Mon.Oct 16, 2023

article thumbnail

Coin Flips Are Biased

Schneier on Security

Experimental result : Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Persi Diaconis. The model asserts that when people flip an ordinary coin, it tends to land on the same side it started—Diaconis estimated the probability of a same-side outcome to be about 51%.

304
304
article thumbnail

New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

Tech Republic Security

This CISA-NSA guidance reveals concerning gaps and deficits in the multifactor authentication and Single Sign-On industry and calls for vendors to make investments and take additional steps.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: A primer on best practices for automating supply chain cybersecurity

The Last Watchdog

Supply chain security grows more crucial daily as cybercriminals attempt to disrupt distribution and transportation. In response, industry professionals must automate their cybersecurity tools to stay ahead. Why so? The 2020 SolarWinds cybersecurity incident — which industry experts call the supply chain attack of the decade — was an incredibly high-profile breach affecting massive corporations.

article thumbnail

Avast SecureLine VPN Review (2023): Is It a Good VPN for You?

Tech Republic Security

Read our comprehensive review of Avast SecureLine VPN. We analyze its features, speed, security, and more to determine if it is the best VPN option for you.

VPN 154
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cisco warns of active exploitation of IOS XE zero-day

Security Affairs

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

article thumbnail

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

The Hacker News

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system.

Software 143

More Trending

article thumbnail

GDPR Consent Request Forms: Sample Text

Tech Republic Security

The European Union’s General Data Protection Regulation requires every organization that collects sensitive personal data from those residing in the EU to ask for clear and specific consent before collecting that data. The three sample texts from TechRepublic Premium will provide a customizable framework for your organization to use and stay compliant.

140
140
article thumbnail

DarkGate malware campaign abuses Skype and Teams

Security Affairs

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGa

Malware 140
article thumbnail

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

Dark Reading

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

article thumbnail

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

The Hacker News

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity’s Future: Women at the Forefront

IT Security Guru

The cybersecurity landscape is always changing, and women are increasingly being given a platform to break down barriers and advance in an area that has traditionally been dominated by men. Organisations like CyberWomen@Warwick, and by extension, CyberWomen Groups C.I.C., are assisting in this change and providing that platform to champion for women in cyber whilst paving the way for a brighter and better future.

Education 136
article thumbnail

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

The Hacker News

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.

Spyware 138
article thumbnail

Cisco warns of new IOS XE zero-day actively exploited in attacks

Bleeping Computer

Cisco warned admins today of a new maximum severity authentication bypass zero-day in its IOS XE software that lets unauthenticated attackers gain full administrator privileges and take complete control of affected routers and switches remotely. [.

article thumbnail

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft announced that its Microsoft Defender for Endpoint helped to block a large-scale hacking campaign carried out by Akira ransomware operators (tracked by Microsoft as Storm-1567) The attack took place in early June 2023 and aimed at an industrial engineering organization.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Bleeping Computer

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams. [.

129
129
article thumbnail

Signal denies claims of an alleged zero-day flaw in its platform

Security Affairs

Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation. The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability. “PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability.

Spyware 125
article thumbnail

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

The Hacker News

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.

Phishing 125
article thumbnail

The forgotten malvertising campaign

Malwarebytes

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware.

Malware 124
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Discord still a hotbed of malware activity — Now APTs join the fun

Bleeping Computer

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens. [.

Malware 119
article thumbnail

Power Checklist: Vetting Employees for Security Sensitive Operations

Tech Republic Security

Most organizations have applications, processes and data that must be kept secure by authorized personnel. Determining the eligibility of individuals to access or administer these components can be a challenge. Whether you need to establish full access permissions to folders for the purpose of backups or you’re responsible for handling data that could adversely affect.

Backups 118
article thumbnail

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers.

article thumbnail

Microsoft fixes Windows 10 security update installation issue

Bleeping Computer

Microsoft has resolved a known issue that caused Windows 10 security updates released during this month's Patch Tuesday to fail with 0x8007000d errors. [.

112
112
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Synthetic Identity Theft: What It Is and How It Works

Identity IQ

Synthetic Identity Theft: What It Is and How It Works IdentityIQ You work hard to protect your identity. You’re cautious about sharing personal information, you regularly change your passwords, and you keep an eye on your credit report. But despite your diligence, there’s a form of identity theft that’s becoming increasingly prevalent and is notoriously difficult to detect — synthetic identity theft.

article thumbnail

Signal debunks online rumours of zero-day security vulnerability

Graham Cluley

Over the weekend rumours circulated on social networks of an unpatched security hole in the Signal messaging app that could allow a remote hacker to seize control of your smartphone. But were they true? Read more in my article on the Hot for Security blog.

109
109
article thumbnail

Fake 'RedAlert' rocket alert app for Israel installs Android spyware

Bleeping Computer

Israeli Android users are targeted by a malicious version of the 'RedAlert - Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background. [.

Spyware 109
article thumbnail

How Data Changes the Cyber-Insurance Market Outlook

Dark Reading

By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Deep Web vs. Dark Web: What's the Difference?

Digital Guardian

While the dark web and the deep web may be used interchangeably, they're not one in the same. Today's blog post digs into differences between them, which is larger, and more.

104
104
article thumbnail

Malicious 'Airstrike Alert' App Targets Israelis

Dark Reading

A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more.

article thumbnail

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

The Hacker News

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management.

104
104
article thumbnail

News alert: Infobip identifies five typical security challenges impacting mobile users

The Last Watchdog

Vodnjan, Croatia, October 16, 2023 – Global cloud communications platform Infobip has identified five common frauds impacting mobile users in the messaging ecosystem. Infobip explains the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem. Company also explains its role as a co-guardian of the A2P ecosystem with MNOs, helping protect brands and mobile users with its firewall.

Mobile 100
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.