Schneier on Security

APRIL 16, 2024

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.

Phishing 284

Phishing 284

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like

Identity Theft 254

Identity Theft Banking Cybercrime Hacking 254

Bleeping Computer

APRIL 16, 2024

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [.

VPN 142

VPN 142

The Hacker News

APRIL 16, 2024

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.

141

141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 16, 2024

The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could be exploited to recover private keys. PuTTY tools from 0.68 to 0.80 inclusive are affected by a critical vulnerability, tracked as CVE-2024-31497 , that resides in the code that generates signatures from ECDSA private keys which use the NIST P521 curve.

Authentication 140

Authentication Hacking Information Security 140

Bleeping Computer

APRIL 16, 2024

A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. [.

135

135

Security Boulevard

APRIL 16, 2024

Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication. The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

Security Affairs

APRIL 16, 2024

Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.

Firewall 140

Firewall Hacking Software Cybersecurity 140

Security Boulevard

APRIL 16, 2024

Industrial control systems, application containers, and mobile devices are the top contenders on this year's list of the most difficult assets to secure. The post AI Helps Security Teams, But Boosts Threats appeared first on Security Boulevard.

Mobile 124

Mobile Ransomware Cybersecurity 124

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands.

Ransomware 139

Ransomware Manufacturing Hacking Insurance 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

APRIL 16, 2024

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca.

Risk 125

Risk Cybersecurity 125

Bleeping Computer

APRIL 16, 2024

YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service (ToS), and it will soon start taking action against the apps. [.

Technology 119

Technology 119

The Hacker News

APRIL 16, 2024

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.

Malware 125

Malware 125

Security Affairs

APRIL 16, 2024

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. The sophisticated mobile spyware has resurfaced after several months of inactivity, the new version of LightSpy, dubbed “F_Warehouse”, supports a modular framework with extensive spying capabilities.

Spyware 132

Spyware Mobile Malware Encryption 132

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

APRIL 16, 2024

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S.

Malware 124

Malware 124

Security Affairs

APRIL 16, 2024

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024 , increasing nearly 325% compared to the same period last year.

Government 135

Government Cyber threats Information Security Hacking 135

Malwarebytes

APRIL 16, 2024

Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of that forum. In March, one of Giant Tiger‘s vendors, a company used to manage customer communications and engagement, suffered a cyberattack, which impacted Giant Tiger, as reported by CBC.

Data breaches 119

Data breaches Retail Passwords Phishing 119

Identity IQ

APRIL 16, 2024

IDIQ Launches New Data-Driven Platform CreditBuilderIQ to Place Credit-Building Tools in the Hands of Consumers IdentityIQ – Smart software empowers individuals to take action to reach credit goals – TEMECULA, Calif. – April 16, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, announced today the launch of CreditBuilderIQ SM , a game-changing platform giving individuals the tools needed to establish, manage, a

Identity Theft 89

Identity Theft Education Marketing Software 89

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

APRIL 16, 2024

Mental telehealth startup Cerebral says it will stop sharing sensitive consumer health information with third parties, make it easier for consumers to cancel services, and pay a $7 million to settle a complaint with the Federal Trade Commission (FTC) accusing the company of sharing data of 3.2 million users with third parties. The “first-of-its-kind” agreement.

Data privacy 114

Data privacy Security Awareness Cybersecurity 114

WIRED Threat Level

APRIL 16, 2024

A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans.

115

115

eSecurity Planet

APRIL 16, 2024

ShadowRay is an exposure of the Ray artificial intelligence (AI) framework infrastructure. This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn’t intend to fix it. The dispute between Ray’s developers and security researchers highlights hidden assumptions and teaches lessons for AI security, internet-exposed assets, and vulnerability scanning through an understanding of ShadowRay.

Cybersecurity 113

Cybersecurity Penetration Testing Internet Internet 113

GlobalSign

APRIL 16, 2024

Trusted certificates are crucial for maintaining Kubernetes security. This blog discusses the importance of cert-manager and certificate management.

124

124

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

APRIL 16, 2024

The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third parties for advertising purposes and failed to honor its easy cancellation policies.

Advertising 115

Advertising 115

Security Boulevard

APRIL 16, 2024

Today, we’ll spend some time talking about integrating Cequence solutions with the Broadcom Layer7 API Gateway. Broadcom API Gateway, previously known as Layer7 API Gateway, is an enterprise-grade solution designed to provide centralized management and security for API infrastructures. It acts as a proxy between clients and back-end services. Cequence Security offers customers numerous ways […] The post Cequence Product Integrations – Broadcom Layer7 API Gateway appeared first on Cequence Securi

111

111

Penetration Testing

APRIL 16, 2024

Cybersecurity researchers at Secureworks Counter Threat Unit (CTU) are tracking a significant escalation in activity from the GOLD IONIC ransomware group. This aggressive threat group has rapidly amassed a list of victims since emerging... The post “INC” Ransomware Surge: New GOLD IONIC Group Hits Global Targets appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Ransomware Cybersecurity Malware 118

The Hacker News

APRIL 16, 2024

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project.

109

109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

APRIL 16, 2024

According to a detailed report by Recorded Future’s Insikt Group, the cybersecurity landscape faces a formidable threat in the form of “Mobile NotPetya,” a potential zero-click, wormable mobile malware that could spread autonomously and... The post Unstoppable Malware? Report Warns of “Mobile NotPetya” Outbreak Risk appeared first on Penetration Testing.

Mobile 116

Mobile Malware Penetration Testing Risk 116

Bleeping Computer

APRIL 16, 2024

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [.

Mobile 105

Mobile 105

Penetration Testing

APRIL 16, 2024

Cybersecurity researchers at G DATA have uncovered a sneaky new Android banking trojan named “Mamont.” This malware, currently targeting Russian-speaking individuals, masquerades as a fake Google Chrome app to trick unsuspecting users. Once installed,... The post Beware! Fake Chrome App “Mamont” Steals Banking Details appeared first on Penetration Testing.

Banking 115

Banking Penetration Testing Malware Cybersecurity 115

WIRED Threat Level

APRIL 16, 2024

A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in February.

Ransomware 105

Ransomware Healthcare Hacking 105

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government