Mon.Sep 30, 2024

article thumbnail

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. KrebsOnSecurity has learned that many of the man’s alleged targets were members of UGNazi , a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.

article thumbnail

Splunk Urges Australian Organisations to Secure LLMs

Tech Republic Security

Prompt injection and data leakage are among the top threats posed by LLMs, but they can be mitigated using existing security logging technologies.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

KartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE

Penetration Testing

A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution (RCE)... The post KartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE appeared first on Cybersecurity News.

Risk 145
article thumbnail

The 5 Best VoIP Routers (Wired, Wireless, and Mesh)

Tech Republic Security

Discover the best VoIP routers for businesses in 2024. Easily compare range, transfer rates, connectivity types, price, and more.

Wireless 168
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

The Hacker News

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).

Passwords 142
article thumbnail

The Pig Butchering Invasion Has Begun

WIRED Threat Level

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.

Scams 142

More Trending

article thumbnail

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

The Hacker News

The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud.

Hacking 141
article thumbnail

Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

Security Affairs

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. In May, the Community Clinic of Maui experienced a major IT outage that impacted thousands of patients following a cyber attack. In June, the Lockbit ransomware gang took credit for the attack. LockBit breached the Community Healthcare Clinic of Maui as they are still rebuilding from the devastating fire last year.

article thumbnail

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

The Hacker News

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware.

article thumbnail

Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware

Penetration Testing

A newly discovered critical vulnerability, CVE-2024-36435, has been uncovered in several Supermicro enterprise products, potentially exposing organizations to significant security risks. Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.

Firmware 136
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

The Hacker News

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks.

article thumbnail

The Path of Least Resistance to Privileged Access Management

Security Boulevard

Understand the overarching value of PAM, the use cases, the types of systems and how users will benefit from it, including proper contingency plans. The post The Path of Least Resistance to Privileged Access Management appeared first on Security Boulevard.

article thumbnail

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

The Hacker News

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft.

Phishing 138
article thumbnail

Patelco Credit Union data breach impacted over 1 million people

Security Affairs

The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

The Hacker News

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis.

article thumbnail

Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

Security Affairs

A critical vulnerability in the NVIDIA Container Toolkit could allow a container to escape and gain full access to the underlying host. Critical vulnerability CVE-2024-0132 (CVSS score 9.0) in the NVIDIA Container Toolkit could allow an attacker to escape the container and gain full access to the underlying host. The vulnerability is a Time-of-check Time-of-Use (TOCTOU) issue that impacts NVIDIA Container Toolkit 1.16.1 or earlier. “NVIDIA Container Toolkit 1.16.1 or earlier contains a Tim

article thumbnail

Kia’s Huge Security Hole: FIXED (Finally)

Security Boulevard

Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable. The post Kia’s Huge Security Hole: FIXED (Finally) appeared first on Security Boulevard.

Internet 131
article thumbnail

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

The Hacker News

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft Readies a More Secure Recall Feature for Release

Security Boulevard

After putting its controversial AI-based Recall feature on hold in June, Microsoft rearchitected many of its features to address the security and privacy concerns that users and experts raised and will release it for the upcoming Windows Copilot+ PCs. The post Microsoft Readies a More Secure Recall Feature for Release appeared first on Security Boulevard.

Mobile 120
article thumbnail

League of Legends Fans Targeted: Beware the Lumma Stealer Lurking in Fake Ads!

Penetration Testing

As the League of Legends (LoL) World Championship captivates fans worldwide, cybercriminals are seizing the opportunity to distribute malicious software. Bitdefender Labs has uncovered a sophisticated campaign targeting LoL enthusiasts... The post League of Legends Fans Targeted: Beware the Lumma Stealer Lurking in Fake Ads! appeared first on Cybersecurity News.

Software 118
article thumbnail

Storm-0501 Gang Targets US Hybrid Clouds with Ransomware

Security Boulevard

The financially motivated Storm-0501 threat group is attacking hybrid cloud environments in the United States by compromising on-prem systems first and moving laterally into the cloud, stealing data and credentials and dropping the Embargo ransomware along the way, Microsoft says. The post Storm-0501 Gang Targets US Hybrid Clouds with Ransomware appeared first on Security Boulevard.

article thumbnail

PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised

Penetration Testing

The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models. These vulnerabilities range in severity, with potential... The post PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised appeared first on Cybersecurity News.

Firmware 117
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

News alert: INE earns accolades based on strong curriculum reviews from business leaders

The Last Watchdog

Cary, NC, Sept. 27, 2024, CyberNewswire — INE , a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report , including “Fastest Implementation” and “Most Implementable,” which highlight INE’s superior performance relative to competitors. “Best hands-on and real world scenario based curriculum,” raves small business user Satvik V. in a recent 5-star review. ”Their dedication towards improving the curr

article thumbnail

Windows Event Logs: A Key to Unmasking Human-Operated Ransomware

Penetration Testing

Human-operated ransomware represents a particularly insidious challenge, combining sophisticated techniques with manual execution to evade traditional security measures. A new report from the Japan Computer Emergency Response Team Coordination Center... The post Windows Event Logs: A Key to Unmasking Human-Operated Ransomware appeared first on Cybersecurity News.

article thumbnail

How a post-hurricane disaster sold me on a $2,000 pool-cleaning robot

Zero Day

After a lightning strike showered debris into my pool, the Beatbot Aquasense Pro pool cleaner tackled the mess with ease, proving its worth in extreme conditions.

98
article thumbnail

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

Penetration Testing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has once again raised the alarm, adding four new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These additions underscore the... The post CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Want an entire tech repair shop of tools in a single messenger bag? iFixit can fix that

Zero Day

The iFixit Repair Business Toolkit got a refresh in 2023. I've been using the kit for over a year. Here's what I have inside the bag now.

98
article thumbnail

Storm-050: A New Ransomware Threat Identified by Microsoft

SecureWorld News

Microsoft's Threat Intelligence team has uncovered a new ransomware threat actor, Storm-050, targeting various critical sectors in the U.S., including government, manufacturing, transportation, and law enforcement. The group is now expanding its operations by targeting U.S. hospitals, which raises serious concerns for both public safety and cybersecurity.

article thumbnail

The Echo Pop smart speaker is just $18 with this October Prime Day deal

Zero Day

An Echo Pop is the perfect way to add a little pop of Alexa to your life this October Prime Day, pun intended.

98
article thumbnail

Cyberbullying – Protecting the Next Generation Online

ZoneAlarm

As the digital world expands, so does the opportunity for harmful behaviors to emerge. Cyberbullying, a growing issue, impacts millions of individuals, especially children and teenagers. Whether through social media, messaging platforms, or online gaming, cyberbullying allows people to harm others while hiding behind the anonymity of the internet. Understanding the nature of cyberbullying and … The post Cyberbullying – Protecting the Next Generation Online appeared first on ZoneAlarm

Media 91
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.