Tue.Oct 03, 2023

article thumbnail

Hacking Gas Pumps via Bluetooth

Schneier on Security

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 331
article thumbnail

Quick Glossary: Cybersecurity Attacks

Tech Republic Security

It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks and systems will be attacked by someone with criminal intent. Cybersecurity attacks, in all their various forms, are inevitable and relentless. This quick glossary from TechRepublic Premium explains the terminology behind the most.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary We investigated a recent LockBit extortion incident that occurred in Q3 2023, which involved an unusual FTP server located in Moscow. The hostname of this server was identified as matching many hostnames found in various posts on the LockBit leak site.

Scams 145
article thumbnail

Browse Safer and Faster Around the World with JellyVPN — Now Just $34.99

Tech Republic Security

This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.

VPN 151
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New 'Looney Tunables' Linux bug gives root on major distros

Bleeping Computer

A new Linux vulnerability, known as 'Looney Tunables' and tracked as CVE-2023-4911, enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader. [.

142
142
article thumbnail

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is sold on various forums for $250 for a lifetime license.

More Trending

article thumbnail

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

Researchers from cybersecurity firm TG Soft are warning Italian entities and companies of LockBit 3.0 Black and BlackCat/AlphV attacks. In the last few weeks, two cybercriminal groups that have also targeted Italian entities and businesses, are back in the news; they are LockBit 3.0 Black and BlackCat/AlphV , which had already been reported by the media in the first decade of last July.

article thumbnail

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity.

130
130
article thumbnail

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

Security Affairs

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ home addresses and the plate numbers of their vehicles. The Metropolitan Transportation Commission (MTC) is a governmental agency responsible for regional transportation planning and financing in the San Francisco Bay Area.

article thumbnail

Playing your part in building a safer digital world: Why cybersecurity matters

We Live Security

In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-being

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

The Hacker News

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [.

article thumbnail

Android October security update fixes zero-days exploited in attacks

Bleeping Computer

Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. [.

Mobile 121
article thumbnail

Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US

Dark Reading

Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.

120
120
article thumbnail

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

The Hacker News

Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs.

119
119
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials

Dark Reading

Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.

119
119
article thumbnail

How to DDoS Like an Ethical Hacker

Heimadal Security

Before I tell you how to DDoS someone, I want to make a few issues clear. Launching a Distributed Denial of Service attack for any other reasons than security testing is illegal. In ethical hacking, DDoS attacks can be used as part of security testing and vulnerability assessment activities. If that is the case, make […] The post How to DDoS Like an Ethical Hacker appeared first on Heimdal Security Blog.

DDOS 119
article thumbnail

Microsoft now lets you play a game during Windows 11 installs

Bleeping Computer

Microsoft has introduced a new twist to the Windows 11 installation and update process, transforming it from a mundane task into an enjoyable experience. [.

112
112
article thumbnail

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot

Dark Reading

Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.

CISO 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google to bolster phishing and malware delivery defenses in 2024

Bleeping Computer

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [.

Phishing 107
article thumbnail

Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far

Dark Reading

While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.

article thumbnail

Streamlining Certificate Management: Utilizing Automation for Efficient PKI Operations

GlobalSign

In this blog, we will explore the importance of managing your digital certificates and how automation is the key to streamlining your PKI operations.

106
106
article thumbnail

10 Tips for Identity Theft Protection for Military Members

Identity IQ

10 Tips for Identity Theft Protection for Military Members IdentityIQ Identity theft is an evolving threat that can have particularly severe consequences for military personnel. With the unique challenges and responsibilities they face, safeguarding military members’ personal information is paramount. In this article, we cover ten tips to help prevent identity theft, specifically tailored to the needs of those serving in the armed forces.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Industrial Control System (ICS): Definition, Types, Security

Heimadal Security

An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage, pharmaceutical, automotive, and more. Each one operates differently and is designed to effectively manage duties […] The post Industrial Control System (ICS): Definition, Types, Security appeared first on Heimdal Security Blog.

article thumbnail

USPS Anchors Snowballing Smishing Campaigns

Dark Reading

Researchers found 164 domains connected to a single threat actor located in Tehran.

101
101
article thumbnail

Protecting your IT infrastructure with Security Configuration Assessment (SCA)

The Hacker News

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks.

article thumbnail

State of the Cybersecurity Industry: Insights to Keep Your Business, Customers Safe

CompTIA on Cybersecurity

Expert advice to help MSPs overcome cybersecurity challenges including more advanced threats, complex tools and trying to find cyber talent.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

API Security Trends 2023 – Have Organizations Improved their Security Posture?

The Hacker News

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications.

article thumbnail

New Malware-as-a-Service Gains Traction Among Cybercriminals

Heimadal Security

Security experts have discovered BunnyLoader, a malware-as-a-service (MaaS) that is rapidly evolving and gaining popularity on different hacker platforms due to its ability to covertly infiltrate systems and manipulate their data, focusing in particular on system clipboards. Unveiled on September 4, BunnyLoader has witnessed rapid development, swiftly enhancing its malicious capabilities, which currently include: payload […] The post New Malware-as-a-Service Gains Traction Among Cybercrimi

Malware 94
article thumbnail

Name That Edge Toon: Office Artifacts

Dark Reading

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

90
article thumbnail

NSA Announces New AI Security Center

SecureWorld News

Amidst a rapidly evolving technological landscape, the fusion of artificial intelligence (AI) and cybersecurity emerges as both a beacon of innovation and an unprecedented challenge. As nations race to harness the potential of AI for military and intelligence purposes, the world stands at a pivotal crossroads of remarkable opportunity and formidable complexity.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.