Mon.Sep 09, 2024

article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

article thumbnail

FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

Penetration Testing

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Surfshark vs NordVPN (2024): Which VPN Should You Choose?

Tech Republic Security

Compare Surfshark and NordVPN to determine which one is better. Explore their features, performance and pricing to make an informed decision.

VPN 147
article thumbnail

Cybersecurity Spending Is Slowing With the Economy

Lohrman on Security

A new report from IANS Research and Artico Search suggests that cybersecurity budgets are growing at a much slower pace than they were previously. Here are the details.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Experts demonstrated how to bypass WhatsApp View Once feature

Security Affairs

Users are exploiting a privacy flaw in WhatsApp to bypass the app’s “View once” feature, allowing them to re-view messages. The ‘View Once ‘ feature in WhatsApp allows users to send photos, videos, and voice messages that can only be viewed once by the recipient. Recipients cannot forward, share, or copy the “View Once” media, and they cannot take screenshots or screen recordings of it.

Media 141
article thumbnail

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.

More Trending

article thumbnail

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

The Hacker News

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr.

article thumbnail

Most Common Cybersecurity Threats to Avoid!

Tech Republic Security

From phishing scams to ransomware attacks, discover what these threats look like and how you can protect yourself and your business.

Scams 130
article thumbnail

The Foundation of Zero-Trust Security Architecture

Security Boulevard

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

article thumbnail

TIDRONE APT targets drone manufacturers in Taiwan

Security Affairs

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Security Boulevard

The rise in sophisticated phishing threats like polymorphic attacks, social engineering tactics, and the use of compromised accounts have undoubtedly highlighted the significant gaps in perimeter technology, leading to a notable increase in bypassed attacks. The post Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection appeared first on Security Boulevard.

Phishing 121
article thumbnail

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

The Hacker News

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.

Malware 116
article thumbnail

The Weaponization of AI and ML is Complicating the Digital Battlefield

Security Boulevard

Zero-trust architecture is increasingly seen as a solution to the challenges posed by AI and ML. Initial training must focus on standardizing basic technologies. The post The Weaponization of AI and ML is Complicating the Digital Battlefield appeared first on Security Boulevard.

article thumbnail

How I Fried and Fixed Zephyrus M16 while applying PTM7950 on CPU and GPU

Hackology

I stumbled on PTM7950 listing on AliExpress and thought to try it out. My Laptops and PC were working fine in my opinion until I checked out that I had the following Temps : Relevant PC Specs : CPU – AMD Ryzen 9 3900X 12-Core Processor [ CPU Max : 83 ] GPU – AMD Radeon RX 5700 XT [ GPU Max : 89 / Hot Spot 100 ] Laptop Specs [Asus M16]: CPU – 11th Gen Intel Core i9-11900H [ CPU Max : 100 ] GPU – NVIDIA GeForce RTX 3060 Laptop GPU [ GPU Max : 75 / Hotspot 80 ] Decision to U

Internet 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

Penetration Testing

Zyxel has released critical hotfixes for two of its NAS products, NAS326 and NAS542, which have already reached their end-of-vulnerability-support lifecycle. These devices are susceptible to a command injection vulnerability... The post CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products appeared first on Cybersecurity News.

article thumbnail

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

Industrial control systems (ICS) are the backbone of critical infrastructure, powering essential operations in the energy, manufacturing, water treatment, and transportation sectors. These systems ensure the seamless functioning of processes that keep industries running smoothly and efficiently. However, as ICSs become more integrated with digital networks, their vulnerability to cyberthreats grows, making robust security measures essential to safeguarding these vital operations.

Firmware 109
article thumbnail

Create a Disaster Preparedness Plan to Keep Your Identity Safe

Identity IQ

Create a Disaster Preparedness Plan to Keep Your Identity Safe IdentityIQ Natural disasters like hurricanes, wildfires, and tornadoes bring chaos and upheaval. In the midst of extreme weather emergencies , evacuations, power outages, and destroyed homes, preventing information theft may not be at the top of your mind. However, these disasters can make you more vulnerable to identity theft, as critical documents and devices may be lost , stolen, or damaged, and the urgency of the situation often

article thumbnail

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

Last week’s vulnerability news highlighted major security problems that affect a wide range of technologies. These vulnerabilities represent significant dangers for end users and organizations — from the remote code execution vulnerabilities in Veeam Backup & Replication and Apache OFBiz to the severe access control issues in SonicWall and Google Android.

Firmware 109
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

Penetration Testing

Security researchers published the technical details and a proof-of-concept exploit (PoC) code for a zero-day vulnerability in Windows, tracked as CVE-2024-30051, which could allow attackers to escalate their privileges to... The post CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published appeared first on Cybersecurity News.

Malware 110
article thumbnail

What You Need to Know About Grok AI and Your Privacy

WIRED Threat Level

xAI's generative AI tool, Grok AI, is unhinged compared to its competitors. It's also scooping up a ton of data people post on X. Here's how to keep your posts out of Grok—and why you should.

article thumbnail

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Hacker News

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.

Insurance 102
article thumbnail

The 4 biggest new health features Apple just announced

Zero Day

Actionable health insights were an overarching theme across Apple's new line of products, including the ability for the AirPods Pro 2 to act as an over-the-counter hearing aid.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The Hacker News

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected.

Antivirus 101
article thumbnail

iPhone 16 Pro vs. iPhone 15 Pro: Should you upgrade to the latest model?

Zero Day

The newest iPhone model features a larger and stronger display than last year's, a more powerful and efficient processor, and a camera control button. Is it worth upgrading?

98
article thumbnail

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

The Hacker News

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection.

article thumbnail

iPhone 16 Pro vs. iPhone 14 Pro: Is it worth an upgrade?

Zero Day

Apple's new iPhone 16 Pro has some notable improvements, but are they enough to warrant upgrading from the iPhone 14 Pro just two years later? Here's how to decide.

98
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

The Hacker News

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!

Risk 94
article thumbnail

Every iPhone 16 model compared: Which new iPhone should you buy?

Zero Day

Apple unveiled the new iPhone 16 with standout camera improvements and larger displays, but which one is right for you? We'll break down how each model compares.

98
article thumbnail

Loki: a new private agent for the popular Mythic framework

SecureList

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent’s decrypted strings Our solutions detect this threat as Backdoor.Win64.MLoki to differentiate it from other malware families with the same name, such as Loki Bot , Loki Locker, and others.

article thumbnail

iPhone 16 hands-on: So packed with features, I almost forgot about its Pro model

Zero Day

By offering the Camera Control button, Action button, and even the A18 chipset, the gap between the iPhone 16 and iPhone 16 Pro is now smaller than ever.

98
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.