Schneier on Security
JULY 11, 2024
Not a lot of details : Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April.
Tech Republic Security
JULY 11, 2024
Train at your own pace for valuable IT certifications to start or further your IT career with courses for absolute novices to advanced cybersecurity modules.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 11, 2024
Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [.
Tech Republic Security
JULY 11, 2024
Exploiting the BlastRADIUS vulnerability leverages a man-in-the-middle attack on the RADIUS authentication process.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Bleeping Computer
JULY 11, 2024
The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." [.
Security Affairs
JULY 11, 2024
Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intelligence Response Team (SIRT) warns that multiple threat actors are exploiting the PHP vulnerability C VE-2024-4577 to deliver multiple malware families, including Gh0st RAT , RedTail cryptominers, and XMRig. “Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we obser
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JULY 11, 2024
Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale Resecurity (USA) identified a new campaign targeting India Post (Department of Posts, India) by the Smishing Triad, which reportedly started amplifying around July 8, 2024, based on multiple victim reports and the detection of new infrastructure set up in the days preceding.
Security Boulevard
JULY 11, 2024
The FTC found in a review of studies that more than three-quarters of websites and apps used dark patterns to deceptively manipulate consumers into buying products they didn't want or to hand over information. The post Most Websites and Apps Use Dark Patterns to Cheat Consumers: FTC appeared first on Security Boulevard.
The Hacker News
JULY 11, 2024
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
Security Boulevard
JULY 11, 2024
Cloud security in 2024 is akin to playing a team sport – it requires clear communication and collaboration between technology vendors and customers. The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
JULY 11, 2024
A security vulnerability, identified as CVE-2024-39202, has been discovered in the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router, posing a significant risk to users. The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.
Security Boulevard
JULY 11, 2024
A survey of 322 IT and security professionals finds nearly two-thirds (63%) have confidence in the effectiveness of their organization’s data security measures with another 30% uncertain despite the volume of breaches and ransomware attacks being regularly reported. The post Survey Finds Confidence in Data Security Despite Ransomware Scourge appeared first on Security Boulevard.
Penetration Testing
JULY 11, 2024
ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, affect various versions... The post ServiceNow Security Alert: Critical Vulnerabilities Expose Businesses to RCE and Data Breaches appeared first on Cybersecurity News.
The Hacker News
JULY 11, 2024
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 11, 2024
The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000 individuals exposing their personal information. In October 2023 the Play ransomware group hit Dallas County, Texas, and added the city to its Tor leak site claiming the theft of sensitive documents from multiple departments. Dallas refused to pay the ransom and the extortion group leaked the stolen documents in November 2023.
The Hacker News
JULY 11, 2024
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.
Security Affairs
JULY 11, 2024
A threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake and various open-source utilities. The Sysdig Threat Research Team (TRT) first spotted the threat actor CrystalRay on February 2024 and observed it using the SSH-Snake open-source software penetration testing tool. The experts collected new evidence that revealed that the threat actor expanded its operations.
WIRED Threat Level
JULY 11, 2024
A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JULY 11, 2024
A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. [.
SecureList
JULY 11, 2024
Introduction Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer.
WIRED Threat Level
JULY 11, 2024
The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.
SecureWorld News
JULY 11, 2024
In a remarkable show of international cooperation, intelligence and cybersecurity agencies from eight countries have jointly accused China of orchestrating a series of cyberattacks on government networks. The United States, United Kingdom, Canada, Australia, New Zealand, Germany, Japan, and South Korea have pointed the finger at APT40, a hacking group believed to be sponsored by China's Ministry of State Security.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureBlitz
JULY 11, 2024
This post will show you a guide on open enrollment for employees. Employees should take advantage of open enrollment to examine and modify their benefits. You may make more educated decisions regarding your retirement plans, healthcare, and other benefits by being aware of this process. To make sure you are ready, this tutorial covers five […] The post A Guide on Open Enrollment for Employees appeared first on SecureBlitz Cybersecurity.
Heimadal Security
JULY 11, 2024
Over 16,400 global organizations are at risk due to a critical security flaw that could lead to the remote compromise of systems, an investigation by Heimdal has found. Tracked as CVE-2024-6387 and known as RegreSSHion, this vulnerability carries a CVSS score of 8.1, raising alarms within the cybersecurity community for its potential to enable remote […] The post Over 16,400 Private and State-Owned Businesses Exposed to RegreSSHion Vulnerability appeared first on Heimdal Security Blog.
The Hacker News
JULY 11, 2024
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers.
Bleeping Computer
JULY 11, 2024
Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Graham Cluley
JULY 11, 2024
Execs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Bleeping Computer
JULY 11, 2024
Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. [.
Security Boulevard
JULY 11, 2024
SANTA CLARA, Calif., July 12, 2024 — NSFOCUS is honored to announce that its Large Model Empowered Security Operations case has been featured in the 2024 Case Studies of Demonstration Application for Foundation Models at the World Artificial Intelligence Conference (WAIC). This prestigious recognition highlights NSFOCUS’s pioneering efforts in AI-driven cybersecurity solutions.
SecureBlitz
JULY 11, 2024
Here are tips on hiring and retaining talent in the construction industry. The world of construction is constantly evolving, throwing new hurdles your way. In order to stay competitive, businesses must develop a robust strategy for attracting and retaining skilled employees. With construction projects growing more complex, having a skilled workforce is no longer a […] The post Tips on Hiring and Retaining Talent in the Construction Industry appeared first on SecureBlitz Cybersecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
258 
Let's personalize your content