Sat.Jun 03, 2023 - Fri.Jun 09, 2023

article thumbnail

Over 60,000 Android apps infected with adware-pushing malware

CSO Magazine

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139
article thumbnail

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

Firmware 334
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Snowden Ten Years Later

Schneier on Security

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

article thumbnail

La Cybersécurité Pour Les Nuls 2e Édition: Update To Best-Selling French “Cybersecurity For Dummies” Book Now Available

Joseph Steinberg

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available in French. Like its first edition counterparts published in several languages, and like the new English-language Second Edition released several months ago, the new French book, La Cybersécurité Pour Les Nuls 2e Édition , is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America

Tech Republic Security

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 180
article thumbnail

Service Rents Email Addresses for Account Signups

Krebs on Security

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.

More Trending

article thumbnail

Sextortionists are making AI nudes from your social media images

Bleeping Computer

The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks. [.

Media 144
article thumbnail

Firm study predicts big spends on generative AI

Tech Republic Security

A new study polling software buyers at businesses worldwide finds strong intention to increase budget, with special interest in AI. It also looks at how vendors can engage buyers. The post Firm study predicts big spends on generative AI appeared first on TechRepublic.

Software 179
article thumbnail

ChatGPT creates mutating malware that evades detection by EDR

CSO Magazine

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145
article thumbnail

Paragon Solutions Spyware: Graphite

Schneier on Security

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval: American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite.

Spyware 257
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chrome Extensions Warning — Millions of Users Infected

Security Boulevard

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145
article thumbnail

BBC, British Airways, Boots hit with hackers’ ultimatum after suffering MOVEit supply-chain attack

Tech Republic Security

Get the details about the ransomware group Clop's ultimatum to companies they recently hit with a supply-chain attack. Also, learn cybersecurity mitigation best practices for any organization. The post BBC, British Airways, Boots hit with hackers’ ultimatum after suffering MOVEit supply-chain attack appeared first on TechRepublic.

article thumbnail

PoC released for Windows Win32k bug exploited in attacks

Bleeping Computer

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [.

141
141
article thumbnail

Operation Triangulation: Zero-Click iPhone Malware

Schneier on Security

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Malware 231
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

US Aerospace Contractor Hacked With 'PowerDrop' Backdoor

Dark Reading

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 135
article thumbnail

Cisco LIVE 2023: AI and security platforms innovations take center stage 

Tech Republic Security

At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO. The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic.

article thumbnail

Microsoft OneDrive down worldwide following claims of DDoS attacks

Bleeping Computer

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [.

DDOS 139
article thumbnail

How Attorneys Are Harming Cybersecurity Incident Response

Schneier on Security

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

The Hacker News

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal.

Banking 139
article thumbnail

iOS 17 cheat sheet: Release date, supported devices and more

Tech Republic Security

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 158
article thumbnail

Barracuda says hacked ESG appliances must be replaced immediately

Bleeping Computer

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 134
article thumbnail

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

I love where I work, and between that and my general lack of fashion sense, I wear Duo t-shirts all the time. This means that, on a somewhat regular basis, I get unsolicited feedback from Duo users in grocery store check-out aisles, coffee shops, and on the sidewalk. Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Malware menaces Minecraft mods

Graham Cluley

If you, or your kids, are fans of Minecraft - you might be wise to not download any new mods of plugins for a while. Read more in my article on the Tripwire State of Security blog.

Malware 126
article thumbnail

New zero-click threat targets iPhones and iPads

Tech Republic Security

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Big data 156
article thumbnail

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges

Bleeping Computer

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 132
article thumbnail

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate

Identity IQ

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate IdentityIQ To buy a home , you need to apply for a mortgage. But before you do that, you should know how important your credit score is in the mortgage application process since it can significantly impact the mortgage rate you’ll be offered. In this blog, we break down the relationship between credit scores and mortgage rates to help you understand what to expect and how to prepare to buy a home.

Insurance 128
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Anonymous Sudan launched Cyber Attack on Microsoft Outlook

CyberSecurity Insiders

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’. Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

article thumbnail

Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth

Tech Republic Security

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.

DDOS 145
article thumbnail

Ukrainian hackers take down service provider for Russian banks

Bleeping Computer

A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. [.

Banking 140
article thumbnail

CISOs, IT lack confidence in executives’ cyber-defense knowledge

CSO Magazine

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.