Tue.Sep 24, 2024

article thumbnail

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

article thumbnail

Microsoft Initiative the ‘Largest Cybersecurity Engineering Effort in History’

Tech Republic Security

The Secure Future Initiative was created around the same time the U.S. Cyber Safety Review Board chided Redmond for having a poor security culture.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

The Hacker News

Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions.

Banking 140
article thumbnail

2024 Exposed: The Alarming State of Australian Data Breaches

Tech Republic Security

Implementing multi-factor authentication, supplier risk-management frameworks, and staff security training could help to reduce data breaches.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Did Israel infiltrate Lebanese telecoms networks?

Security Affairs

Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas in the country, likely due to an imminent full-scale strike. Following these warnings, massive bombings in southern and eastern Lebanon killed over 270 people.

Hacking 139
article thumbnail

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

The Hacker News

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include - Wuta Camera - Nice Shot Always (com.benqu.

Malware 139

More Trending

article thumbnail

Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide

WIRED Threat Level

The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.

Media 134
article thumbnail

A cyberattack on MoneyGram caused its service outage

Security Affairs

American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to a number of our systems.

Hacking 135
article thumbnail

U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

The Hacker News

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia.

Software 133
article thumbnail

Web tracking report: who monitored users’ online activities in 2023–2024 the most

SecureList

Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article, we’re going to explore various types of web trackers and present a detailed annual report that dissects their geographical distribution and organizational affiliations.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns

The Hacker News

Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. "Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," the company said in a post announcing the move on September 21.

Software 132
article thumbnail

Time to engage: How parents can help keep their children safe on Snapchat

We Live Security

Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app

122
122
article thumbnail

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.

article thumbnail

Microsoft Pushes Governance, Sheds Unused Apps in Security Push

Security Boulevard

Microsoft outlined steps it's taken over the past year under its Security Future Initiative, which was launched late last year in the wake of a high-profile attack by Chinese attackers and only months before another serious breach by a Russia-link threat group. The post Microsoft Pushes Governance, Sheds Unused Apps in Security Push appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The SSPM Justification Kit

The Hacker News

SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches.

123
123
article thumbnail

Congressional Staffers’ Data Leaked on Dark Web: Report

Security Boulevard

The personal information of almost 3,200 Capitol Hill staffers, including passwords and IP addresses, were leaked on the dark web by an unidentified bad actor after some victims used their work email addresses to sign up for online services, according to reports. The post Congressional Staffers’ Data Leaked on Dark Web: Report appeared first on Security Boulevard.

Passwords 121
article thumbnail

Warnings after new Valencia ransomware group strikes businesses and leaks data

Graham Cluley

A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world. In recent days Valencia Ransomware has posted on its dark web leak site's so-called "Wall of shame" links to gigabytes of downloadable information that has seemingly been exfiltrated from a Californian municipality, a pharmaceutical firm, and a paper manufacturer.

article thumbnail

Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

The Hacker News

Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Two men arrested one month after $230 million of cryptocurrency stolen from a single victim

Graham Cluley

Two men have been arrested by the FBI and charged in relation to their alleged involvement in a scam which saw almost a quarter of a billion dollars worth of cryptocurrency stolen from a single victim. Two men arrested one month after $230 million of cryptocurrency stolen from a single victim. The men were allegedly less than careful hiding their behaviour - spending $500,000 a night in nightclubs, buying hundreds of bottles of champagne, gifting designer handbags (and even a pink Lamborgini) to

article thumbnail

Google & Arm - Raising The Bar on GPU Security

Google Security

Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team; Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - Arm Product Security Team Who cares about GPUs? You, me, and the entire ecosystem! GPUs (graphics processing units) are critical in delivering rich visual experiences on mobile devices. However, the GPU software and firmware stack has become a way for attackers to gain permissions and entitlements (privilege escalation) to Android-based devices.

Firmware 103
article thumbnail

Automating Certificate Lifecycle Management in Windows OS with AppViewX AVX ONE CLM

Security Boulevard

It is a common experience that automating certificate lifecycle management (CLM) in a Windows OS environment comes with several challenges. These challenges arise from the complexity of the Windows ecosystem, security considerations, integration issues, and the need for scalability. Windows OS has multiple certificate stores (Local Machine, User, and Service-specific stores).

102
102
article thumbnail

iOS 18 bug complaints abound online - here are the top glitches reported

Zero Day

Show-stopping iOS 18 bugs, so far, have been thankfully rare. Here's what to do if you encounter one of these minor annoyances.

98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CrowdStrike Gets Grilled By U.S. Lawmakers Over Faulty Software Update

Security Boulevard

In what has become an annual ritual between Silicon Valley and the Beltway, a House subcommittee pressed a tech company over a glitch. And the company promised to do better. During a hearing Tuesday, federal lawmakers reacted with measured outrage at CrowdStrike Inc.’s software outage that wreaked havoc with key sectors of the global digital. The post CrowdStrike Gets Grilled By U.S.

Software 100
article thumbnail

Google Workspace users just got a big AI freebie - Gemini

Zero Day

Business, Enterprise, and Frontline users will get access to Gemini for work with security protections at no extra cost. Here's how.

98
article thumbnail

RansomHub’s EDR-Killer: How Zerologon and EDRKillShifter Exploit Networks Without Detection

Penetration Testing

In a recently uncovered report by Trend Micro, the notorious RansomHub ransomware group has been found to leverage a powerful new tool, EDRKillShifter, to disable endpoint detection and response (EDR)... The post RansomHub’s EDR-Killer: How Zerologon and EDRKillShifter Exploit Networks Without Detection appeared first on Cybersecurity News.

article thumbnail

I replaced my Bose with the Nothing Open - now I only want to run with them on

Zero Day

The $149 Nothing Open earbuds have quickly become my favorite for exercise, thanks to their lightweight fit and great sound.

98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Layered Protection for RADIUS With Cisco

Cisco Security

Learn how Cisco’s unique integrations protect RADIUS authentications when connecting to the network. Learn how Cisco’s unique integrations protect RADIUS authentications when connecting to the network.

article thumbnail

I tested the iPhone 16 and iPhone 16 Plus - and they left me with no Pro-model envy at all

Zero Day

Adding more utility, better cameras, and color may just be enough to cover the standard iPhone 16's shortcomings.

98
article thumbnail

What you need to know: The biggest cyber threats in 2024

Webroot

In today’s world, both small businesses and everyday consumers face a growing number of cyber threats. From ransomware attacks to phishing scams, hackers are becoming more sophisticated. OpenText’s 2024 Threat Hunter Perspective sheds light on what’s coming next and how to protect yourself. Whether you’re running a small business or managing personal data at home, here’s what you need to know.

article thumbnail

The 2-in-1 laptop I recommend for the office is not a Dell or a Lenovo ThinkPad

Zero Day

HP's EliteBook x360 1040 is a professional laptop/tablet combo with a feature set that enables one of the best video call environments for a work laptop.

98
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.