Schneier on Security

JULY 30, 2024

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. That might not cut it in the auto world, where the average age of cars on US roads is only going up.

Software 276

Software Manufacturing Cybersecurity 276

Tech Republic Security

JULY 30, 2024

Ransomware attacks are attracting record payouts in Australia. Learn whether paying the ransom is viable, about legal implications and about alternative strategies.

Ransomware 156

Ransomware Cybersecurity 156

Penetration Testing

JULY 30, 2024

Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990, CVE-2024-7255, and CVE-2024-7256, could potentially allow attackers to... The post Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990) appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 30, 2024

Hackers managed to compromise “a few thousand” Google Workspace accounts by circumventing the verification process.

Authentication 167

Authentication Accountability 167

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to their systems being compromised.

Phishing 143

Phishing DNS Social Engineering Engineering 143

The Last Watchdog

JULY 30, 2024

What does the recent CrowdStrike outage tell us about the state of digital resiliency? Related: CrowdStrike’s consolation backfires On a resiliency scale of one to 10, most enterprises are at about two. This was clear over the weekend when over 4000 flights were grounded, hospitals had to postpone services, and financial systems went down. The only reason the impact was not broader was luck – not everybody runs CrowdStrike, and not all processes have been digitized.

Internet 113

Internet Internet Government Ransomware 113

Bleeping Computer

JULY 30, 2024

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. [.

Passwords 130

Passwords Malware Mobile 130

Tech Republic Security

JULY 30, 2024

NordVPN’s useful security features, fast speeds and larger server network gives it a significant advantage over IPVanish’s decent VPN experience.

VPN 130

VPN 130

Security Affairs

JULY 30, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 (CVSS score of 6.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Ransomware 130

Ransomware Authentication Hacking Cybersecurity 130

Bleeping Computer

JULY 30, 2024

DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. [.

124

124

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JULY 30, 2024

Las Vegas, Nev., July 30, 2024, CyberNewsWire — Amid rising breaches including Snowflake, the platform helps security teams proactively detect and respond to identity-centric threats in business-critical SaaS applications. Adaptive Shield , a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments.

Threat Detection 100

Threat Detection Accountability InfoSec Technology 100

Security Boulevard

JULY 30, 2024

Firewalls and VPN appliances are critical gateways. Like all on-prem systems, a vulnerability can lead to a compromise that is used to open the door for attackers. The post If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door appeared first on Security Boulevard.

Firewall 122

Firewall VPN Security Awareness Cybersecurity 122

Bleeping Computer

JULY 30, 2024

A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. [.

Ransomware 131

Ransomware 131

We Live Security

JULY 30, 2024

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Phishing 133

Phishing Malware 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JULY 30, 2024

Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant.

Data collection 122

Data collection 122

Bleeping Computer

JULY 30, 2024

Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. [.

145

145

Security Boulevard

JULY 30, 2024

An IBM analysis of 604 organizations published today finds the average cost of each breach, including lost revenue, has now reached $4.9 million. The post IBM: Cost of Data Breach on Average Reaches $4.9 Million appeared first on Security Boulevard.

Data breaches 117

Data breaches Security Awareness Education Cybersecurity 117

Tech Republic Security

JULY 30, 2024

Hackers managed to expose “a few thousand” accounts by circumventing the verification process on Google Workspace.

Accountability 132

Accountability Authentication 132

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 30, 2024

A report published today by Zscaler finds an 18% increase in ransomware attacks, including one that involved a record $75 million payment that appears to have been made to the Dark Angels ransomware group. The post Report: An 18% Increase in Ransomware Attacks Includes $75M Payment appeared first on Security Boulevard.

Ransomware 114

Ransomware Security Awareness Cybersecurity 114

The Hacker News

JULY 30, 2024

A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up.

Spyware 117

Spyware 117

Bleeping Computer

JULY 30, 2024

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. [.

Ransomware 114

Ransomware Authentication 114

The Hacker News

JULY 30, 2024

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.

Cyber Attacks 115

Cyber Attacks Phishing 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JULY 30, 2024

A hacker exploited a misconfiguration in Proofpoint's email protection platform to send millions of spoofed phishing emails from companies like IBM, Nike, and Disney looking to steal money and credit card information from victims. The post Proofpoint Platform Exploited to Send Millions of Spoofed Phishing Emails appeared first on Security Boulevard.

Phishing 107

Phishing Social Engineering Engineering Mobile 107

The Hacker News

JULY 30, 2024

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET.

Malware 110

Malware Phishing Cybersecurity 110

Bleeping Computer

JULY 30, 2024

The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. [.

Ransomware 101

Ransomware Malware 101

The Hacker News

JULY 30, 2024

As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration. However, like any new technology, RMM tools can also be used maliciously.

System Administration 102

System Administration Technology 102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JULY 30, 2024

Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. [.

Encryption 105

Encryption Malware 105

Quick Heal Antivirus

JULY 30, 2024

Tap and pay technology has completely changed the way we do transactions. Imagine making a payment just by. The post Is Your Money Safe? Discover the Hidden Dangers of Tap and Pay Technology appeared first on Quick Heal Blog.

Technology 98

Technology Antivirus Cybersecurity 98

WIRED Threat Level

JULY 30, 2024

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

Penetration Testing 99

Penetration Testing 99

Heimadal Security

JULY 30, 2024

DNS security risks are everywhere, and the stats show it too. A 2021 IDC survey of over 1,100 organizations across North America, Europe, and the Asia Pacific revealed that 87% had encountered DNS attacks. The average cost per attack was approximately $950,000 globally, rising to about $1 million for organizations in North America. That’s a […] The post The Most Common DNS Security Risks in 2024 (And How to Mitigate Them) appeared first on Heimdal Security Blog.

DNS 97

DNS Risk 97

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government