October, 2024

article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

article thumbnail

Cybersecurity Priority Recommendations for the Next President

Lohrman on Security

A new report from Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security provides recommendations for the incoming presidential administration. Here are some report highlights.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Can Security Experts Leverage Generative AI Without Prompt Engineering Skills?

Tech Republic Security

A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.

article thumbnail

What Is Inside Microsoft’s Major Windows 11 Update?

Tech Republic Security

Version 24H2 adds the sudo command and alerts users when an application accesses their physical location. Microsoft polished other security features, too.

Software 190
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns

Tech Republic Security

Check Point documented 5,000 spam emails coming from legitimate-looking domains as fake Microsoft application alerts. Real links complete the trap.

Phishing 199
article thumbnail

22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published

Penetration Testing

A new critical vulnerability has been discovered in CyberPanel, a popular open-source web hosting control panel, by security researcher DreyAnd. The flaw, a zero-click pre-authentication root remote code execution (RCE),... The post 22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published appeared first on Cybersecurity News.

More Trending

article thumbnail

The end of the i386 kernel and images

Kali Linux

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Images and releases will no longer be created for this platform. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. These terms apply more generally to any Debian-based Linux distribution. amd64 refers to the x86-64 architecture, ie. the 64-bit version of the x86 instructi

article thumbnail

The Crypto Game of Lazarus APT: Investors vs. Zero-days

SecureList

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in 50+ unique campaigns targeting governments, diplomatic entities, financial institutions, mili

article thumbnail

The Shitposting Cartoon Dogs Sending Trucks, Drones, and Weapons to Ukraine’s Front Lines

WIRED Threat Level

The North Atlantic Fella Organization, which started as a way to fight Kremlin propaganda, has raised millions of dollars to send vital equipment directly to soldiers fighting Russia.

143
143
article thumbnail

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

Tech Republic Security

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8)

Penetration Testing

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.

Risk 140
article thumbnail

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

Schneier on Security

The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion.

article thumbnail

Firefox Zero-Day Under Attack: Update Your Browser Immediately

The Hacker News

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.

144
144
article thumbnail

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 138
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

WIRED Threat Level

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

article thumbnail

Deloitte: Why Only a Quarter of Cybersecurity Professionals are Women

Tech Republic Security

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

article thumbnail

Researcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware vCenter

Penetration Testing

The SonicWall Capture Labs Threat Research Team has published an in-depth analysis of CVE-2024-38812, a critical heap-overflow vulnerability found in VMware vCenter Server. This vulnerability affects VMware vCenter Server version... The post Researcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware vCenter appeared first on Cybersecurity News.

article thumbnail

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

100 MILLION Americans in UnitedHealth PII Breach

Security Boulevard

Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten. The post 100 MILLION Americans in UnitedHealth PII Breach appeared first on Security Boulevard.

article thumbnail

Pinterest tracks users without consent, alleges complaint

Malwarebytes

Pinterest has received a complaint from privacy watchdog noyb (None of your business) over the unsolicited tracking of its users. Pinterest allows you to pin images to virtual pinboards; useful for interior design, recipe ideas, party inspiration, and much more. It started as a virtual replacement for paper catalogs to share recipes, but has since grown into a visual search and e-commerce platform.

article thumbnail

How ChatGPT scanned 170k lines of code in seconds, saving me hours of work

Zero Day

Have a question that requires a lot of text or numerical analysis? Consider running it by ChatGPT or another popular model -- the answer might surprise you.

142
142
article thumbnail

20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data

Tech Republic Security

On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat

Penetration Testing

Security researcher Angelboy (@scwuaptx) with DEVCORE has identified a privilege escalation vulnerability in Microsoft’s Kernel Streaming service. The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.

article thumbnail

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

139
139
article thumbnail

Small Businesses Boosting Cybersecurity as Threats Grow: ITRC

Security Boulevard

A report by the Identity Theft Resource Center found that while the number of small businesses hit by a cyberattack and the amount of losses continues to grow, companies are adopting stronger security best practices and investing more in security and compliance tools. The post Small Businesses Boosting Cybersecurity as Threats Grow: ITRC appeared first on Security Boulevard.

article thumbnail

“Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them

Malwarebytes

Millions of people are turning normal pictures into nude images, and it can be done in minutes. Journalists at Wired found at least 50 “nudify” bots on Telegram that claim to create explicit photos or videos of people with only a couple of clicks. Combined, these bots have millions of monthly users. Although there is no sure way to find out how many unique users that are, it’s appalling, and highly likely there are much more than those they found.

Media 137
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

The Hacker News

The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry.

article thumbnail

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

Tech Republic Security

It only takes five days on average for attackers to exploit a vulnerability, according to a new report by cybersecurity company Mandiant.

article thumbnail

JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data

Penetration Testing

The Japan Aerospace Exploration Agency (JAXA) has become the target of a series of sophisticated cyberattacks, resulting in the hijacking of accounts belonging to high-ranking officials, including President Hiroshi Yamakawa... The post JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data appeared first on Cybersecurity News.

article thumbnail

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

Hacking 131
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!