Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers.

Software 352

Software Engineering Internet Internet 352

Krebs on Security

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense , whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

CISO 289

CISO Encryption Telecommunications Financial Services 289

Tech Republic Security

APRIL 11, 2024

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Password Management 174

Password Management Passwords Information Security 174

WIRED Threat Level

APRIL 11, 2024

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Identity Theft 145

Identity Theft VPN 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

APRIL 11, 2024

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel.

Malware 144

Malware Cybersecurity 144

Malwarebytes

APRIL 11, 2024

AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of over 70 million people was posted for sale on an online cybercrime forum.

Data breaches 142

Data breaches Cybercrime Encryption Internet 142

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

Firewall 141

Firewall Software Engineering Authentication 141

The Hacker News

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company.

Risk 142

Risk Cybersecurity 142

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products.

Malware 141

Malware DNS Software Mobile 141

The Hacker News

APRIL 11, 2024

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI.

Passwords 140

Passwords 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 11, 2024

Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others.

Data breaches 139

Data breaches Healthcare Cyber Attacks Software 139

Malwarebytes

APRIL 11, 2024

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it’s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus.

Spyware 139

Spyware Government Mobile Password Management 139

Security Affairs

APRIL 11, 2024

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries where users were targeted by the attacks. According to a threat notification email sent to targeted users, the IT giant detected attempts to “remotely compromise the iPhone.” The company did not attribute the targeted atta

Spyware 137

Spyware Mobile Hacking Government 137

Bleeping Computer

APRIL 11, 2024

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. [.

Phishing 132

Phishing 132

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

APRIL 11, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability The flaw CVE-202

DNS 137

DNS Authentication Hacking Cybersecurity 137

Anton on Security

APRIL 11, 2024

Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t touch on responsible AI and AI ethics because frankly there are many (and I mean … MANY!

Artificial Intelligence 130

Artificial Intelligence Government Risk Technology 130

Security Boulevard

APRIL 11, 2024

Russian state-sponsored hackers who broke into Microsoft’s corporate email accounts during the monthslong hack stole email messages between the enterprise software giant and a number of U.S. federal agencies, adding to an ongoing series of revelations about the attack. The Midnight Blizzard group is using information taken from the corporate email systems, such as authentication.

Authentication 128

Authentication Accountability Hacking Software 128

Bleeping Computer

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [.

Malware 126

Malware Cybersecurity Government 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

APRIL 11, 2024

The Google Chronicle cybersecurity platform extensions are based on the Gemini LLM with the addition of cybersecurity data. The post Google Extends Generative AI Reach Deeper into Security appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity 128

Malwarebytes

APRIL 11, 2024

The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild. Let’s first have a look at the two zero-days.

Media 124

Media Internet Internet Software 124

Bleeping Computer

APRIL 11, 2024

Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device.

Spyware 124

Spyware Mobile 124

Graham Cluley

APRIL 11, 2024

Learn more about the DragonForce ransomware - how it came to prominence, and some of the unusual tactics used by the hackers who extort money from companies with it. Read more in my article on the Tripwire State of Security blog.

Ransomware 123

Ransomware Data breaches Malware 123

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

APRIL 11, 2024

Simbian TrustedLLM promises to automate complex cybersecurity tasks by continuously learning about IT environments. The post Simbian Unveils Generative AI Platform to Automate Cybersecurity Tasks appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity 123

Penetration Testing

APRIL 11, 2024

Security researchers are sounding the alarm about a dangerous new critical vulnerability uncovered within the popular open-source video platform, AVideo. This vulnerability, designated as CVE-2024-31819, lies within the platform’s WWBNIndex plugin and has the... The post CVE-2024-31819: Critical Flaw in Popular Video Platform AVideo Could Allow Full System Takeover appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing 120

Security Boulevard

APRIL 11, 2024

Season 3, Episode 5: Cyber Insurance may not be the sexiest topic, but it’s an important piece of any mature cyber program. We chatted with a lawyer and a VC who share their perspective. The post Cyber Insurance: Sexy? No. Important? Critically yes. appeared first on Security Boulevard.

Cyber Insurance 122

Cyber Insurance Insurance 122

Bleeping Computer

APRIL 11, 2024

DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [.

VPN 119

VPN Identity Theft Software 119

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

APRIL 11, 2024

Industry experts remain cautiously optimistic about future funding trends, emphasizing investor interest in emerging technologies including blockchain and AI security. The post Cybersecurity Market Faces Funding Downturn in Q1 2024 appeared first on Security Boulevard.

Marketing 121

Marketing Cybersecurity Technology Security Awareness 121

GlobalSign

APRIL 11, 2024

This blog navigates new standards for cybersecurity in the age of remote and hybrid working, including evolving challenges, practices, and solutions.

Cybersecurity 119

Cybersecurity 119

Bleeping Computer

APRIL 11, 2024

An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. [.

119

119

The Hacker News

APRIL 11, 2024

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI.

Passwords 118

Passwords 118

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity