Mon.Sep 09, 2024

article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

article thumbnail

Surfshark vs NordVPN (2024): Which VPN Should You Choose?

Tech Republic Security

Compare Surfshark and NordVPN to determine which one is better. Explore their features, performance and pricing to make an informed decision.

VPN 163
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

Penetration Testing

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.

article thumbnail

Most Common Cybersecurity Threats to Avoid!

Tech Republic Security

From phishing scams to ransomware attacks, discover what these threats look like and how you can protect yourself and your business.

Scams 150
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.

article thumbnail

Is Apple’s iCloud Keychain Safe to Use in 2024?

Tech Republic Security

iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.

More Trending

article thumbnail

Experts demonstrated how to bypass WhatsApp View Once feature

Security Affairs

Users are exploiting a privacy flaw in WhatsApp to bypass the app’s “View once” feature, allowing them to re-view messages. The ‘View Once ‘ feature in WhatsApp allows users to send photos, videos, and voice messages that can only be viewed once by the recipient. Recipients cannot forward, share, or copy the “View Once” media, and they cannot take screenshots or screen recordings of it.

Media 143
article thumbnail

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

The Hacker News

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.

Malware 137
article thumbnail

TIDRONE APT targets drone manufacturers in Taiwan

Security Affairs

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND.

article thumbnail

What You Need to Know About Grok AI and Your Privacy

WIRED Threat Level

xAI's generative AI tool, Grok AI, is unhinged compared to its competitors. It's also scooping up a ton of data people post on X. Here's how to keep your posts out of Grok—and why you should.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Hacker News

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.

Insurance 130
article thumbnail

Cybersecurity Spending Is Slowing With the Economy

Lohrman on Security

A new report from IANS Research and Artico Search suggests that cybersecurity budgets are growing at a much slower pace than they were previously. Here are the details.

article thumbnail

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The Hacker News

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected.

Antivirus 129
article thumbnail

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

Malwarebytes

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions, such as drug trafficking and fraud. Durov is the CEO and founder of the messaging and communications app Telegram.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

The Hacker News

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection.

Software 127
article thumbnail

The Foundation of Zero-Trust Security Architecture

Security Boulevard

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

article thumbnail

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

The Hacker News

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!

Risk 123
article thumbnail

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Security Boulevard

The rise in sophisticated phishing threats like polymorphic attacks, social engineering tactics, and the use of compromised accounts have undoubtedly highlighted the significant gaps in perimeter technology, leading to a notable increase in bypassed attacks. The post Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection appeared first on Security Boulevard.

Phishing 121
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

Penetration Testing

Zyxel has released critical hotfixes for two of its NAS products, NAS326 and NAS542, which have already reached their end-of-vulnerability-support lifecycle. These devices are susceptible to a command injection vulnerability... The post CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products appeared first on Cybersecurity News.

article thumbnail

Loki: a new private agent for the popular Mythic framework

SecureList

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent’s decrypted strings Our solutions detect this threat as Backdoor.Win64.MLoki to differentiate it from other malware families with the same name, such as Loki Bot , Loki Locker, and others.

article thumbnail

The Weaponization of AI and ML is Complicating the Digital Battlefield

Security Boulevard

Zero-trust architecture is increasingly seen as a solution to the challenges posed by AI and ML. Initial training must focus on standardizing basic technologies. The post The Weaponization of AI and ML is Complicating the Digital Battlefield appeared first on Security Boulevard.

article thumbnail

How I Fried and Fixed Zephyrus M16 while applying PTM7950 on CPU and GPU

Hackology

I stumbled on PTM7950 listing on AliExpress and thought to try it out. My Laptops and PC were working fine in my opinion until I checked out that I had the following Temps : Relevant PC Specs : CPU – AMD Ryzen 9 3900X 12-Core Processor [ CPU Max : 83 ] GPU – AMD Radeon RX 5700 XT [ GPU Max : 89 / Hot Spot 100 ] Laptop Specs [Asus M16]: CPU – 11th Gen Intel Core i9-11900H [ CPU Max : 100 ] GPU – NVIDIA GeForce RTX 3060 Laptop GPU [ GPU Max : 75 / Hotspot 80 ] Decision to U

Internet 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

The Hacker News

GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks.

Risk 111
article thumbnail

CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

Penetration Testing

Security researchers published the technical details and a proof-of-concept exploit (PoC) code for a zero-day vulnerability in Windows, tracked as CVE-2024-30051, which could allow attackers to escalate their privileges to... The post CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published appeared first on Cybersecurity News.

Malware 110
article thumbnail

Create a Disaster Preparedness Plan to Keep Your Identity Safe

Identity IQ

Create a Disaster Preparedness Plan to Keep Your Identity Safe IdentityIQ Natural disasters like hurricanes, wildfires, and tornadoes bring chaos and upheaval. In the midst of extreme weather emergencies , evacuations, power outages, and destroyed homes, preventing information theft may not be at the top of your mind. However, these disasters can make you more vulnerable to identity theft, as critical documents and devices may be lost , stolen, or damaged, and the urgency of the situation often

article thumbnail

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

Industrial control systems (ICS) are the backbone of critical infrastructure, powering essential operations in the energy, manufacturing, water treatment, and transportation sectors. These systems ensure the seamless functioning of processes that keep industries running smoothly and efficiently. However, as ICSs become more integrated with digital networks, their vulnerability to cyberthreats grows, making robust security measures essential to safeguarding these vital operations.

Firmware 103
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

A week in security (September 2 – September 8)

Malwarebytes

Last week on Malwarebytes Labs: Lowe’s employees phished via Google ads Planned Parenthood partly offline after ransomware attack “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home How to avoid election related scams London’s city transport hit by cybersecurity incident City of Columbus tries to silence security researcher Last week on ThreatDown: Lowe’s employees targeted in new malvertising campaign You have one minute to save your leaked AWS

Scams 100
article thumbnail

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

Last week’s vulnerability news highlighted major security problems that affect a wide range of technologies. These vulnerabilities represent significant dangers for end users and organizations — from the remote code execution vulnerabilities in Veeam Backup & Replication and Apache OFBiz to the severe access control issues in SonicWall and Google Android.

Firmware 100
article thumbnail

iPhone 16 hands-on: So packed with features, I almost forgot about its Pro model

Zero Day

By offering the Camera Control button, Action button, and even the A18 chipset, the gap between the iPhone 16 and iPhone 16 Pro is now smaller than ever.

98
article thumbnail

Legal Impact of GDPR Data Policy Violations

Security Boulevard

GDPR violations can result in severe consequences. In its first year, over 89,000 data breaches were reported, leading to fines totaling €56 million. In 2019, the UK’s Information Commissioner’s Office (ICO) imposed record fines on British Airways (€183 million) and Marriott International (€110 million) for breaches affecting millions of customers. Organizations that do not comply […] The post Legal Impact of GDPR Data Policy Violations appeared first on Kratikal Blogs.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.