Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Cybercrime 194

Cybercrime Phishing Accountability Internet 194

Troy Hunt

DECEMBER 3, 2024

Today, we're happy to welcome the 37th government to have full and free access to domain searches of their gov domains in Have I Been Pwned , Armenia. Armenia's National Computer Incident Response Team AM-CERT now joins three dozen other national counterparts in gaining visibility into how data breaches impact their national interests. As we expand the reach of governments and organisations into HIBP, we hope to give defenders better insights into the impact of data breaches on their p

Government 155

Government Data breaches 155

Anton on Security

DECEMBER 3, 2024

[link] A few weeks ago, our podcast turned 200 ! In this case, we are talking about episodes, not years. We (that is, Tim Peacock and myself) definitely feel like we have to say something humorous, pithy, and uniquely insightful about this! Contrary to our previous commemorative blogs , we decided to focus on our favorite episodes. We’ve always published the top rankings and tops by category , and you can see our most popular episodes below, but we also wanted to cover our informal favorites.

Cloud Migration 130

Cloud Migration Threat Detection 130

The Last Watchdog

DECEMBER 3, 2024

Tel Aviv, Israel, Dec. 3, 2024, CyberNewswire — With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time.

CISO 130

CISO Threat Detection Media Technology 130

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

DECEMBER 3, 2024

Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News.

Backups 127

Backups Software Cybersecurity 127

The Last Watchdog

DECEMBER 3, 2024

In the modern world of software development, code quality is becoming a critical factor that determines a project success. Errors in code can entail severe consequences. Related: The convergence of network, application security For example, vulnerabilities in banking applications can lead to financial data leaks, and errors in medical systems can threaten the health of patients.

Software 100

Software Risk Education Cyber Attacks 100

WIRED Threat Level

DECEMBER 3, 2024

When programmer Micah Lee was kicked off X for a post that offended Elon Musk, he didn't look back. His new tool for saving and deleting your X posts can give you that same sweet release.

Media 115

Media 115

The Hacker News

DECEMBER 3, 2024

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.

Antivirus 115

Antivirus Phishing Software Cybersecurity 115

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering 120

Social Engineering Engineering Phishing Cybersecurity 120

WIRED Threat Level

DECEMBER 3, 2024

At WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech.

Encryption 97

Encryption 97

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

DECEMBER 3, 2024

One of the most alarming methods of attack involves intercepting email attachments during transit, resulting in the theft of personally identifiable information (PII) and other sensitive data. The post Defending Against Email Attachment Scams appeared first on Security Boulevard.

Scams 99

Scams Security Awareness Cybersecurity 99

WIRED Threat Level

DECEMBER 3, 2024

A new proposal by the Consumer Financial Protection Bureau would use a 54-year-old privacy law to impose new oversight of the data broker industry. But first, the agency must survive Elon Musk.

98

98

Security Boulevard

DECEMBER 3, 2024

Trust is not a one-way street. Employees who trust their organization and leadership are one lane, but the organization must trust its employees, too. The post Are We Too Trusting of Employees? appeared first on Security Boulevard.

Security Awareness 96

Security Awareness Cybersecurity 96

Security Affairs

DECEMBER 3, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 ProjectSend Improper Authentication Vulnerabil

Firewall 92

Firewall Authentication Accountability Firmware 92

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Malwarebytes

DECEMBER 3, 2024

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up introduces an extra link in the chain in the flow of personally identifiable information (PII) from the customer to the company

Identity Theft 89

Identity Theft Education Risk Phishing 89

Tech Republic Security

DECEMBER 3, 2024

Uncover the pros, cons, and everything in between in our in-depth TorGuard VPN review. Explore its features, security, performance, and pricing.

VPN 87

VPN Security Performance 87

Malwarebytes

DECEMBER 3, 2024

Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads to lure victims in, getting them on the phone and finally fleecing them.

Scams 88

Scams Advertising Accountability Engineering 88

The Hacker News

DECEMBER 3, 2024

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.

Software 85

Software 85

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

DECEMBER 3, 2024

A sophisticated supply chain attack has been identified within the widely-used @solana/web3.js JavaScript library, potentially jeopardizing the security of numerous developers and users within the Solana ecosystem. Malicious code was injected... The post Solana Web3.js Library Compromised in Targeted Supply Chain Attack appeared first on Cybersecurity News.

Cybersecurity 85

Cybersecurity Malware 85

Zero Day

DECEMBER 3, 2024

The company is threatening to add a watermark to the desktop of any unsupported PC running Windows 11.

112

112

The Hacker News

DECEMBER 3, 2024

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.

83

83

Zero Day

DECEMBER 3, 2024

Now you can easily migrate from X with this powerful tool that deletes tweets, likes, and DMs, while backing up your data for a fresh start elsewhere.

124

124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

DECEMBER 3, 2024

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said.

Phishing 82

Phishing Cybersecurity 82

Penetration Testing

DECEMBER 3, 2024

Google has released a security update for its Chrome web browser to mitigate a high-severity “type confusion” vulnerability (CVE-2024-12053) residing within the V8 JavaScript engine. This vulnerability has the potential... The post Google Chrome Addresses High-Severity Flaw in V8 JavaScript Engine (CVE-2024-12053) appeared first on Cybersecurity News.

Engineering 80

Engineering Cybersecurity 80

The Hacker News

DECEMBER 3, 2024

Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.

VPN 80

VPN Cybersecurity 80

Security Boulevard

DECEMBER 3, 2024

Building a third-party risk management framework (TPRM) is an ongoing process that requires commitment, resources and continuous improvement. The post A Strategic Approach to Building a Comprehensive Third-Party Risk Framework appeared first on Security Boulevard.

Risk 77

Risk Data privacy Cybersecurity 77

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

DECEMBER 3, 2024

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.

77

77

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski. News of the arrest of Piotr Pogonowski was first reported by the Financial Times.

Spyware 70

Spyware Government Surveillance Hacking 70

Zero Day

DECEMBER 3, 2024

It might be one of those 'too good to be true' offers for most people, but the right customer can realize the one-cent iPhone dream with this Boost Mobile promo.

Mobile 105

Mobile 105

Security Affairs

DECEMBER 3, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million year-to-date.

Ransomware 69

Ransomware Encryption Technology Cybersecurity 69

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software