Schneier on Security

MAY 13, 2024

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls. There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment.

Risk 275

Risk Internet Internet Technology 275

Krebs on Security

MAY 13, 2024

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “ LockBitSupp ” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev.

Ransomware 260

Ransomware Cybercrime Accountability Malware 260

Tech Republic Security

MAY 13, 2024

AI PCs could soon see organisations invest in whole fleets of new managed devices, but Absolute Security data shows they are failing to maintain endpoint protection and patching the devices they have.

Big data 179

Big data Artificial Intelligence Mobile Network Security 179

The Last Watchdog

MAY 13, 2024

Torrance, Calif., May 13, 2024, CyberNewsWire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users. Criminal IP underwent rigorous data evaluation to integrate with Quad9’s threat-blocking service, demonstrating high data uniqueness and accuracy.

DNS 130

DNS Cyber threats Engineering Spyware 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MAY 13, 2024

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.

138

138

Security Affairs

MAY 13, 2024

Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security updates to address multiple vulnerabilities in iPhones, iPads, macOS. The company also warns of a vulnerability patched in March that the company believes may have been exploited as a zero-day. The issue impacts older iPhone devices, it is tracked as CVE-2024-23296 and is a memory corruption flaw in the RTKit.

Hacking 140

Hacking Information Security 140

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign.

Phishing 132

Phishing Ransomware Security Awareness Authentication 132

Graham Cluley

MAY 13, 2024

A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private photos and videos from vulnerable "wallpad" cameras in 400,000 private households. Read more in my article on the Hot for Security blog.

Cybersecurity 124

Cybersecurity Data breaches 124

Security Boulevard

MAY 13, 2024

Just like enterprises, cybercriminals are embracing generative AI to shape their attacks, from creating more convincing phishing emails and spreading disinformation to model poisoning, prompt injections, and deepfakes. Now comes LLMjacking. Threat researchers with cybersecurity firm Sysdig recently detected bad actors using stolen credentials to target large language models (LLMs) – which are foundational to.

Phishing 124

Phishing Cybersecurity Mobile Network Security 124

Security Affairs

MAY 13, 2024

A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group. The group defaced the home pages of the targeted websites and posted the message “PERVOKLASSNIY RUSSIAN HACKERS ATTACK.” The following image shows an archived version of t

Media 141

Media Accountability Cyber Attacks Hacking 141

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

MAY 13, 2024

London, United Kingdom, May 13, 2024, CyberNewsWire — Logicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designed to deliver proactive advanced security for customers worldwide. Intelligent Security has been designed by Logicalis’ worldwide team of security specialists to give customers the most comprehensive observability a

Workplace Security 100

Workplace Security Technology Threat Detection IoT 100

Security Boulevard

MAY 13, 2024

During National Small Business Week in April, small businesses were urged to use the free. The post Four Simple Cybersecurity Tips for Small Businesses appeared first on Security Boulevard.

Small Business 119

Small Business Cybersecurity 119

The Hacker News

MAY 13, 2024

The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022.

Ransomware 121

Ransomware Cybersecurity 121

Duo's Security Blog

MAY 13, 2024

Duo has long been the most loved company in security. But here’s the thing: That’s despite MFA being the most grumbled-about part of many end-users’ day. While our customers love us for our ease of use, flexibility and focus on security, a lot of end users think of Duo the way they think of floss, bike helmets and low-sodium foods. Secure authentication isn’t fun, but you put up with it as part of your day because you know it’s keeping you safer.

Authentication 116

Authentication VPN Healthcare Risk 116

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

MAY 13, 2024

Amid a rising tide of adversary drones and missile attacks, laser weapons are finally poised to enter the battlefield.

143

143

The Hacker News

MAY 13, 2024

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.

Cyber threats 118

Cyber threats 118

Security Affairs

MAY 13, 2024

Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. Firstmac Limited is an Australian owned company with experience in home and investment loans. They have a range of market insurance products backed by international company, Allianz Group.

Data breaches 129

Data breaches Cyber Attacks Identity Theft Banking 129

The Hacker News

MAY 13, 2024

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution.

Risk 112

Risk IoT Cybersecurity 112

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

MAY 13, 2024

The negative press, coupled with YouTube horror stories, has cemented the Dark Web’s reputation for illicit behavior. Today, the Dark Web is believed to be a platform where cybercriminals sell drugs, weapons, malicious software and piles of consumer and sensitive corporate data. But is the Dark Web just filled with darkness? Maria Carrisa Sanchez, writing.

Software 96

Software 96

WIRED Threat Level

MAY 13, 2024

NYC mayor Eric Adams wants to test Evolv’s gun-detection tech in subway stations—despite the company saying it’s not designed for that environment. Emails obtained by WIRED show how the company still found an in.

106

106

Bleeping Computer

MAY 13, 2024

The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. [.

100

100

WIRED Threat Level

MAY 13, 2024

Tuesday’s verdict in the trial of Alexey Pertsev, a creator of crypto-privacy service Tornado Cash, is the first in a string of cases that could make it much harder to skirt financial surveillance.

Surveillance 104

Surveillance Cryptocurrency Hacking 104

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Tech Republic Security

MAY 13, 2024

The way software is developed has changed. DevSecOps is transforming the industry by incorporating security from the early stages and automating traditional processes to build better, faster and more secure software. Ray Fernandez, writing for TechRepublic Premium, presents this DevSecOps glossary to help you navigate the modern world of software development and enhance your understanding.

Software 88

Software 88

Security Boulevard

MAY 13, 2024

The post Votiro Named Market Leader in Data Security by the 2024 CDM Awards appeared first on Votiro. The post Votiro Named Market Leader in Data Security by the 2024 CDM Awards appeared first on Security Boulevard.

Marketing 98

Marketing 98

Malwarebytes

MAY 13, 2024

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware. Or hidden Apple AirTags. We’re talking about cars. Modern cars are the latest consumer “device” to undergo an internet-crazed overhaul, as manufacturers increasingly stuff their automobiles with the typ

Manufacturing 100

Manufacturing Mobile Wireless Internet 100

Google Security

MAY 13, 2024

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them. This will help mitigate the misuse of devices designed to help keep track of belongings.

Manufacturing 94

Manufacturing Engineering Internet Internet 94

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

MAY 13, 2024

The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. [.

Data breaches 94

Data breaches Education 94

The Hacker News

MAY 13, 2024

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems.

Architecture 97

Architecture Cyber Attacks Phishing Accountability 97

Bleeping Computer

MAY 13, 2024

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. [.

93

93

Penetration Testing

MAY 13, 2024

Cacti, a popular open-source network monitoring and graphing tool, has recently released a crucial security update to address two significant vulnerabilities that could leave systems exposed to malicious attacks. These vulnerabilities were found in... The post Critical Security Flaws in Cacti: Command Injection (CVE-2024-29895, CVSS 10) and XSS Vulnerabilities appeared first on Penetration Testing.

Penetration Testing 92

Penetration Testing 92

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government