Tue.Sep 26, 2023

article thumbnail

Signal Will Leave the UK Rather Than Add a Backdoor

Schneier on Security

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

article thumbnail

ProtonVPN vs. AtlasVPN (2023): Which VPN Should You Use?

Tech Republic Security

Which VPN is better, ProtonVPN or AtlasVPN? Read our in-depth comparison to decide which one fits you in terms of pricing, key features and more.

VPN 164
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Canadian Flair Airlines left user data leaking for months

Security Affairs

Researchers discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months Canadian Flair Airlines left credentials to sensitive databases and email addresses open for at least seven months, the Cybernews research team has discovered. This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands.

article thumbnail

Australian Government’s ‘Six Cyber Shields’ Is Potentially a Well-Meaning Skills Crisis

Tech Republic Security

The Australian government’s new national cyber security strategy might have the inadvertent effect of making security efforts even more difficult for businesses by intensifying the current skills shortage.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Security Affairs

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat. Below is the message published on Twitter by the official X account of Kuwait’s Ministry of Finance.

article thumbnail

Identity Theft Protection Policy

Tech Republic Security

Help protect your employees and customers from identity theft. This policy from TechRepublic Premium outlines precautions for reducing risk, signs to watch out for and steps to take if you suspect identity theft has occurred. While such misfortune may not be 100% preventable for everyone who follows these guidelines (since identity theft can still occur.

More Trending

article thumbnail

Quick Glossary: Malware

Tech Republic Security

Malware is an insidious infection that will steal productivity from your enterprise and potentially wreak havoc on your network. To prevent and counteract malware, it’s important to know the terminology surrounding it. This list of terms from TechRepublic Premium will help you grasp the vocabulary that describes malware and the technology that spawns it.

Malware 135
article thumbnail

Threat actors claim the hack of Sony, and the company investigates

Security Affairs

Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company and added the company to its Tor leak site. “We are currently investigating the situation, and we have no further comment at this time.

Hacking 133
article thumbnail

Microsoft is Rolling out Support for Passkeys in Windows 11

The Hacker News

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step.

Passwords 131
article thumbnail

Can open-source software be secure?

We Live Security

Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

Software 131
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

The Hacker News

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system.

130
130
article thumbnail

Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels

Dark Reading

A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.

Malware 129
article thumbnail

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Security Affairs

Resecurity research found that the ‘Smishing Triad’ cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Resecurity research recently found that ‘ Smishing Triad ,’ a group specializing in phishing scams conducted via SMS (smishing attacks), has expanded its attack campaign into the United Arab Emirates (UAE).

Phishing 129
article thumbnail

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

Bleeping Computer

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. [.

128
128
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Top 5 Problems Solved by Data Lineage

Security Affairs

Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle. In an age where data drives decisions and fuels innovation, understanding the journey of data from its inception to its final destination is paramount. Data lineage provides this understanding. Data lineage is the visualization and tracking of data as it moves through various stages of its lifecycle, and it offers a host of benefits in solving critical data management challenges.

article thumbnail

New ZeroFont phishing tricks Outlook into showing fake AV-scans

Bleeping Computer

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. [.

Phishing 128
article thumbnail

ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

The Hacker News

Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a joint technical report.

article thumbnail

Get a Sneak Peek at a Community Meeting Presentation on Speaking the Same Language As Your Assessor

PCI perspectives

Do not pass up the chance to collaborate and gain knowledge on the latest developments in payment security at the upcoming PCI SSC Community Meetings. These events feature presentations from some of the sharpest minds in payment security. Below Peggy Nolan , PCIP, CISA, CEO, Payment Card Assessments provides a preview of her presentation on Speaking the Same Language as Your Assessor.

113
113
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

The Hacker News

A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations.

article thumbnail

Xenomorph Android Banking Trojan Makes Landfall in US

Security Boulevard

A sophisticated Android banking trojan that was first seen last year targeting banking apps in several European countries has made its way across the Atlantic Ocean, looking to steal credentials and money from customers of such U.S. financial institutions as Chase, Bank of America, American Express, and USAA. In all, the Xenomorph malware is zeroing.

Banking 111
article thumbnail

Essential Guide to Cybersecurity Compliance

The Hacker News

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance.

article thumbnail

Suspicious New Ransomware Group Claims Sony Hack

Dark Reading

A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?

Hacking 103
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

The Hacker News

An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors.

Banking 113
article thumbnail

Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains

Dark Reading

Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.

article thumbnail

Windows 11's new ‘Never Combine’ icons feature is almost usable

Bleeping Computer

After almost three years, Microsoft has finally added the 'Never combine taskbar button' back to Windows, and it still doesn't work correctly.

102
102
article thumbnail

4 Pillars for Building a Responsible Cybersecurity Disclosure Program

Dark Reading

Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Hackers actively exploiting Openfire flaw to encrypt servers

Bleeping Computer

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. [.

article thumbnail

Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware

Graham Cluley

The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware. Read more in my article on the Hot for Security blog.

Spyware 100
article thumbnail

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

Washington, DC, Sept.26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. The goal is to help avoid oversights, misunderstandings, or vague legislation that could invite abuses of power and short-sighted legislation of helpful technology.

VPN 100
article thumbnail

Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

The Hacker News

How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023).

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.