Schneier on Security

JULY 29, 2024

The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames.

Artificial Intelligence 275

Artificial Intelligence 275

Tech Republic Security

JULY 29, 2024

NordPass, Bitwarden and Dashlane are among a handful of secure and feature-packed password managers for those looking for quality 1Password alternatives.

Password Management 173

Password Management Passwords 173

The Hacker News

JULY 29, 2024

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis.

Phishing 135

Phishing Social Engineering Scams Engineering 135

Tech Republic Security

JULY 29, 2024

“Digital intensity” caused by multiple cloud environments, application growth and AI is putting pressure on IT leaders in medium-sized businesses to manage costs while modernising their infrastructure.

Technology 159

Technology Digital transformation Artificial Intelligence Cybersecurity 159

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JULY 29, 2024

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [.

Cybersecurity 134

Cybersecurity 134

Tech Republic Security

JULY 29, 2024

SentinelOne Singularity and Microsoft Defender for Endpoint are among the top CrowdStrike alternatives to consider following the recent IT outage in July.

Software 152

Software 152

Security Boulevard

JULY 29, 2024

G Suite Sours: Domain owners flummoxed as strangers get Google for their domains. The post WTH? Google Auth Bug Lets Hackers Login as You appeared first on Security Boulevard.

Digital transformation 127

Digital transformation Social Engineering Data privacy Engineering 127

Tech Republic Security

JULY 29, 2024

Separately, iPhone users will need to wait until October for Apple Intelligence LLM services.

Government 159

Government Artificial Intelligence Big data 159

Security Boulevard

JULY 29, 2024

The European Union (EU) is currently confronting a significant surge in cyberattacks, primarily originating from Russia and these brute-force assaults are targeting corporate and institutional networks. The post Russia-Backed Brute-Force Campaign Targets Microsoft Infrastructure in EU appeared first on Security Boulevard.

Passwords 126

Passwords Security Awareness Cybersecurity Network Security 126

Bleeping Computer

JULY 29, 2024

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [.

Spyware 127

Spyware Mobile 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JULY 29, 2024

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.

Ransomware 123

Ransomware Encryption Authentication Malware 123

Security Boulevard

JULY 29, 2024

Biometrics can be a force for major good in our society and around various facets of the upcoming Paris Olympics, most notably public safety. The post Why Biometrics are Key to a Safe Paris Olympics appeared first on Security Boulevard.

Social Engineering 119

Social Engineering Data privacy Engineering Security Awareness 119

Security Affairs

JULY 29, 2024

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. ACI is a comprehensive IT solution designed to provide cyber protection and data management.

Data breaches 128

Data breaches Software Passwords Hacking 128

Security Boulevard

JULY 29, 2024

Some 4.3 million people had their personal and health care information compromised by hackers who were were able to access the data by breaching the account of a business partner of HealthEquity. The post HealthEquity: 4.3 Million People Affected by Data Breach appeared first on Security Boulevard.

Data breaches 115

Data breaches Accountability Data privacy Cybersecurity 115

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.” warned

Ransomware 133

Ransomware Engineering Encryption Authentication 133

Bleeping Computer

JULY 29, 2024

A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. [.

Phishing 113

Phishing 113

Security Boulevard

JULY 29, 2024

Organizations are increasingly implementing generative AI (GenAI) solutions to boost productivity and introduce new operational efficiencies. Unfortunately, so are cybercriminals, and they’re doing so with alarming effectiveness. The post Fighting Fire with Fire: Using AI to Thwart Cybercriminals appeared first on Security Boulevard.

Social Engineering 111

Social Engineering Engineering Security Awareness Cybersecurity 111

Bleeping Computer

JULY 29, 2024

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. [.

Ransomware 130

Ransomware Authentication 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 29, 2024

The post Crowdstrike outage: Growing scams amid global outage appeared first on Click Armor. The post Crowdstrike outage: Growing scams amid global outage appeared first on Security Boulevard.

Scams 111

Scams Social Engineering CISO Engineering 111

Graham Cluley

JULY 29, 2024

Hackers have released internal documents stolen from one of America's largest IT services providers, which counts various US government agencies, including the Department of Defense, amongst its customers. Read more in my article on the Hot for Security blog.

Hacking 110

Hacking Government Data breaches Ransomware 110

The Hacker News

JULY 29, 2024

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year.

Accountability 112

Accountability Malware 112

eSecurity Planet

JULY 29, 2024

In the aftermath of CrowdStrike’s unique update failure that sparked a different type of security incident, standard vulnerability disclosures and patches proceed as usual. This week, we also saw some older issues return to light, including an Internet Explorer vulnerability first discovered in 2012. A Microsoft SmartScreen vulnerability from earlier this year resurfaced, and a Docker flaw from 2018 is still causing issues in a newer version of the software.

Internet 109

Internet Internet Accountability Software 109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JULY 29, 2024

LLMs have introduced a greater risk of the unexpected, so, their integration, usage and maintenance protocols should be extensive and closely monitored. The post Hallucination Control: Benefits and Risks of Deploying LLMs as Part of Security Processes appeared first on Security Boulevard.

Risk 103

Risk Security Awareness Cybersecurity 103

The Hacker News

JULY 29, 2024

Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running.

Encryption 105

Encryption Cybersecurity 105

We Live Security

JULY 29, 2024

Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants

Malware 112

Malware 112

The Hacker News

JULY 29, 2024

Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.

Passwords 104

Passwords Cybersecurity 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JULY 29, 2024

HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [.

Data breaches 107

Data breaches Cybersecurity Healthcare 107

Malwarebytes

JULY 29, 2024

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have urged the Federal Trade Commission (FTC) to investigate automakers’ disclosure of millions of Americans’ driving data to data brokers, and to share new-found details about the practice.

Insurance 97

Insurance Data collection Data breaches Manufacturing 97

SecureWorld News

JULY 29, 2024

Internal documents from Leidos Holdings Inc., a leading IT services provider to various U.S. government agencies—including the Defense Department—have been leaked online by hackers. According to a Bloomberg News report on July 23, the documents are believed to have been exfiltrated during a breach of a system operated by Diligent Corp., which Leidos used for its operations.

Government 92

Government Risk Encryption Authentication 92

Malwarebytes

JULY 29, 2024

This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks.

Data collection 95

Data collection Firewall Advertising Cybersecurity 95

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government