Krebs on Security

AUGUST 19, 2024

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 353

Passwords Data breaches Accountability Data privacy 353

Schneier on Security

AUGUST 19, 2024

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week.

Ransomware 260

Ransomware Accountability 260

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Software 173

Software Internet Internet Technology 173

Penetration Testing

AUGUST 19, 2024

Researchers have published the technical details and proof-of-concept (PoC) exploit code for two critical zero-day vulnerabilities in Windows, tracked as CVE-2024-38202 and CVE-2024-21302. These vulnerabilities, revealed at Black Hat 2024... The post PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 19, 2024

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Cryptocurrency 138

Cryptocurrency Marketing Malware Engineering 138

Tech Republic Security

AUGUST 19, 2024

While CyberGhost VPN presents an impressive amount of servers, ExpressVPN’s consistent VPN speeds and strong third-party audits give it the edge.

VPN 138

VPN 138

The Hacker News

AUGUST 19, 2024

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

133

133

Security Boulevard

AUGUST 19, 2024

Microsoft is making MFA mandatory for signing into Azure accounts, the latest step in the IT vendor's Secure Future Initiative that it expanded in May in the wake of two embarrassing breaches by Russian and Chinese threat groups. The post Mandatory MFA is Coming to Microsoft Azure appeared first on Security Boulevard.

Accountability 124

Accountability Data privacy Authentication Security Awareness 124

The Hacker News

AUGUST 19, 2024

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

Phishing 128

Phishing Software 128

Security Affairs

AUGUST 19, 2024

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potentially linked to the cybercrime group FIN7. The team collaborated with the cybersecurity experts of Silent Push and Stark Industries Solutions who shared their findings.

Cybercrime 134

Cybercrime Hacking Cybersecurity Information Security 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT Security Guru

AUGUST 19, 2024

Ransomware attacks are a growing menace. Malicious actors are constantly honing their tactics to exploit vulnerabilities and extort ransoms from businesses and individuals. These attacks can cause significant financial and reputational damage, making it crucial for businesses to stay vigilant. Understanding the signs and common missteps leading to such attacks is vital to strengthening cybersecurity measures.

Ransomware 120

Ransomware Backups Social Engineering Manufacturing 120

Security Boulevard

AUGUST 19, 2024

Attackers are constantly refining their techniques for advanced phishing attacks to exploit the trust inherent in our digital systems. A recent incident we’ve captured highlights the alarming sophistication of modern phishing attempts, demonstrating how cybercriminals leverage trusted enterprise solutions to deceive even the most vigilant users. Let’s break down this attack and explain how our […] The post Unmasking the Sophisticated: How AI-Powered Defenses Thwart Advanced Phishing Attacks firs

Phishing 114

Phishing Social Engineering Threat Detection Engineering 114

Tech Republic Security

AUGUST 19, 2024

Thales' 2024 Data Threat Report reveals key insights for Australian critical infrastructure under the SOCI Act 2024. Our exclusive interview with Erick Reyes reveals the security impacts.

Threat Reports 143

Threat Reports Artificial Intelligence Cybersecurity 143

WIRED Threat Level

AUGUST 19, 2024

The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.

121

121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

AUGUST 19, 2024

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information.

Risk 116

Risk Cybersecurity 116

Penetration Testing

AUGUST 19, 2024

A critical security flaw (CVE-2024-5932) in the popular GiveWP WordPress plugin has left over 100,000 websites vulnerable to remote code execution and unauthorized file deletion. This vulnerability, scoring a maximum... The post CVE-2024-5932 (CVSS 10): Critical RCE Vulnerability Impacts 100k+ WordPress Sites appeared first on Cybersecurity News.

Cybersecurity 111

Cybersecurity 111

The Hacker News

AUGUST 19, 2024

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.

Phishing 115

Phishing Cybersecurity 115

SecureWorld News

AUGUST 19, 2024

In August 2024, a new class action lawsuit claimed that every American's Social Security number was stolen in a data breach that occurred in April 2024. The lawsuit says that hackers stole the personal information of 3 billion people, including every existing Social Security number, from background check company National Public Data (NPD). If true, this would mean every American is at risk of having their identity stolen.

Data breaches 104

Data breaches Banking Risk Cybersecurity 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.

Ransomware 112

Ransomware Cybersecurity 112

Penetration Testing

AUGUST 19, 2024

Last week, Microsoft addressed multiple high-severity security vulnerabilities in its security updates, some of which have already been exploited by hackers. For instance, the CVE-2024-38193 (CVSS 7.8) vulnerability has been... The post Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

The Hacker News

AUGUST 19, 2024

A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeting Korean and Chinese speakers.

Malware 110

Malware 110

SecureList

AUGUST 19, 2024

BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin America. They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy and oil and gas companies, among others.

Phishing 98

Phishing Energy and Utilities Malware Banking 98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

SecureWorld News

AUGUST 19, 2024

Smart meters are transforming the way we manage energy consumption. Central to the Smart Grid (SG) initiative, these devices facilitate two-way communication between utilities and household appliances, enabling real-time monitoring and control. This technology promises greater efficiency and cost savings, but it also brings new security and privacy challenges that need careful consideration.

Energy and Utilities 97

Energy and Utilities Wireless Encryption Authentication 97

Penetration Testing

AUGUST 19, 2024

In an ever-evolving cybersecurity landscape, where threats are becoming more sophisticated by the day, the focus on Endpoint Detection and Response (EDR) systems has never been more critical. However, in... The post HookChain: The Technique That Bypass Exposes EDR in 94% of Security Solutions appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

AUGUST 19, 2024

Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware —loves to see. This time the target company, Tracki, is one selling GPS trackers and doesn’t hesitate to explicitly market itself as a device for spying on a spouse or other family member.

Hacking 96

Hacking Telecommunications Passwords Data breaches 96

Webroot

AUGUST 19, 2024

Introducing key EDR functionality In today’s rapidly evolving cyber landscape, staying ahead of threats requires not just robust defenses, but also smart, efficient tools that empower defenders without overburdening them. Webroot by OpenText recognizes the vital role that endpoint detection and response (EDR) capabilities play in a comprehensive cybersecurity strategy.

Cyber Insurance 94

Cyber Insurance Insurance Cyber threats Cybersecurity 94

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

AUGUST 19, 2024

In July, one of the largest data breaches in history occurred, involving the company National Public Data (NPD). The incident garnered widespread media attention and became the subject of a... The post The Truth Behind the National Public Data (NPD) Breach appeared first on Cybersecurity News.

Data breaches 95

Data breaches Media Cybersecurity 95

Malwarebytes

AUGUST 19, 2024

Millennials are in a bind. According to a new analysis of research released earlier this year by Malwarebytes , Millennials are significantly more likely than every other generation to feel that there is no need to share their online account logins with boyfriends, girlfriends, spouses, or significant others, and that keeping such information private shows trust between partners.

Accountability 89

Accountability Passwords Banking Media 89

The Hacker News

AUGUST 19, 2024

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report.

Software 91

Software Malware Cybersecurity 91

Security Boulevard

AUGUST 19, 2024

Amid customer and regulatory pressure and intensifying cyberattacks, organizations must ensure their identity verification strategies match up against AI-powered fraud techniques. The post The Essential Guide to Evaluating Competitive Identity Verification Solutions appeared first on Security Boulevard.

Social Engineering 82

Social Engineering Engineering Security Awareness Cybersecurity 82

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government