Fri.May 24, 2024

article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

Marketing 273
article thumbnail

AI Seoul Summit: 4 Key Takeaways on AI Safety Standards and Regulations

Tech Republic Security

Major breakthroughs were made in global nations’ AI safety commitments, AI safety institutes, research grants and AI risk thresholds at this month’s AI Seoul Summit.

Risk 153
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.

article thumbnail

CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Tech Republic Security

A leading cyber lawyer in Australia has warned CISOs and other IT leaders their organisations and careers could be at stake if they do not understand data risk and data governance practices.

CISO 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services.

DNS 135
article thumbnail

Get a Lifetime of 1TB Cloud Storage for Only $80 With FolderFort

Tech Republic Security

Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security.

155
155

More Trending

article thumbnail

Black Basta Ascension Attack Redux — can Patients Die of Ransomware?

Security Boulevard

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk. The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

article thumbnail

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

Security Affairs

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. “You can use Recall on Copilot+ PCs to find the content you have viewed on your device.

article thumbnail

Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP

The Hacker News

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

article thumbnail

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519 , is an improper access control vulnerability in Apache Flink.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Copilot fixed worldwide after 24 hour outage

Bleeping Computer

After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [.

Software 128
article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Security Affairs

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity ‘type confusion’ in the V8 JavaScript engine, the Google researcher Clément Lecigne and Brendon Tiszka discovered it.

article thumbnail

CISO Cite Human Error as Top IT Security Risk

Security Boulevard

It’s the wetware. It’s always the wetware. But that’s not the only takeaway from this year’s Voice of the CISO report. The post CISO Cite Human Error as Top IT Security Risk appeared first on Security Boulevard.

CISO 126
article thumbnail

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The Hacker News

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year

Bleeping Computer

Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [.

128
128
article thumbnail

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

The Hacker News

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.

Antivirus 127
article thumbnail

Top Cyber Security Companies in Bangalore

Security Boulevard

Bangalore, often referred to as the Silicon Valley of India, is home to numerous companies specializing in cybersecurity. Given the increasing prevalence of cyber threats and attacks, investing in cybersecurity has become imperative for businesses to safeguard their assets and information. With the rapid digitization of businesses and the increasing prevalence of cyber threats, robust cybersecurity […] The post Top Cyber Security Companies in Bangalore appeared first on Kratikal Blogs.

article thumbnail

Monetize Magnet – Understanding What This Crypto CPA Network Provides to Affiliate Marketers

IT Security Guru

The one thing that every affiliate marketer would want is to have an advanced and robust network by their side. It ensures that you have all the right tools and features to progress with your affiliate marketing efforts. How does it do that you may ask? Well, it allows you to find the right crypto CPA network and affiliate program. So, if you are looking for a robust network, then this Monetize Magnet review is here to help you out.

Marketing 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft: Windows 24H2 will remove Cortana and WordPad apps

Bleeping Computer

Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [.

127
127
article thumbnail

Almost all citizens of city of Eindhoven have their personal data exposed

Graham Cluley

A data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. And then they chose not to tell the affected 221,511 people about it. Read more in my article on the Hot for Security blog.

article thumbnail

ICQ messenger shuts down after almost 28 years

Bleeping Computer

The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [.

Software 137
article thumbnail

Cloud Security Fundamentals: Understanding the Basics

eSecurity Planet

Cloud security fundamentals are the core requirements that ensure data protection, regulatory compliance, and access management in a cloud environment. These standards assist businesses in establishing trust with their consumers, avoiding financial losses due to breaches, and ensuring business continuity. Understanding cloud security challenges and knowing the cloud security tools available in the market significantly contribute to enhanced cloud security.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

USENIX Security ’23 – Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness

Security Boulevard

Authors/Presenters:Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, Xinyu Xing Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Risk 105
article thumbnail

New ShrinkLocker ransomware uses BitLocker to encrypt your files

Bleeping Computer

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [.

article thumbnail

Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies

The Hacker News

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.

article thumbnail

Cencora data breach exposes US patient info from 8 drug companies

Bleeping Computer

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack

The Hacker News

Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor. The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.

Software 106
article thumbnail

Overcoming Survivorship Bias in Cybersecurity

SecureWorld News

During World War II, statistician Abraham Wald provided a counterintuitive recommendation for reducing bomber losses. He suggested reinforcing sections of aircraft that showed no damage after missions. His rationale was clear: damage on returning bombers indicated where an aircraft could sustain hits and still survive. Thus, undamaged areas represented critical vulnerabilities; bombers hit in these sections likely never returned.

article thumbnail

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

The Hacker News

Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.

CISO 99
article thumbnail

Courtroom Recording Software Compromised in Supply Chain Attack

Security Boulevard

Threat actors compromised a popular audio-visual software package used in courtrooms, prisons, government, and lecture rooms around the world by injecting a loader malware that gives the hackers remote access to infected systems, collecting data about the host computer and downloading more malicious payloads along the way. The software supply chain attack targeted Justice AV.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.