Sat.Jul 13, 2024 - Fri.Jul 19, 2024

article thumbnail

Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious

Schneier on Security

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 324
article thumbnail

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Guarding Gold: Cybersecurity Challenges Ahead of the Paris Olympics

Lohrman on Security

Preparations for the Paris Summer Olympics have been going on for years. And given the expected global audience and international participation, cybersecurity is at the center of the action.

article thumbnail

CrowdStrike Outage Disrupts Microsoft Systems Worldwide

Tech Republic Security

Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.

201
201
article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Brett Solomon on Digital Rights

Schneier on Security

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. He’s written a blog post about what he’s learned and what comes next.

291
291
article thumbnail

How One Bad CrowdStrike Update Crashed the World’s Computers

WIRED Threat Level

A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Banking 145

More Trending

article thumbnail

CrowdStrike update crashes Windows systems, causes outages worldwide

Bleeping Computer

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [.

142
142
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

244
244
article thumbnail

PureVPN vs NordVPN (2024): Which VPN Should You Choose?

Tech Republic Security

While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.

VPN 152
article thumbnail

Global Outage Outrage: CrowdStrike Security Tool Blamed

Security Boulevard

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide. The post Global Outage Outrage: CrowdStrike Security Tool Blamed appeared first on Security Boulevard.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Facebook ads for Windows desktop themes push info-stealing malware

Bleeping Computer

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138
article thumbnail

Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released

Penetration Testing

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.

article thumbnail

Oracle’s Java Changes Lead APAC Enterprises to Explore Alternatives Such As Azul

Tech Republic Security

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

163
163
article thumbnail

What Happens When Scammers Get Their Hands on Artificial Intelligence?

Security Boulevard

AI-powered scams are becoming increasingly sophisticated, making distinguishing between legitimate and fraudulent communications harder. Learn about the different types of AI scams, their risks, and how to protect yourself from falling victim. The post What Happens When Scammers Get Their Hands on Artificial Intelligence? appeared first on Security Boulevard.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Disney “breached”, data dumped online

Malwarebytes

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 131
article thumbnail

Major Microsoft 365 outage caused by Azure configuration change

Bleeping Computer

Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [.

141
141
article thumbnail

How to Become an Expert at SELinux

Tech Republic Security

SELinux stands for Security-Enhanced Linux. It is a Linux kernel security model that provides a hardened set of access control security policies for the Linux operating system. SELinux tends to get a bad rap, because it often seems to go out of its way to prevent legitimate applications from working. This guide, created by Jack.

Software 143
article thumbnail

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)

Security Boulevard

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 130
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Trend Micro

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Internet 132
article thumbnail

Email addresses of 15 million Trello users leaked on hacking forum

Bleeping Computer

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [.

Hacking 141
article thumbnail

Avast SecureLine VPN vs NordVPN (2024): Which VPN Is Better?

Tech Republic Security

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 163
article thumbnail

Data Breaches Impact Growing Number of Victims, ITRC Finds

Security Boulevard

The number of data breach victims in the first half (H1) of 2024 has surged to 1,078,989,742, marking a 490% increase compared to the same period in 2023, which saw 182,645,409 victims. The post Data Breaches Impact Growing Number of Victims, ITRC Finds appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

HotPage: Story of a signed, vulnerable, ad-injecting driver

We Live Security

ESET Research uncovers a Chinese browser injector dubbed HotPage that poses as a security product blocking advertisements but actually introduces even more ads – all while leaving the door open for other threats to run code at the highest privilege level in Windows.

article thumbnail

Kaspersky is shutting down its business in the United States

Bleeping Computer

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [.

Antivirus 142
article thumbnail

Don't Fall for CrowdStrike Outage Scams

WIRED Threat Level

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.

Scams 124
article thumbnail

Why SMB Security Needs Efficient Device Management

Security Boulevard

SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard.

IoT 127
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ransomware groups target Veeam Backup & Replication bug

Security Affairs

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 130
article thumbnail

Critical Cisco bug lets hackers add root users on SEG devices

Bleeping Computer

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. [.

125
125
article thumbnail

NATO Announces New Integrated Cyber Defence Centre

eSecurity Planet

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. However, the warfare landscape has undergone a significant transformation in recent decades. The rise of cyberthreats has emerged as a major concern for NATO and its member states.

article thumbnail

Report Identifies More Than 250 Evil Twin Mobile Applications

Security Boulevard

The Satori Threat Intelligence Team funded by HUMAN Security, a provider of a platform thwarting bot-based attacks, today disclosed it has uncovered a massive ad fraud operation involving the setting up of “evil twins” of applications found in the Google Play Store. The post Report Identifies More Than 250 Evil Twin Mobile Applications appeared first on Security Boulevard.

Mobile 126
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.