Fri.Sep 20, 2024

article thumbnail

Clever Social Engineering Attack Using Captchas

Schneier on Security

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever.

article thumbnail

HackerOne: Nearly Half of Security Professionals Believe AI Is Risky

Tech Republic Security

The Hacker-Powered Security Report showed mixed feelings toward AI in the security community, with many seeing leaked training data as a threat.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

The maintainers of the Tor Project have responded to claims that German police have devised a technique to deanonymize users. The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize its users. According to German media, law enforcement has infiltrated the anonymizing network and in at least one case they unmasked a criminal.

article thumbnail

5 Compelling Reasons Not to Manage Your Own VoIP Server

Tech Republic Security

Learn why managing your own VoIP server could be costly and risky. Explore the challenges of remote work, security, and feature limitations.

Software 153
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. Ukraine’s National Coordination Centre for Cybersecurity (NCCC) has banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns. The ban does not affect Ukrainian citizens.

article thumbnail

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

The Hacker News

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones.

Mobile 138

More Trending

article thumbnail

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Security Affairs

Microsoft warns that financially motivated threat actor Vanilla Tempest is using INC ransomware in attacks aimed at the healthcare sector in the U.S. Microsoft Threat Intelligence team revealed that a financially motivated threat actor, tracked as Vanilla Tempest (formerly DEV-0832 ) is using the INC ransomware for the first time to target the U.S. healthcare sector.

article thumbnail

FTC finds social media and video streaming services engaged in vast surveillance of consumers

Malwarebytes

The US Federal Trade Commission (FTC) released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order to monetize their personal information while failing to adequately protect users online, especially children and teens.

article thumbnail

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

Security Affairs

The US DoJ arrested two people and charged them with stealing and laundering more than $230 million worth of cryptocurrency. The U.S. DoJ arrested two people, Malone Lam (20) (aka “Greavys,” “Anne Hathaway,” and “$$$”) and Jeandiel Serrano (21) (aka “Box,” “VersaceGod,” and “@SkidStar”) in Miami and charged them with stealing more than $230 million worth of cryptocurrency.

article thumbnail

Companies Often Pay Ransomware Attackers Multiple Times

Security Boulevard

Nearly a third of companies hit by ransomware attacks paid ransoms four or more times in the past year, according to the Semperis 2024 Ransomware Risk report. The post Companies Often Pay Ransomware Attackers Multiple Times appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) to its Known Exploited Vulnerabilities (KEV) catalog.

article thumbnail

-=TWELVE=- is back

SecureList

In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor.

article thumbnail

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

Security Affairs

Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researchers warn that an Iran-linked APT group, tracked as UNC1860, is operating as an initial access facilitator that provides remote access to target networks in the Middle East. UNC1860 is linked to Iran’s Ministry of Intelligence and Security (MOIS), the APT specializes in using customized tools and passive backdoors to gain persistent access to h

Malware 132
article thumbnail

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

The Hacker News

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks.

131
131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AI Could Help Resolve IT/OT Integration Security Challenges

Security Boulevard

Security issues stemming from the integration of information technology (IT) and operational technology (OT), could be addressed through artificial intelligence (AI), although the technology could also be leveraged by malicious actors, according to a Cisco study. The post AI Could Help Resolve IT/OT Integration Security Challenges appeared first on Security Boulevard.

article thumbnail

Passwordless AND Keyless: The Future of (Privileged) Access Management

The Hacker News

In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM) solutions or similar.

Passwords 128
article thumbnail

macOS Sequoia Update Disrupts Major Cybersecurity Tools

Penetration Testing

Apple’s latest operating system release, macOS Sequoia, has been causing unexpected headaches for cybersecurity professionals and everyday users alike. The update has disrupted the functionality of several major security tools,... The post macOS Sequoia Update Disrupts Major Cybersecurity Tools appeared first on Cybersecurity News.

article thumbnail

Google Expands Chrome Security and Privacy Capabilities

Security Boulevard

Google over the past week has taken numerous steps to better Chrome users, including taking new steps toward reducing the use of passwords for authentication and hardening its post-quantum encryption. The post Google Expands Chrome Security and Privacy Capabilities appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What Is Disaster Recovery as a Service?

SecureWorld News

The latest CrowdStrike outage highlighted the need for a disaster recovery plan that can help organizations resume critical IT operations in case of emergencies. What is Disaster Recovery as a Service (DRaaS)? How does it work? What are the advantages and disadvantages of DRaaS solutions? Read this post to learn all the details about DR as a service.

Backups 99
article thumbnail

Customer Story | Lanett City Schools Works Smarter With The Help Of Cloud Monitor

Security Boulevard

Since its inception in 1898, Lanett City Schools has committed itself to providing a supportive, rigorous, and high-quality education to the Chambers County community. Nestled in southeastern Alabama, it’s home to roughly 950 students and 140 staff members — bus drivers and lunchroom workers included. “Our elementary school is our largest campus,” said Whittany Nolen, The post Customer Story | Lanett City Schools Works Smarter With The Help Of Cloud Monitor appeared first on ManagedMethods

Education 100
article thumbnail

iPhone 16 Pro: Upgrading from iPhone 13 Pro or earlier? Your list of new features is impressive

Zero Day

The average iPhone upgrader has at least a 3 year-old phone. If you're coming from an iPhone 13 Pro or earlier, here's your list of upgrades for 2024.

98
article thumbnail

Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains

Security Boulevard

Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS vulnerabilities, CIS Benchmarks and a China-backed botnet’s takedown!

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Synergizing Cybersecurity: The Benefits of Technology Alliances

Cisco Security

There are many integrations made available by Cisco Security and their tech partners, improving cybersecurity posture and defenses of mutual customers. There are many integrations made available by Cisco Security and their tech partners, improving cybersecurity posture and defenses of mutual customers.

article thumbnail

How API Security Fits into DORA Compliance: Everything You Need to Know

Security Boulevard

Discover how API security is crucial in meeting DORA compliance by securing data transmission, managing third-party risks, enforcing governance. The post How API Security Fits into DORA Compliance: Everything You Need to Know appeared first on Security Boulevard.

article thumbnail

Cyber threats against critical infrastructure heighten demand for skilled professionals

CompTIA on Cybersecurity

The critical infrastructure that runs our day to day life is prone to cyber attacks now more than ever. Delve into the details and the skills today’s cybersecurity professionals need to know. Explore training solutions that can help prepare you for tomorrow’s threats.

article thumbnail

Cencora’s $75 Million Ransom: A New High in Cyber Extortion

Penetration Testing

The American pharmaceutical giant Cencora has made the largest known ransom payment in history, shelling out a staggering $75 million in Bitcoin to cybercriminals following a devastating February attack. This... The post Cencora’s $75 Million Ransom: A New High in Cyber Extortion appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Every iPhone model compatible with Apple's iOS 18 (and which ones aren't)

Zero Day

The new software version features AI enhancements to popular apps, better home screen customization, improved Siri, and more.

article thumbnail

What is an Information Security Management System (ISMS)?

Security Boulevard

If you’ve spent any length of time reading about the internationally accepted security framework laid out in ISO 27001, you’ve likely come across the term ISMS or Information Security Management System. You may wonder, though; what is the ISMS specifically, how do you set one up, and what does it do for your business? Let’s […] The post What is an Information Security Management System (ISMS)?

article thumbnail

LinkedIn is training AI with your personal data. Here's how to stop it

Zero Day

Your information and how you interact with LinkedIn is helping to train AI. If you don't want that to happen, you can opt out and check what it already knows.

76
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 09/20/24

Security Boulevard

Insight #1: Don't shrug off this internet plague! Cross-site scripting (XSS) is the overlooked vulnerability plaguing the web. As Contrast’s recent attack data show , it's everywhere, yet it’s often dismissed as “'low risk.” The truth? This prevalence makes XSS more of a threat, and it's easily exploited. Fortunately, Application Detection and Response (ADR ) is here to help you stop it!

CISO 69
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.