Sat.Dec 14, 2024 - Fri.Dec 20, 2024

article thumbnail

Unwrapping Cybersecurity: A Festive “Die Hard” Guide

Javvad Malik

It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than Bruce Willis can say, Yippee ki yay. In the festive spirit of Die Hard,” lets see how we can make our holidays less like Nakatomi Plaza and a bit more secure. Jingle Bells, Phishing Smells, Educate All the Way Phishing does not take a holiday.

article thumbnail

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

The Hacker News

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.

Wireless 114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Short-Lived Certificates Coming to Let’s Encrypt

Schneier on Security

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

article thumbnail

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Hacking 149
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hacking Digital License Plates

Schneier on Security

Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware 190
article thumbnail

Weekly Update 430

Troy Hunt

I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowing and there's not a supercar in sight. Back on business, this week I'm talking about the challenge of loading breaches and managing costs. A breach load immediately takes us from a very high percentage cache hit ratio on Cloudflare to zero.

More Trending

article thumbnail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

article thumbnail

New Advances in the Understanding of Prime Numbers

Schneier on Security

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.

193
193
article thumbnail

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Penetration Testing

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 120
article thumbnail

LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Part four of our four-part series From cybersecurity skills shortages to the pressures of hybrid work, the challenges facing organizations are at an all-time high. Experts here explore the importance of fostering a resilient workforce, backed by AI-enhanced training and layered security strategies.

Risk 130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Top 25 Security Predictions for 2025 (Part 1)

Lohrman on Security

As we end the first quarter of the 21st century, cybersecurity threats seem more daunting than ever. So what cyber trends, forecasts, themes, insights and predictions are on offer for the new year? Heres your annual security industry prediction roundup for 2025.

article thumbnail

Mailbox Insecurity

Schneier on Security

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.

176
176
article thumbnail

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi.

Spyware 105
article thumbnail

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

Today, part three of Last Watchdog s year-end roundtable zeroes in on the regulatory and compliance landscape. Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. From the push for quantum-resilient cryptography to Software Bill of Material (SBOM ) requirements aimed at bolstering supply chain security, this installment examines the regulatory

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How Data Classification Reduces Insider Threats 

Security Boulevard

Companies can significantly reduce insider threat risks with a suitable data classification strategy that adequately manages and protects sensitive information. The post How Data Classification Reduces Insider Threats appeared first on Security Boulevard.

Risk 107
article thumbnail

Upcoming Speaking Events

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom.

article thumbnail

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

The Hacker News

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.

Malware 134
article thumbnail

TP-Link faces US national security probe, potential ban on devices

Malwarebytes

The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company’s devices in the United States. The investigation comes amid heightened tension between the US and the Chinese government, and after a public letter from members of the US House of Representatives this summer that alleged that TP-Link was engaged in predatory pricing practices, driven by ulterior motives, and possibly sponsored by Ch

Marketing 107
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Blackhat and BSides to Wind Down the Year

Javvad Malik

The days are shorter, the heating is turned on more frequently, and the final big conference week of the year for me ends with Blackhat Europe and BSides London. Blackhat was held at the ExCeL and featured all the usual suspects. I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing.

article thumbnail

Intel Officials Warned Police That US Cities Aren’t Ready for Hostile Drones

WIRED Threat Level

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

121
121
article thumbnail

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

The Hacker News

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.

article thumbnail

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated attacker to read sensitive files.” reads the advisory published by the vendor.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ransomware to Cause ‘Bumpy’ Security Ride in 2025

Tech Republic Security

Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.

article thumbnail

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets

WIRED Threat Level

Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.

article thumbnail

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

The Hacker News

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

article thumbnail

SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip 

Security Boulevard

The global Secure Access Service Edge (SASE) market reached $2.4 billion in the third quarter of 2024, with six leading vendors Zscaler, Cisco, Palo Alto Networks, Broadcom, Fortinet and Netskope capturing a combined 72% market share. The post SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip appeared first on Security Boulevard.

Marketing 105
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Want to save your old computer? Try these 6 Linux distros

Zero Day

Here's how to save money, reduce e-waste, and extend the life of your old hardware at the same time.

98
article thumbnail

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

WIRED Threat Level

A free VPN app called Big Mama is selling access to peoples home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

VPN 96
article thumbnail

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

The Hacker News

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.

Malware 120
article thumbnail

Ground Rule of Cyber Hygiene: Keep Your Password Policy Up to Date

Security Boulevard

Since the earliest incidents of computer break-ins, experts have maintained that making the internet a safe place is going to be an uphill battle. Their reasons, while largely technical, also encompass human complacency. Research shows that most organizations and users fail to follow the simple practices that make computing safe. In 2024, organizations reported a.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.