Thu.Oct 05, 2023

article thumbnail

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.

article thumbnail

Microsoft Redesigns OneDrive for Business Layout

Tech Republic Security

Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Operation Jacana: Foundling hobbits in Guyana

We Live Security

ESET researchers uncover a cyberespionage campaign that they called Operation Jacana and that targeted a governmental entity in Guyana.

145
145
article thumbnail

NATO is investigating a new cyber attack claimed by the SiegedSec group

Security Affairs

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politically motivated threat actor called SiegedSec has breached its systems and leaked unclassified documents online. “NATO cyber experts are actively addressing incidents affecting some unclassified NATO websites,” reads a statement issued by s NATO official to media outlets.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries

The Hacker News

A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims' funds and backdoor infected devices. "The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications," Group-IB said.

Banking 132
article thumbnail

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

TechCrunch reported that a working zero-day exploit for the popular WhatsApp can be paid millions of dollars. The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the developers of the mobile OSs and the app. TechCrunch reported that a zero-day exploits for popular applications like WhatsApp “are now worth millions of dollars” TechCrunch obtained leaked documents that demonstrate that, as of 202

Mobile 142

More Trending

article thumbnail

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

Security Affairs

Belgian intelligence agency State Security Service (VSSE) fears that Chinese giant Alibaba is spying on logistics to gather financial intelligence. The Belgian intelligence service VSSE revealed that is investigating potential cyber espionage activities carried out by Chinese firms, including the Alibaba Group Holding, at a cargo airport in Liege. According to the Financial Times , Alibaba has located its main European logistics centre at Liege Airport and the VSSE was working to “detect a

article thumbnail

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

The Hacker News

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.

article thumbnail

Global CRM Provider Exposed Millions of Clients’ Files Online

Security Affairs

Researcher discovered that global B2B CRM provider Really Simple Systems exposed online a non-password-protected database with million records. Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customer’s stored CRM files.

article thumbnail

NSA and CISA reveal top 10 cybersecurity misconfigurations

Bleeping Computer

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. [.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793 (CVSS score: 9.8) and Windows bug CVE-2023-28229 (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog. Below are the descriptions of the two vulnerabilities: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability.

article thumbnail

Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid

Dark Reading

A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.

article thumbnail

Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024

Bleeping Computer

Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024. [.

article thumbnail

Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities

The Hacker News

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.

Firmware 116
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft officially removes Cortana for Windows 11 Insiders

Bleeping Computer

Microsoft finally removed the Cortana standalone app from Windows 11 in the latest preview build for Insiders in the Canary Channel. [.

116
116
article thumbnail

Legions of Critical Infrastructure Devices Subject to Cyber Targeting

Dark Reading

Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.

Internet 114
article thumbnail

Exploits released for Linux flaw giving root on major distros

Bleeping Computer

Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. [.

114
114
article thumbnail

News alert: Massachusetts pumps $1.1 million into state college cybersecurity training programs

The Last Watchdog

Worcester, Mass., Oct. 5, 2023 – Today, the Healey-Driscoll Administration kicked off Cybersecurity Month in Massachusetts with the announcement of $1,136,911 in funding to develop a new cybersecurity training center at MassBay Community College and support the existing center at Bridgewater State University. The grants are part of the state’s SOC/Range Initiative, a program managed by MassTech’s MassCyberCenter that aims to help build a diverse generation of cybersecurity professionals thro

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Could Cybersecurity Breaches Become Harmless in the Future?

Dark Reading

With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.

article thumbnail

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks

The Hacker News

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT.

Phishing 111
article thumbnail

Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit

Dark Reading

Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.

107
107
article thumbnail

Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack

The Hacker News

A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called DinodasRAT.

Phishing 108
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Arm, Qualcomm Patch Multiple Zero-Days Reported by Google

SecureWorld News

In a recent revelation, both Arm and Qualcomm, two leading semiconductor manufacturers, have fallen victim to a series of highly sophisticated and targeted Zero-Day attacks. These attacks have not only exposed a significant breach of security but also pose a grave threat to the data and privacy of millions of users worldwide. Zero-Day vulnerabilities refer to previously unknown security flaws that are exploited by attackers before the affected company has a chance to develop and release a softwa

article thumbnail

'Operation Jacana' Reveals DinodasRAT Custom Backdoor

Dark Reading

The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.

article thumbnail

Smashing Security podcast #342: Royal family attacked, keyless car theft, and a deepfake Tom Hanks

Graham Cluley

Is a deepfake Tom Hanks better than the real thing? Who has been attacking the British Royal Family’s website, and why? And how can you protect your vehicle from the spate of keyless car thefts? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

CISO 103
article thumbnail

Apple Releases Emergency Update to Patch iOS Zero-Days

SecureWorld News

In today's digital age, where smartphones have become an indispensable part of our lives, it is no surprise that they have also become prime targets for malicious attackers. Among all the mobile platforms, Apple's iOS stands out as a significant focus for these hackers. Apple recently issued an emergency security update in response to actively exploited iOS Zero-Day vulnerabilities (CVE-2023-42824 and CVE-2023-5217).

Spyware 102
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Electric Power System Cybersecurity Vulnerabilities

Trend Micro

Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.

article thumbnail

Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack

Dark Reading

The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.

Spyware 101
article thumbnail

News alert: Kovrr report reveals exposure and cost of material cyber threats — across industries

The Last Watchdog

Tel Aviv, Israel, Oct. 5, 2023 — Kovrr , the leading global provider of cyber risk quantification (CRQ) solutions, announces the release of its new Fortune 1000 Cyber Risk Report, shedding light on the complex and ever-evolving cyber risk landscape across various industry sectors and the respective financial repercussions companies may consequently face. “This financial awareness is especially crucial when searching for potentially material incidents and justifying cybersecurity in

article thumbnail

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

Having helped build out many SecureWorld conferences, I have come to realize—likely to no one's surprise—that the best cybersecurity leaders indeed have some technical prowess, but it is their soft skills that make them exceptional leaders. The CISOs, BISOs, VPs of security architecture, CSOs, directors of information security, directors of governance, risk and compliance, deputy CISOs, and chief risk officers who provide thought leadership on SecureWorld agendas all have a few things in common:

CISO 99
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.