Thu.May 02, 2024

article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec

Passwords 315
article thumbnail

Weekly Update 398

Troy Hunt

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.

Passwords 256
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

4 IoT Trends U.K. Businesses Should Watch in 2024

Tech Republic Security

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT 183
article thumbnail

RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities

The Last Watchdog

It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users. Related: LLM risk mitigation strategies Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users. LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb.

Internet 147
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024

Penetration Testing

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.

article thumbnail

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

The Hacker News

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.

145
145

More Trending

article thumbnail

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

The Hacker News

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.

144
144
article thumbnail

CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders

Penetration Testing

Security researcher Florian Port at Insinuator recently uncovered a critical flaw in Jitsi Meet, the popular open-source video conferencing platform. The vulnerability (CVE-2024-33530) allows unauthorized individuals to gain the meeting password, potentially bypassing security... The post CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders appeared first on Penetration Testing.

Passwords 143
article thumbnail

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

The Hacker News

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S.

article thumbnail

Duo Continues to Enhance Partnership With Microsoft on New Entra ID External Authentication Methods

Duo's Security Blog

If you’ve been wondering what the plan for Microsoft Custom Controls is, wait no more! We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Google Announces Passkeys Adopted by Over 400 Million Accounts

The Hacker News

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.

article thumbnail

Threat actors hacked the Dropbox Sign production environment

Security Affairs

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data. Dropbox Sign is a service that allows users to electronically sign and request signatures on documents.

Hacking 139
article thumbnail

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

Malwarebytes

On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely sensitive and confidential information about some of the most vulnerable people.

Hacking 138
article thumbnail

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

Security Affairs

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. The four vulnerabilities are unauthenticated buffer overflow issues that could be exploited to remotely execute arbitrary code.

Mobile 137
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Compromised Routers: Tool of Choice for Crime & Espionage

Penetration Testing

A new report by TrendMicro lifts the veil on the shadowy world of router exploitation. Those unassuming internet gateways, often overlooked in cybersecurity discussions, have become a prime battleground where criminals and nation-state hackers... The post Compromised Routers: Tool of Choice for Crime & Espionage appeared first on Penetration Testing.

article thumbnail

Dropbox Hacked: eSignature Service Breached

Security Boulevard

Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product. The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.

Hacking 135
article thumbnail

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset.

Passwords 135
article thumbnail

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

The Hacker News

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.

133
133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities. The Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.

article thumbnail

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

The Hacker News

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims.

article thumbnail

News alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platform

The Last Watchdog

Tel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board.

Marketing 130
article thumbnail

When is One Vulnerability Scanner Not Enough?

The Hacker News

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space.

Antivirus 131
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity?

Security Boulevard

50,000 security practitioners are about to attend RSA 2024. Here’s what one expert anticipates for this year’s show. The post What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity? appeared first on Security Boulevard.

article thumbnail

Adding insult to injury: crypto recovery scams

We Live Security

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Scams 121
article thumbnail

RSAC 2024 Innovation Sandbox | Aembit: An IAM Platform for Cloud Workloads

Security Boulevard

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Today let’s get to know the company Amebit. Company Introduction Aembit was established in 2021 and is headquartered in Washington, USA. The company is dedicated to […] The post RSAC 2024 Innovation Sandbox | Aembit: An IAM Platform for Cloud Workloads appeared first on NSFOCUS, Inc., a global network and cyb

article thumbnail

Bitwarden launches new MFA Authenticator app for iOS, Android

Bleeping Computer

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets

Security Boulevard

Chris Clements, VP of Solutions Architecture at CISO Global “Hey Alexa, are you stealing my company’s data?” In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to […] The post The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets appeared first on CISO Global.

article thumbnail

Dropbox Sign customer data accessed in breach

Malwarebytes

Dropbox is reporting a recent “security incident” in which an attacker gained unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to digitally sign, edit, and track documents.

Passwords 114
article thumbnail

Elliptic Shows How an AI Model Can Identify Bitcoin Laundering

Security Boulevard

Cryptocurrency for several years has been pointed to as a key enabler of ransomware groups, allowing their ransoms to be paid in Bitcoin or Ethereum or some other virtual tokens that are difficult to trace, can be hidden and laundered through such means as crypo mixers, can move easily across borders, and allow bad actors. The post Elliptic Shows How an AI Model Can Identify Bitcoin Laundering appeared first on Security Boulevard.

article thumbnail

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. This picture comes from an analysis of specific statistics and by reading between the lines in reports from 1Password, Cisco, CrowdStrike, Flashpoint, Google Threat Ana

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.