Schneier on Security

FEBRUARY 12, 2024

Matt Burgess tries to only use passkeys. The results are mixed.

Passwords 288

Passwords 288

Tech Republic Security

FEBRUARY 12, 2024

Google Cloud’s Director of Office of the CISO Nick Godfrey reminds business leaders to integrate security into conversations around financial and business targets.

CISO 185

CISO Digital transformation Artificial Intelligence Ransomware 185

Trend Micro

FEBRUARY 12, 2024

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

Marketing 141

Marketing 141

Tech Republic Security

FEBRUARY 12, 2024

Read our comprehensive review of Perimeter 81 VPN. Discover its features, pricing, security measures and more to determine if it's the right VPN for you.

VPN 141

VPN 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

FEBRUARY 12, 2024

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA).

Ransomware 142

Ransomware Encryption Internet Internet 142

Malwarebytes

FEBRUARY 12, 2024

The Federal Communications Commission (FCC) has announced that calls made with voices generated with the help of Artificial Intelligence (AI) will be considered “artificial” under the Telephone Consumer Protection Act (TCPA). Effective immediately, that makes robocalls that implement voice cloning technology and target consumers illegal. Robocalls are automated phone calls, often associated with scams, which can be a nuisance to individuals and businesses alike.

Scams 140

Scams Artificial Intelligence Consumer Protection Technology 140

Bleeping Computer

FEBRUARY 12, 2024

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. [.

Data breaches 143

Data breaches Banking Hacking 143

Security Affairs

FEBRUARY 12, 2024

Researchers discovered a vulnerability in the code of the Rhysida ransomware that allowed them to develop a decryption tool. Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. The experts exploited the vulnerability to reconstruct encryption keys and developed a decryptor that allows victims of the Rhysida ransomware to recover their encrypted data for free. &

Ransomware 130

Ransomware Encryption VPN Manufacturing 130

The Hacker News

FEBRUARY 12, 2024

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.

129

129

Security Affairs

FEBRUARY 12, 2024

A bug in the split tunneling feature implemented in ExpressVPN exposed the domains visited by the users. ExpressVPN addressed a bug in the split tunneling feature that exposed the domains visited by the users to configured DNS servers. The company opted to temporarily remove the feature in the Windows app to address the issue. The bug will be enabled in a future release when the company will fix it.

DNS 137

DNS VPN Encryption Internet 137

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 12, 2024

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.

Social Engineering 128

Social Engineering Engineering Passwords Authentication 128

Graham Cluley

FEBRUARY 12, 2024

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

Ransomware 125

Ransomware Malware 125

Anton on Security

FEBRUARY 12, 2024

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#7 in the series), we will cover more details on the TI to detectin flow, and stop (for Part 8) at testing. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detectio

Engineering 100

Engineering Threat Detection Accountability Ransomware 100

Graham Cluley

FEBRUARY 12, 2024

A simple-to-avoid security flaw allowed unauthorised parties to track the location of anyone wearing Livall ski and biking helmets, and listen to group conversations. Read more in my article on the Hot for Security blog.

Risk 123

Risk IoT 123

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

FEBRUARY 12, 2024

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. [.

123

123

Security Boulevard

FEBRUARY 12, 2024

When sensitive information becomes available to outside sources, you have a data leak on your hands. Data leaks are real threats that are easy to ignore. But across all the places your company stores and moves data, it’s only a matter of time until an accidental exposure of information will put your business at risk. […] The post What is a Data Leak?

Risk 122

Risk 122

Security Affairs

FEBRUARY 12, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770 , to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 132

Hacking Accountability Cybersecurity Software 132

The Hacker News

FEBRUARY 12, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.

Software 121

Software Cybersecurity 121

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 12, 2024

The Canadian government is going to ban the tool Flipper Zero because it is abused by crooks to steal vehicles in the country. The Canadian government announced that it plans to ban the tool Flipper Zero , and similar hacking devices, to curb the surge in car thefts. Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It allows hacking digital stuff, such as radio protocols, access control systems, hardware, and more, reads the official website.

Government 132

Government Hacking Wireless Insurance 132

The Hacker News

FEBRUARY 12, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories.

Software 117

Software Cybersecurity 117

Security Affairs

FEBRUARY 12, 2024

The U.S. Justice Department (DoJ) seized the infrastructure that was used to sell the remote access trojan (RAT) Warzone RAT. The Justice Department announced the seizure of internet domains used to sell the remote access Trojan Warzone RAT (www.warzone[.]ws). The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware.

Malware 130

Malware Hacking Cybercrime Advertising 130

Security Boulevard

FEBRUARY 12, 2024

Ah, Valentine's Day—the time when love is in the air, and scam artists are ready to swoop in with their own version of a love story. Imagine this: you're swiping through a dating app, hoping to find the yin to your yang, only to find yourself entangled in a web of deception. The post A Valentine’s warning about heartbreak hackers appeared first on Security Boulevard.

Scams 113

Scams 113

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

WIRED Threat Level

FEBRUARY 12, 2024

Top congressional lawmakers are meeting in private to discuss the future of a widely unpopular surveillance program, worrying members devoted to reforming Section 702.

Surveillance 116

Surveillance 116

Security Boulevard

FEBRUARY 12, 2024

Zero-trust architecture is rapidly becoming the go-to approach for security and IT leaders to secure voice, mobile and 5G networks and applications. The post Applying Zero-Trust to Voice Networks and the 5G Core appeared first on Security Boulevard.

Architecture 112

Architecture Mobile Cybersecurity Network Security 112

Bleeping Computer

FEBRUARY 12, 2024

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. [.

Data breaches 112

Data breaches Telecommunications 112

eSecurity Planet

FEBRUARY 12, 2024

This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. One of the most notable vulnerabilities for this week is Fortinet’s critical FortiOS issue, which affects Fortinet products that use the affected versions of the network operating system. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats.

VPN 109

VPN Authentication Software Firewall 109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Digital Guardian

FEBRUARY 12, 2024

Data infrastructure - required to manage, store, and process data - can take many forms. We look at the different types, aspects, and provide tips on how to build a robust data infrastructure in today's blog.

105

105

Bleeping Computer

FEBRUARY 12, 2024

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. [.

Accountability 103

Accountability Phishing 103

The Hacker News

FEBRUARY 12, 2024

Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections.

106

106

Trend Micro

FEBRUARY 12, 2024

This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.

102

102

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government