Schneier on Security

DECEMBER 17, 2024

Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware 184

Firmware Hacking Software 184

Penetration Testing

DECEMBER 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 120

Software Cybersecurity 120

The Hacker News

DECEMBER 17, 2024

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.

Social Engineering 121

Social Engineering Malware Engineering 121

WIRED Threat Level

DECEMBER 17, 2024

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

118

118

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

DECEMBER 17, 2024

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

Data breaches 119

Data breaches Accountability 119

Security Boulevard

DECEMBER 17, 2024

CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform. The post CrowdStrike Allies With Salt Security to Improve API Security appeared first on Security Boulevard.

Security Awareness 95

Security Awareness Cybersecurity 95

Zero Day

DECEMBER 17, 2024

Also now available: An improved version of Google's Imagen 3 image generator and a fun, new experiment.

Artificial Intelligence 89

Artificial Intelligence Technology 89

The Hacker News

DECEMBER 17, 2024

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.

Malware 106

Malware 106

Malwarebytes

DECEMBER 17, 2024

Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more.

Identity Theft 86

Identity Theft Phishing Banking Accountability 86

The Hacker News

DECEMBER 17, 2024

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.

Cyber threats 96

Cyber threats 96

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

DECEMBER 17, 2024

The biggest Ray-Ban update yet is here, and it makes the smart glasses more useful than ever.

Artificial Intelligence 86

Artificial Intelligence Technology 86

The Hacker News

DECEMBER 17, 2024

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity.

92

92

Tech Republic Security

DECEMBER 17, 2024

Uncover the pros and cons of Astrill VPN. Explore its speed, security, and features to see if its the right choice for privacy and performance.

VPN 86

VPN 86

The Hacker News

DECEMBER 17, 2024

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack.

Phishing 90

Phishing Cybersecurity 90

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

SecureList

DECEMBER 17, 2024

In late October 2024, a new scheme for distributing a certain Android banking Trojan called “Mamont” was uncovered. The victim would receive an instant message from an unknown sender asking to identify a person in a photo. The attackers would then send what appeared to be the photo itself but was actually a malware installer. Shortly after, reports surfaced of Mamont being disseminated through neighborhood chat groups.

Scams 67

Scams Malware Social Engineering Banking 67

Tech Republic Security

DECEMBER 17, 2024

CrowdStrike's AI Survey reveals how generative AI is reshaping cybersecurity, uncovering trends and challenges faced by organizations today.

Cybersecurity 82

Cybersecurity Artificial Intelligence 82

Zero Day

DECEMBER 17, 2024

81

81

SecureWorld News

DECEMBER 17, 2024

Researchers at Datadog Security Labs have uncovered a year-long, large-scale cybercrime campaign by a threat actor tracked as MUT-1244. This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Additionally, sensitive SSH private keys and AWS access keys were exfiltrated from compromised systems, implicating a diverse victim pool of red teamers, penetration testers, security researchers, and other malicious a

Phishing 66

Phishing Threat Detection Social Engineering Cybercrime 66

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

DECEMBER 17, 2024

Even the best companies with the most advanced tools can still get hacked. Its a frustrating reality: youve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, whats going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticedeven in well-prepared organizations.

Hacking 79

Hacking 79

Security Affairs

DECEMBER 17, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference ( CVE-2024-35250 ) and Adobe ColdFusion Improper Access Control ( CVE-2024-20767 ) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 66

Hacking Cybersecurity Ransomware Risk 66

Penetration Testing

DECEMBER 17, 2024

Cybersecurity researchers from Netskope have uncovered a new side-loaded backdoor, dubbed Yokai, targeting Thai officials through decoy documents and a legitimate application. This campaign highlights the continued use of DLL... The post DLL Side-Loading Strikes Again: Yokai Backdoor Bypasses Security appeared first on Cybersecurity News.

Cybersecurity 70

Cybersecurity Malware 70

WIRED Threat Level

DECEMBER 17, 2024

Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.

Scams 76

Scams Hacking 76

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Zero Day

DECEMBER 17, 2024

75

75

SecureWorld News

DECEMBER 17, 2024

The U.S. government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). In a joint advisory released by the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) , organizations in the Water and Wastewater Systems sector are urged to secure HMIs, which provide critical access to industrial machines and control systems.

Internet 59

Internet Internet Risk Passwords 59

Zero Day

DECEMBER 17, 2024

75

75

Penetration Testing

DECEMBER 17, 2024

A new malware campaign, identified as I2PRAT (I2P Remote Access Trojan), is raising the bar for cybercriminals ability to evade detection. Detailed in a report by Banu Ramakrishnan, a Malware... The post New Malware I2PRAT Exploits Anonymous I2P Network for Stealthy Command and Control appeared first on Cybersecurity News.

Malware 67

Malware Cybersecurity 67

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Zero Day

DECEMBER 17, 2024

For 12 days, the OpenAI daily live stream is unveiling 'new things, big and small.' Here's what's new today.

75

75

Penetration Testing

DECEMBER 17, 2024

A new report by CYFIRMA reveals an alarming escalation in cyber threats targeting the UK, orchestrated by Russian state-sponsored actors and privateer groups. Sophisticated campaigns now focus on critical infrastructure,... The post Russian State Actors Target UK Critical Infrastructure in New Cyber Campaign appeared first on Cybersecurity News.

Cyber threats 67

Cyber threats Cybersecurity 67

Zero Day

DECEMBER 17, 2024

Microsoft will officially end support for its most popular operating system in less than a year. Here's what you should do with your Windows 10 PCs that fail Microsoft's Windows 11 compatibility tests before that day arrives.

75

75

Security Affairs

DECEMBER 17, 2024

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers. Texas Tech University disclosed a data breach that impacted over 1.4 million individuals following a cyber attack. The security breach exposed the personal, health, and financial data from its health sciences centers, the Health Sciences Center and Health Sciences Center El Paso.

Data breaches 63

Data breaches Insurance Ransomware Cyber Attacks 63

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software