham Cluley

JULY 29, 2024

Hackers have released internal documents stolen from one of America's largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Read more in my article on the Hot for Security blog.

Hacking 105

Hacking Government Data breaches Ransomware 105

Security Boulevard

JULY 29, 2024

The post Crowdstrike outage: Growing scams amid global outage appeared first on Click Armor. The post Crowdstrike outage: Growing scams amid global outage appeared first on Security Boulevard.

Scams 111

Scams Social Engineering CISO Engineering 111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity