Tue.Oct 31, 2023

article thumbnail

The Future of Drone Warfare

Schneier on Security

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million. […] A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating

Wireless 317
article thumbnail

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains as among the most prevalent in phishing attacks over the past year.

Phishing 307
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Tech Republic Security

Google's Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.

article thumbnail

Unmasking the Cracks of Today’s Cyber Defence

Jane Frankland

C-suites across all industries, from traditional finance to the latest “unicorns” emerging in the fintech industry, are facing a formidable challenge: how to protect their business and customer data against growing cyber threats. However, new research from e2e-assure has revealed that few organisations are taking full advantage of security technologies available today.

CISO 147
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Security Affairs

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Researchers from Researchers at Horizon3.ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. Cisco recently warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks.

Internet 141
article thumbnail

NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023

Security Boulevard

New and updated coverage for ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and others. The post NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023 appeared first on SafeBreach. The post NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023 appeared first on Se

More Trending

article thumbnail

Avast confirms it tagged Google app as malware on Android phones

Bleeping Computer

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. [.

Malware 133
article thumbnail

Critical Atlassian Confluence flaw can lead to significant data loss

Security Affairs

Atlassian warned of a critical security vulnerability, tracked as CVE-2023-22518, in the Confluence Data Center and Server. Atlassian is warning of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker. “As part of our continuous security assessment processes, we have discover

Hacking 138
article thumbnail

SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks

Dark Reading

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.

CISO 127
article thumbnail

Closing the gender gap: 7 ways to attract more women into cybersecurity

We Live Security

Global Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women's participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

IDIQ Executive Leadership Joins San Diego Cyber Center of Excellence Board of Directors

Identity IQ

IDIQ Executive Leadership Joins San Diego Cyber Center of Excellence Board of Directors IdentityIQ – C hief Marketing and Innovation Officer Michael Scheumack will represent the company on the CCOE Board, furthering the company’s mission to combat and educate businesses and consumers on identity theft , financial and cybersecurity threats – Temecula, CA, Oct. 31 , 2023 – IDIQ ®, a leader in financial and identity protection, today announced it has joined the board of the Cyber Center of Excelle

article thumbnail

FujiFilm printer credentials encryption issue fixed

Pen Test Partners

TL;DR Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials on them to allow users to upload scans and other files to FTP and SMB file servers.

article thumbnail

Canada Bans WeChat and Kaspersky Apps On Government Devices

The Hacker News

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said. "We regularly monitor potential threats and take immediate action to address risks.

article thumbnail

Spooky Cybersecurity – October NewsScam Special Edition

GlobalSign

This month we reveal the scary side of cybersecurity with record-breaking DDoS attacks, nationwide data leaks and more in our Halloween NewsScam.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

The Hacker News

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability.

117
117
article thumbnail

20 Years Later, Is Patch Tuesday Enough?

Dark Reading

Microsoft's longstanding practice isn't enough to handle its vulnerability problem.

111
111
article thumbnail

Trojanized PyCharm Software Version Delivered via Google Search Ads

The Hacker News

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads.

Software 116
article thumbnail

Microsoft releases Windows 11 23H2 as an enablement package

Bleeping Computer

Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update). [.

110
110
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

The Hacker News

The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets.

Spyware 115
article thumbnail

Extending Cybersecurity Awareness to IoT Devices

Security Boulevard

We’re at the end of Cybersecurity Awareness Month, which is a good time to reflect on where your organization needs to improve and extend it’s cybersecurity efforts. If you’re like most organizations the answer is IoT devices and applications; it’s the fastest growing attack surface for most organizations and on track to set a new […] The post Extending Cybersecurity Awareness to IoT Devices appeared first on Viakoo, Inc.

IoT 109
article thumbnail

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

The Hacker News

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution.

113
113
article thumbnail

India’s biggest data breach? Hacking gang claims to have stolen 815 million people’s personal information

Graham Cluley

The personal information of more than 815 million people in India has reportedly been leaked online. According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundreds of millions of Indian residents. Read more in my article on the Hot for Security blog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

The Hacker News

Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment.

Malware 112
article thumbnail

US Leads 40-Country Alliance to Cut Off Ransomware Payments

Dark Reading

The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.

article thumbnail

PentestPad: Platform for Pentest Teams

The Hacker News

In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy.

article thumbnail

Amy’s Cheat Sheet on the Best Sessions at IT Nation Connect 2023 North America

Security Boulevard

Are you ready for a fantastic journey into the world of technology, innovation, and networking? IT Nation Connect 2023 North America. The post Amy’s Cheat Sheet on the Best Sessions at IT Nation Connect 2023 North America appeared first on Seceon. The post Amy’s Cheat Sheet on the Best Sessions at IT Nation Connect 2023 North America appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Flipper Zero Bluetooth spam attacks ported to new Android app

Bleeping Computer

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [.

Mobile 103
article thumbnail

'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign

Dark Reading

Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.

102
102
article thumbnail

News alert: Ivanti reports reveals 49% of CXOs have requested bypassing security measures

The Last Watchdog

Salt Lake City, Utah, Oct. 31, 2023 — Ivanti , the tech company that elevates and secures Everywhere Work, today announced the results of its Executive Security Spotlight report as part of Ivanti’s Cybersecurity Status Report Series. Ivanti surveyed over 6,500 executive leaders, cybersecurity professionals and office workers to understand today’s threats and discover how organizations are preparing for yet-unknown future threats.

Passwords 100
article thumbnail

'Prolific Puma' Hacker Gives Cybercriminals Access to.us Domains

Dark Reading

Cybercriminals are upping their phishing with shortened links and showing that coveted, regulated top-level domains aren't as exclusive as you'd think.

Phishing 102
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.