Mon.Nov 04, 2024

article thumbnail

Software Makers Encouraged to Stop Using C/C++ by 2026

Tech Republic Security

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software 211
article thumbnail

Sophos Versus the Chinese Hackers

Schneier on Security

Really interesting story of Sophos’s five-year war against Chinese hackers.

Hacking 244
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How AI Is Changing the Cloud Security and Risk Equation

Tech Republic Security

Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenable’s Liat Hayun on managing data sensitivity, misconfigurations, and over-privileged access.

Risk 150
article thumbnail

ZoneMinder’s CVE-2024-51482: A 10/10 Severity Vulnerability Exposes SQL Databases

Penetration Testing

A newly identified security vulnerability in ZoneMinder, a popular open-source video surveillance platform, could allow attackers to gain control over SQL databases, compromising data confidentiality and system integrity. This flaw,... The post ZoneMinder’s CVE-2024-51482: A 10/10 Severity Vulnerability Exposes SQL Databases appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

The Hacker News

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.

article thumbnail

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. The Nigerian national, Kolade Ojelade, Kolade Akinwale Ojelade (34), a resident of Leicester (UK) was sentenced to 26 years in U.S. for phishing scams that resulted in the compromise of millions of email accounts. “A Nigerian man wa

Scams 124

More Trending

article thumbnail

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

The Hacker News

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.

article thumbnail

Hackers Exploit DocuSign APIs for Phishing Campaign

Security Boulevard

Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fraudulent campaigns in recent months. Unlike typical phishing scams that rely on spoofed emails and malicious links, these attacks use legitimate DocuSign accounts and templates to mimic reputable companies, according to a Wallarm report.

Phishing 116
article thumbnail

One third of consumers would prefer working with AI agents for faster service

Zero Day

Many consumers are happy to communicate with an AI agent but also want to know when that conversation is happening.

145
145
article thumbnail

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

The Hacker News

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide.

Retail 106
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Misinformation is Ruining our Elections. Here’s How we can Rescue Them.

Security Boulevard

As the 2024 U.S. Presidential Election approaches, along with other pivotal elections worldwide, the online spread of misinformation is reaching new heights. The post Misinformation is Ruining our Elections. Here’s How we can Rescue Them. appeared first on Security Boulevard.

article thumbnail

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

The Hacker News

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware.

Malware 103
article thumbnail

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Security Affairs

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack.

article thumbnail

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

The Hacker News

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks.

DDOS 102
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Beyond Keylogging: HookBot’s Advanced Techniques for Data Theft

Penetration Testing

Netcraft’s latest research details HookBot, a sophisticated Android-based banking Trojan that’s steadily advancing its footprint in the cybercrime world. First identified in 2023, HookBot has rapidly evolved, targeting Android users... The post Beyond Keylogging: HookBot’s Advanced Techniques for Data Theft appeared first on Cybersecurity News.

article thumbnail

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks

The Hacker News

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year.

article thumbnail

FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

article thumbnail

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

The Hacker News

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.

120
120
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

WIRED Threat Level

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

Hacking 107
article thumbnail

Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know

Security Boulevard

In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution.

article thumbnail

City of Columbus breach affects around half a million citizens

Malwarebytes

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. In a data breach notification filed by the Attorney General for the state of Maine, the cybersecurity incident that affected Columbus, Ohio impacted half a million people.

article thumbnail

Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

eSecurity Planet

We’re looking at cloud credential theft (not good) and a big win for early vulnerability fixes (better) this week, as well as critical Mitsubishi Electric and Rockwell Automation bugs that could affect industrial control environments. Additionally, a SSL certificate weakness in qBittorrent has finally been fixed after 14 years of vulnerability. Also, Microsoft hasn’t yet developed a fix for Windows 11 downgrade attacks, which were first announced this summer at the Black Hat conference.

Software 101
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Upgrade to Microsoft Office Pro and Windows 11 Pro for 87% off

Zero Day

This lifetime license bundle deal gives you access to the entire Microsoft Office Pro 2021 suite and Windows 11 Pro for just $53 for a limited time.

111
111
article thumbnail

Onsite Social Engineering: Tribe Mentality

Security Through Education

Let me tell you about possibly my favorite onsite social engineering team engagement I have ever done! At this job, I was with 2 colleagues. We were tasked with gaining onsite access to a facility both during the day and at night. This story will focus on how we leveraged tribe mentality, which was vital to our success. So, before we start, what exactly is tribe mentality, and why is it important to social engineering ?

article thumbnail

How Netscape lives on: 30 years of shaping the web, open source, and business

Zero Day

Netscape, the browser that launched the web revolution, was a cultural phenomenon. While the company is long gone, it helped create today's tech world.

105
105
article thumbnail

Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

Malwarebytes

This week on the Lock and Code podcast… The US presidential election is upon the American public, and with it come fears of “election interference.” But “election interference” is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow political discord or to erode trust in American democracy.

Hacking 88
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off

Zero Day

Apple's iPad Mini 7 is an iterative upgrade to the small-sized tablet, but you probably shouldn't buy it for the AI features yet.

111
111
article thumbnail

CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching

Penetration Testing

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-43093. Google’s bulletin... The post CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching appeared first on Cybersecurity News.

article thumbnail

Linux Lite just got a useful AI feature for desktop - and it's more subtle than you think

Zero Day

Linux Lite is a lightweight distribution aimed at reviving older desktops, and with the latest release, the developers have (sort of) added AI into the mix.

105
105
article thumbnail

CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published

Penetration Testing

A recently discovered cross-site scripting (XSS) vulnerability in pfSense v2.5.2 has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or HTML on... The post CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published appeared first on Cybersecurity News.

Risk 91
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.