Schneier on Security

AUGUST 29, 2024

The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia

Engineering 291

Engineering Internet Internet 291

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Internet 278

Internet Internet Technology Engineering 278

Troy Hunt

AUGUST 29, 2024

It was 2019 that I was last in North America, spending time in San Francisco, Los Angeles, Vegas, Denver, Minnesota, New York and Seattle. The year before, it was Montreal and Vancouver and since then, well, things got a bit weird for a while. It's a shame it's been this long because North America is such an important part of the world for so many of the things we (including Charlotte in this too) do; it's the lion's share of the audience for my content, the companies whose s

Government 256

Government Cybersecurity 256

Lohrman on Security

AUGUST 25, 2024

The FBI launched a new nationwide campaign this past week to raise awareness of the surge in online fraud and scams impacting the public and to encourage reporting to law enforcement.

Scams 238

Scams 238

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

AUGUST 26, 2024

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted.

Data privacy 262

Data privacy 262

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.

Phishing 250

Phishing Scams Mobile Advertising 250

Tech Republic Security

AUGUST 27, 2024

The number of organisations that experienced a SaaS data breach in the last 12 months is 5% higher than the previous year according to AppOmni.

Data breaches 190

Data breaches CISO 190

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance 264

Surveillance 264

Penetration Testing

AUGUST 28, 2024

A critical vulnerability (CVE-2024-43425) has been identified in Moodle, a widely-used Learning Management System. This flaw could enable attackers to execute malicious code on affected servers, potentially compromising sensitive student... The post CVE-2024-43425: Moodle Remote Code Execution Vulnerability, PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

AUGUST 24, 2024

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation.

138

138

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Tech Republic Security

AUGUST 26, 2024

While CyberGhost VPN’s optimized servers bring a lot of value, NordVPN’s more consistent speed performance and extensive feature inclusions give it the slight edge.

VPN 139

VPN 139

Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 273

Encryption 273

Penetration Testing

AUGUST 26, 2024

In a significant development for cybersecurity professionals, security researcher Ynwarcs has published an in-depth analysis and proof-of-concept (PoC) exploit code for a critical zero-click CVE-2024-38063 vulnerability in Windows TCP/IP. This... The post Zero-Click Windows RCE Threat: Researcher Publishes PoC Exploit for CVE-2024-38063 appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Security Boulevard

AUGUST 28, 2024

Security specialist Fortinet announced the debut of Sovereign SASE and the integration of Generative AI (GenAI) technology into its Unified SASE offering. The post Fortinet Debuts Sovereign SASE, Updates Unified SASE With FortiAI appeared first on Security Boulevard.

Technology 129

Technology Cybersecurity 129

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 29, 2024

While Proton VPN’s strong focus on privacy is enticing, NordVPN’s fast-performing and all-around VPN service is the better overall package between the two.

VPN 134

VPN 134

We Live Security

AUGUST 28, 2024

ESET research uncovers a vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by South Korea-aligned cyberespionage group APT-C-60 to target East Asian countries. Analysis of the vendor’s silently released patch led to the discovery of another vulnerability CVE-2024-7263).

127

127

Penetration Testing

AUGUST 26, 2024

A severe security flaw (CVE-2024-6386, CVSS 9.9) has been discovered in the widely-used WPML plugin for WordPress, potentially exposing over one million websites to the risk of complete takeover. The... The post CVE-2024-6386 (CVSS 9.9) in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks appeared first on Cybersecurity News.

Risk 143

Risk Cybersecurity 143

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts pointed out that the persistence method employed by this malware is currently undocumented by MITRE ATT&CK.

Malware 128

Malware Hacking Ransomware Cybercrime 128

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 29, 2024

Norton 360 Standard offers award-winning protection for your digital life — malware defense, cloud backup, and a VPN — for just $17.99 for a 15-month plan.

Backups 124

Backups VPN Malware Password Management 124

Malwarebytes

AUGUST 27, 2024

In April 2024, the FBI warned about a new type of smishing scam. Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees. The scammers send a text claiming that the recipient owes money for unpaid tolls. Redacted example of toll smishing text “PA Turnpike Toll Services: We’ve noticed an outstanding toll amount of $12.51 on your record.

Scams 128

Scams Identity Theft Mobile Phishing 128

Penetration Testing

AUGUST 29, 2024

A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a near-perfect CVSS score... The post CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE appeared first on Cybersecurity News.

Cybersecurity 134

Cybersecurity 134

The Hacker News

AUGUST 26, 2024

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.

Engineering 129

Engineering 129

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

AUGUST 30, 2024

A report by Radware finds that DDoS attacks are increasing not only in number and volume, some lasting as long as 100 hours over six days. The post Radware Report Surfaces Increasing Waves of DDoS Attacks appeared first on Security Boulevard.

DDOS 121

DDOS Security Awareness Cybersecurity 121

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527 (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote attackers to execute arbitrary code on vulnerable Confluence installs.

Cryptocurrency 119

Cryptocurrency Risk Hacking Cybercrime 119

Penetration Testing

AUGUST 26, 2024

Centreon, a widely-used open-source monitoring solution, has issued a critical security bulletin addressing multiple SQL injection vulnerabilities in its Centreon Web interface. These vulnerabilities, identified as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854,... The post Centreon Issues Critical Security Update: SQL Injection Vulnerabilities Threaten IT Monitoring appeared first on Cybersecurity News.

Cybersecurity 116

Cybersecurity 116

The Hacker News

AUGUST 25, 2024

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia.

Malware 125

Malware Banking Cybersecurity 125

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 28, 2024

Xi whiz: Versa Networks criticized for swerving the blame. The post China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target appeared first on Security Boulevard.

Cyber Attacks 126

Cyber Attacks Data privacy Technology Security Awareness 126

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ). using exploits previously used by surveillance software vendors NSO Group and Intellexa.

Surveillance 116

Surveillance Government Encryption Hacking 116

Penetration Testing

AUGUST 29, 2024

The QiAnXin Threat Intelligence Center has disclosed the technical details of a sophisticated cyber espionage campaign dubbed “Operation DevilTiger,” orchestrated by the elusive APT-Q-12 group, also known as “Pseudo Hunter.”... The post Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled appeared first on Cybersecurity News.

Cybersecurity 112

Cybersecurity 112

The Hacker News

AUGUST 29, 2024

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.

Phishing 118

Phishing 118

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity