Mon.Nov 04, 2024

article thumbnail

Software Makers Encouraged to Stop Using C/C++ by 2026

Tech Republic Security

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software 202
article thumbnail

Sophos Versus the Chinese Hackers

Schneier on Security

Really interesting story of Sophos’s five-year war against Chinese hackers.

Hacking 224
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How AI Is Changing the Cloud Security and Risk Equation

Tech Republic Security

Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenable’s Liat Hayun on managing data sensitivity, misconfigurations, and over-privileged access.

Risk 120
article thumbnail

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

The Hacker News

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

One third of consumers would prefer working with AI agents for faster service

Zero Day

Many consumers are happy to communicate with an AI agent but also want to know when that conversation is happening.

144
144
article thumbnail

Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know

Security Boulevard

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution.

More Trending

article thumbnail

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. A Bing search query for ‘Keybank login’ currently returns malicious links on the first page, and sometimes as the top search result. We have reported the fraudulent sites to Microsoft already. While Microsoft’s Bing only has about 4% of the search engine market share , crooks are drawn to it as an alternative to Google.

article thumbnail

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

The Hacker News

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.

article thumbnail

Upgrade to Microsoft Office Pro and Windows 11 Pro for 87% off

Zero Day

This lifetime license bundle deal gives you access to the entire Microsoft Office Pro 2021 suite and Windows 11 Pro for just $53 for a limited time.

111
111
article thumbnail

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. The Nigerian national, Kolade Ojelade, Kolade Akinwale Ojelade (34), a resident of Leicester (UK) was sentenced to 26 years in U.S. for phishing scams that resulted in the compromise of millions of email accounts. “A Nigerian man wa

Scams 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

The Hacker News

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks.

DDOS 97
article thumbnail

Misinformation is Ruining our Elections. Here’s How we can Rescue Them.

Security Boulevard

As the 2024 U.S. Presidential Election approaches, along with other pivotal elections worldwide, the online spread of misinformation is reaching new heights. The post Misinformation is Ruining our Elections. Here’s How we can Rescue Them. appeared first on Security Boulevard.

article thumbnail

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

The Hacker News

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware.

Malware 97
article thumbnail

How Netscape lives on: 30 years of shaping the web, open source, and business

Zero Day

Netscape, the browser that launched the web revolution, was a cultural phenomenon. While the company is long gone, it helped create today's tech world.

105
105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hackers Exploit DocuSign APIs for Phishing Campaign

Security Boulevard

Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fraudulent campaigns in recent months. Unlike typical phishing scams that rely on spoofed emails and malicious links, these attacks use legitimate DocuSign accounts and templates to mimic reputable companies, according to a Wallarm report.

article thumbnail

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

The Hacker News

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.

113
113
article thumbnail

CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching

Penetration Testing

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-43093. Google’s bulletin... The post CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching appeared first on Cybersecurity News.

article thumbnail

City of Columbus breach affects around half a million citizens

Malwarebytes

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. In a data breach notification filed by the Attorney General for the state of Maine, the cybersecurity incident that affected Columbus, Ohio impacted half a million people.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

The Hacker News

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide.

Retail 92
article thumbnail

ZoneMinder’s CVE-2024-51482: A 10/10 Severity Vulnerability Exposes SQL Databases

Penetration Testing

A newly identified security vulnerability in ZoneMinder, a popular open-source video surveillance platform, could allow attackers to gain control over SQL databases, compromising data confidentiality and system integrity. This flaw,... The post ZoneMinder’s CVE-2024-51482: A 10/10 Severity Vulnerability Exposes SQL Databases appeared first on Cybersecurity News.

article thumbnail

Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

WIRED Threat Level

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

Hacking 91
article thumbnail

How the 2024 US presidential election will determine tech's future

Zero Day

The two candidates have starkly different approaches to regulation and privacy. Here's what each administration could mean for the industry and individuals.

103
103
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

Malwarebytes

This week on the Lock and Code podcast… The US presidential election is upon the American public, and with it come fears of “election interference.” But “election interference” is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow political discord or to erode trust in American democracy.

Hacking 89
article thumbnail

CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published

Penetration Testing

A recently discovered cross-site scripting (XSS) vulnerability in pfSense v2.5.2 has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or HTML on... The post CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published appeared first on Cybersecurity News.

Risk 91
article thumbnail

I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off

Zero Day

Apple's iPad Mini 7 is an iterative upgrade to the small-sized tablet, but you probably shouldn't buy it for the AI features yet.

105
105
article thumbnail

FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

3 ways to stop Android apps running in the background - and why I always do

Zero Day

I make sure to regularly - and manually - stop apps from running in the background on my Android phone. Is that absolutely necessary? Maybe not, but my habit does ensure optimal resources and privacy. Try it yourself.

122
122
article thumbnail

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks

The Hacker News

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year.

article thumbnail

Perplexity AI offers election results tracker and voter resource - try it here

Zero Day

The Election Information Hub aims to aggregate data about the US elections, but its AI has already gotten some facts wrong. Here's what to know.

128
128
article thumbnail

GOOTLOADER Malware Continues to Evolve: Google Researchers Uncover Advanced Tactics

Penetration Testing

Google researchers recently released an in-depth analysis of GOOTLOADER, also known as SLOWPOUR or Gootkit Loader, an obfuscated JavaScript downloader, revealing new tactics employed by financially-motivated threat actors to deploy... The post GOOTLOADER Malware Continues to Evolve: Google Researchers Uncover Advanced Tactics appeared first on Cybersecurity News.

Malware 82
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.