Schneier on Security

JULY 15, 2024

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each sci

Hacking 331

Hacking 331

Krebs on Security

JULY 19, 2024

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis.

Artificial Intelligence 312

Artificial Intelligence Media Software Cybersecurity 312

Lohrman on Security

JULY 14, 2024

Preparations for the Paris Summer Olympics have been going on for years. And given the expected global audience and international participation, cybersecurity is at the center of the action.

Cybersecurity 231

Cybersecurity 231

Tech Republic Security

JULY 19, 2024

Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.

198

198

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 295

Internet Internet DDOS Cybercrime 295

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 280

Accountability Cryptocurrency Passwords DNS 280

Tech Republic Security

JULY 14, 2024

Phishing attacks are one of the most common types of data breach attempts, with 31,000 phishing attacks launching every single day, according to cybersecurity firm SlashNext. Furthermore, 77% of cybersecurity professionals report being targeted by phishing attacks, proving just how widespread these attacks are. The rise of ChatGPT and similar generative AI tools has made.

Phishing 140

Phishing Data breaches Cybersecurity 140

Schneier on Security

JULY 18, 2024

This is pretty horrific : …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—­both in their seventies—­and forcing them to transfer

Cryptocurrency 267

Cryptocurrency Banking 267

The Hacker News

JULY 19, 2024

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted.

Cybersecurity 143

Cybersecurity 143

Bleeping Computer

JULY 19, 2024

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [.

142

142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JULY 16, 2024

While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.

VPN 139

VPN 139

Schneier on Security

JULY 19, 2024

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. He’s written a blog post about what he’s learned and what comes next.

257

257

Trend Micro

JULY 18, 2024

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransomware 137

Ransomware 137

Security Boulevard

JULY 19, 2024

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide. The post Global Outage Outrage: CrowdStrike Security Tool Blamed appeared first on Security Boulevard.

Digital transformation 136

Digital transformation Software Risk Government 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 17, 2024

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

152

152

Schneier on Security

JULY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

214

214

Bleeping Computer

JULY 15, 2024

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138

Malware Advertising Passwords 138

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass security solutions.

Advertising 141

Advertising Cybercrime Hacking Ransomware 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 14, 2024

SELinux stands for Security-Enhanced Linux. It is a Linux kernel security model that provides a hardened set of access control security policies for the Linux operating system. SELinux tends to get a bad rap, because it often seems to go out of its way to prevent legitimate applications from working. This guide, created by Jack.

Software 128

Software 128

Malwarebytes

JULY 15, 2024

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 135

Risk Cybersecurity 135

Penetration Testing

JULY 16, 2024

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.

Cybersecurity 138

Cybersecurity 138

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 140

Backups Ransomware Antivirus DNS 140

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Trend Micro

JULY 18, 2024

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

Risk 129

Risk 129

Security Boulevard

JULY 15, 2024

AI-powered scams are becoming increasingly sophisticated, making distinguishing between legitimate and fraudulent communications harder. Learn about the different types of AI scams, their risks, and how to protect yourself from falling victim. The post What Happens When Scammers Get Their Hands on Artificial Intelligence? appeared first on Security Boulevard.

Artificial Intelligence 132

Artificial Intelligence Scams Risk 132

The Hacker News

JULY 19, 2024

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group.

Media 130

Media Technology Hacking 130

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password.

Passwords 139

Passwords Software Authentication Hacking 139

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JULY 17, 2024

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 155

VPN 155

Security Boulevard

JULY 16, 2024

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 131

Hacking Cryptocurrency Phishing Social Engineering 131

We Live Security

JULY 18, 2024

ESET Research uncovers a Chinese browser injector dubbed HotPage that poses as a security product blocking advertisements but actually introduces even more ads – all while leaving the door open for other threats to run code at the highest privilege level in Windows.

Advertising 129

Advertising 129

Security Affairs

JULY 18, 2024

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the essential infrastructure and tools for constructing, managing, and deploying predictive AI workfl

Hacking 141

Hacking Risk Cybersecurity Cybercrime 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity