Tue.Feb 06, 2024

article thumbnail

Documents about the NSA’s Banning of Furby Toys in the 1990s

Schneier on Security

Via a FOIA request, we have documents from the NSA about their banning of Furby toys.

281
281
article thumbnail

Spear Phishing vs Phishing: What Are The Main Differences?

Tech Republic Security

There are a few differences between spear phishing and phishing that can help you identify and protect your organization from threats. Learn about these differences.

Phishing 205
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google fixed an Android critical remote code execution flaw

Security Affairs

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14. “Source code patches for these issues have been released to the Android Op

Hacking 142
article thumbnail

Top 7 Cyber Threat Hunting Tools for 2024

Tech Republic Security

Here are the top cyber threat hunting tools that can enhance your organization's cybersecurity defenses. Learn how their features compare.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk

Security Boulevard

By aligning priorities into a shared game plan, HR and IT can finally set their organizations up to defend against modern cyberthreats. The post Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk appeared first on Security Boulevard.

Risk 130
article thumbnail

Securden Password Vault Review 2024: Security, Pricing, Pros & Cons

Tech Republic Security

Securden Password Vault’s reporting and auditing features make it a good option for IT supervisors tasked to secure and manage multiple accounts and passwords.

Passwords 127

More Trending

article thumbnail

Report Surfaces Extent of SaaS Application Insecurity

Security Boulevard

A Wing Security survey found nearly all respondents experienced a security incident involving at least one SaaS application. The post Report Surfaces Extent of SaaS Application Insecurity appeared first on Security Boulevard.

article thumbnail

Ski & bike helmets protect your head, not location or voice

Pen Test Partners

TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a trusted journalist to escalate at Livall Backstory Some of us at PTP are keen skiers, and all of us are into IoT and connected devices.

IoT 128
article thumbnail

AI and Payments: Exploring Pitfalls and Potential Security Risks

PCI perspectives

With the rapid rise in popularity of AI services like ChatGPT, Dall-E, and GitHub Copilot, many people are looking at ways they can leverage the new abilities of these systems to improve their existing businesses.

Risk 123
article thumbnail

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The effects of the attack were limited because of the network segmentation implemented in the government infrastructure. “The Ministry of Defence (MOD

Malware 135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CISA warns of a patched Chrome flaw now exploited in attacks

Penetration Testing

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited security vulnerability in the widely used Google Chrome web browser. Tracked as CVE-2023-4762, this high-severity flaw poses a significant... The post CISA warns of a patched Chrome flaw now exploited in attacks appeared first on Penetration Testing.

article thumbnail

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. The latest report published by Google Threat Analysis Group (TAG), titled “ Buying Spying, an in-depth report with our insights into Commercial Surveillance Vendors (CSVs )”, warns of the rise of commercial spyware vendors and the risks to free speech, the free press, and the open internet.

Spyware 133
article thumbnail

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

Trend Micro

In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.

Risk 108
article thumbnail

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison. Aliaksandr Klimenka, a Belarusian and Cypriot national linked with the now-defunct cryptocurrency exchange BTC-e, is facing charges with money laundering conspiracy and operation of an unlicensed money services business. “An indictment was unsealed on Tuesday charging a Belarusian and Cypriot national with money laundering conspiracy and ope

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Cloudflare source code breach: Lessons learned

Security Boulevard

The high-profile web hosting company Cloudflare said last week that a sophisticated attacker gained access to code repositories used by the company, and made off with sensitive internal code. This was just the latest such attack targeting the firm. The post The Cloudflare source code breach: Lessons learned appeared first on Security Boulevard.

111
111
article thumbnail

What Is a Host-Based Firewall? Definition & When to Use

eSecurity Planet

A host-based firewall is installed directly on individual networked devices to filter network traffic on a single device by inspecting both incoming and outgoing data. Larger enterprises use this to manage the spread of malware throughout a network in the event that one device is infected. Its goal is to establish a uniform security posture throughout the network and improve endpoint security by creating a protective barrier at the individual computer level.

Firewall 109
article thumbnail

Chinese hackers infect Dutch military network with malware

Bleeping Computer

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands. [.

Malware 107
article thumbnail

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

Security Affairs

The U.S. government imposes visa restrictions on individuals who are involved in the illegal use of commercial spyware. The U.S. State Department announced it is implementing a new policy to impose visa restrictions on individuals involved in the misuse of commercial spyware. The policy underscores the U.S. government’s commitment to addressing the misuse of surveillance software, which poses a significant threat to society. “The misuse of commercial spyware threatens privacy and fre

Spyware 125
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

The Hacker News

Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD) said in a statement.

111
111
article thumbnail

One Click, System Exposed: cpio Vulnerability (CVE-2023-7216) Threatens Unix Security

Penetration Testing

Primarily found on Unix-like operating systems, the `cpio` command-line utility weaves a fundamental thread, enabling users to package and unpackage files within archive files. Esteemed for its versatility and support for multiple archive formats,... The post One Click, System Exposed: cpio Vulnerability (CVE-2023-7216) Threatens Unix Security appeared first on Penetration Testing.

article thumbnail

Known ransomware attacks up 68% in 2023

Malwarebytes

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

article thumbnail

Left to their own devices: Security for employees using personal devices for work

We Live Security

A cavalier approach to bring-your-own-device security won’t cut it as personal devices within corporate networks make for a potentially combustible mix.

110
110
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

A Deepfake Scammed a Bank out of $25M — Now What?

Trend Micro

A finance worker in Hong Kong was tricked by a deepfake video conference. The future of defending against deepfakes is as much as human challenge as a technological one.

Banking 99
article thumbnail

Verizon insider data breach hits over 63,000 employees

Bleeping Computer

Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. [.

article thumbnail

Cyberattacks Deal Heavy Financial Blows to Clorox, Johnson Controls

SecureWorld News

New regulatory filings have exposed the skyrocketing costs of major cyber incidents, as big brands Clorox and Johnson Controls admitted collectively suffering more than $75 million in attack-related expenditures last year. Cleaning giant Clorox was struck by an unspecified cyber event discovered in August 2023. The incident disrupted operations so severely that the company reverted to manual ordering and processing as a containment measure—a response indicating ransomware, experts say.

article thumbnail

JetBrains warns of new TeamCity auth bypass vulnerability

Bleeping Computer

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

The Hacker News

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News.

article thumbnail

JS-Tap: generic JavaScript payload and supporting software to help red teamers attack webapps

Penetration Testing

JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation implant. The payload does... The post JS-Tap: generic JavaScript payload and supporting software to help red teamers attack webapps appeared first on Penetration Testing.

article thumbnail

Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers

The Hacker News

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data.

Retail 99
article thumbnail

A Guide to Effective Cloud Privileged Access Management

Heimadal Security

Over the last decade, the cloud has gone from being a radical, disruptive new technology to becoming the default setting for organizations of all shapes and sizes. The days of enterprises and heavily regulated companies citing security as the main barrier to cloud adoption are over. So have all the cloud security challenges been solved? […] The post A Guide to Effective Cloud Privileged Access Management appeared first on Heimdal Security Blog.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.