Tue.Jul 30, 2024

article thumbnail

Providing Security Updates to Automobile Software

Schneier on Security

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. That might not cut it in the auto world, where the average age of cars on US roads is only going up.

Software 298
article thumbnail

Google Workspace Authentication Vulnerability Allowed Thousands of Emails to be Compromised

Tech Republic Security

Hackers managed to compromise “a few thousand” Google Workspace accounts by circumventing the verification process.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990)

Penetration Testing

Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990, CVE-2024-7255, and CVE-2024-7256, could potentially allow attackers to... The post Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990) appeared first on Cybersecurity News.

article thumbnail

Ransomware Attacks Are Attracting Record Payouts in Australia. Should You Pay the Ransom?

Tech Republic Security

Ransomware attacks are attracting record payouts in Australia. Learn whether paying the ransom is viable, about legal implications and about alternative strategies.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft 365 and Azure outage takes down multiple services

Bleeping Computer

Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. [.

145
145
article thumbnail

IPVanish vs NordVPN (2024): Which VPN Is Better?

Tech Republic Security

NordVPN’s useful security features, fast speeds and larger server network gives it a significant advantage over IPVanish’s decent VPN experience.

VPN 149

More Trending

article thumbnail

Threat actor impersonates Google via fake ad for Authenticator

Malwarebytes

We have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself.

article thumbnail

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection

The Hacker News

Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant.

article thumbnail

Google Workspace Authentication Vulnerability Allowed Thousands of Accounts to be Exposed

Tech Republic Security

Hackers managed to expose “a few thousand” accounts by circumventing the verification process on Google Workspace.

article thumbnail

New Mandrake Spyware Found in Google Play Store Apps After Two Years

The Hacker News

A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up.

Spyware 140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Phishing targeting Polish SMBs continues via ModiLoader

We Live Security

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Phishing 139
article thumbnail

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The Hacker News

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.

article thumbnail

A Senate Bill Would Radically Improve Voting Machine Security

WIRED Threat Level

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

article thumbnail

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 (CVSS score of 6.8), to its Known Exploited Vulnerabilities (KEV) catalog.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

The Hacker News

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET.

Malware 136
article thumbnail

Dark Angels ransomware receives record-breaking $75 million ransom

Bleeping Computer

A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. [.

article thumbnail

The Power and Peril of RMM Tools

The Hacker News

As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration. However, like any new technology, RMM tools can also be used maliciously.

article thumbnail

Massive SMS stealer campaign infects Android devices in 113 countries

Bleeping Computer

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. [.

Passwords 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

SideWinder phishing campaign targets maritime facilities in multiple countries

Security Affairs

The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 attacks, the threat actors also targeted departments of Foreign Affairs, Scientific and Defence organisations, Aviation, IT industry, and Le

Phishing 129
article thumbnail

DigiCert mass-revoking TLS certificates due to domain validation bug

Bleeping Computer

DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. [.

124
124
article thumbnail

If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door 

Security Boulevard

Firewalls and VPN appliances are critical gateways. Like all on-prem systems, a vulnerability can lead to a compromise that is used to open the door for attackers. The post If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door appeared first on Security Boulevard.

Firewall 122
article thumbnail

Cyber Threat Intelligence: Illuminating the Deep, Dark Cybercriminal Underground

The Hacker News

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

IBM: Cost of Data Breach on Average Reaches $4.9 Million

Security Boulevard

An IBM analysis of 604 organizations published today finds the average cost of each breach, including lost revenue, has now reached $4.9 million. The post IBM: Cost of Data Breach on Average Reaches $4.9 Million appeared first on Security Boulevard.

article thumbnail

CISA warns of VMware ESXi bug exploited in ransomware attacks

Bleeping Computer

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. [.

article thumbnail

Report: An 18% Increase in Ransomware Attacks Includes $75M Payment

Security Boulevard

A report published today by Zscaler finds an 18% increase in ransomware attacks, including one that involved a record $75 million payment that appears to have been made to the Dark Angels ransomware group. The post Report: An 18% Increase in Ransomware Attacks Includes $75M Payment appeared first on Security Boulevard.

article thumbnail

GUEST ESSAY: CrowdStrike outage fallout — stricter regulations required to achieve resiliency

The Last Watchdog

What does the recent CrowdStrike outage tell us about the state of digital resiliency? Related: CrowdStrike’s consolation backfires On a resiliency scale of one to 10, most enterprises are at about two. This was clear over the weekend when over 4000 flights were grounded, hospitals had to postpone services, and financial systems went down. The only reason the impact was not broader was luck – not everybody runs CrowdStrike, and not all processes have been digitized.

Internet 113
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Proofpoint Platform Exploited to Send Millions of Spoofed Phishing Emails

Security Boulevard

A hacker exploited a misconfiguration in Proofpoint's email protection platform to send millions of spoofed phishing emails from companies like IBM, Nike, and Disney looking to steal money and credit card information from victims. The post Proofpoint Platform Exploited to Send Millions of Spoofed Phishing Emails appeared first on Security Boulevard.

Phishing 107
article thumbnail

Google Chrome adds app-bound encryption to block infostealer malware

Bleeping Computer

Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. [.

article thumbnail

News Alert: Adaptive Shield to showcase new ITDR platform for SaaS at Black Hat USA

The Last Watchdog

Las Vegas, Nev., July 30, 2024, CyberNewsWire — Amid rising breaches including Snowflake, the platform helps security teams proactively detect and respond to identity-centric threats in business-critical SaaS applications. Adaptive Shield , a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments.

article thumbnail

Black Basta ransomware switches to more evasive custom malware

Bleeping Computer

The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.