Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 324

Internet Internet DDOS Cybercrime 324

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 252

Accountability Cryptocurrency Passwords DNS 252

Lohrman on Security

JULY 14, 2024

Preparations for the Paris Summer Olympics have been going on for years. And given the expected global audience and international participation, cybersecurity is at the center of the action.

Cybersecurity 241

Cybersecurity 241

Tech Republic Security

JULY 19, 2024

Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.

197

197

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JULY 19, 2024

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. He’s written a blog post about what he’s learned and what comes next.

291

291

WIRED Threat Level

JULY 19, 2024

A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Banking 145

Banking 145

Tech Republic Security

JULY 16, 2024

While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.

VPN 144

VPN 144

Schneier on Security

JULY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

244

244

Bleeping Computer

JULY 19, 2024

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [.

142

142

Trend Micro

JULY 14, 2024

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Internet 144

Internet Internet 144

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Tech Republic Security

JULY 14, 2024

SELinux stands for Security-Enhanced Linux. It is a Linux kernel security model that provides a hardened set of access control security policies for the Linux operating system. SELinux tends to get a bad rap, because it often seems to go out of its way to prevent legitimate applications from working. This guide, created by Jack.

Software 133

Software 133

Security Boulevard

JULY 19, 2024

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide. The post Global Outage Outrage: CrowdStrike Security Tool Blamed appeared first on Security Boulevard.

Digital transformation 135

Digital transformation Software Risk Government 135

Bleeping Computer

JULY 15, 2024

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138

Malware Advertising Passwords 138

Penetration Testing

JULY 16, 2024

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.

Cybersecurity 136

Cybersecurity 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 17, 2024

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

154

154

Security Boulevard

JULY 15, 2024

AI-powered scams are becoming increasingly sophisticated, making distinguishing between legitimate and fraudulent communications harder. Learn about the different types of AI scams, their risks, and how to protect yourself from falling victim. The post What Happens When Scammers Get Their Hands on Artificial Intelligence? appeared first on Security Boulevard.

Artificial Intelligence 131

Artificial Intelligence Scams Risk 131

The Hacker News

JULY 19, 2024

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group.

Media 130

Media Technology Hacking 130

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 133

Backups Ransomware Antivirus DNS 133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 17, 2024

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 157

VPN 157

Security Boulevard

JULY 16, 2024

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 130

Hacking Cryptocurrency Phishing Social Engineering 130

The Hacker News

JULY 14, 2024

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis.

Ransomware 131

Ransomware Cybersecurity 131

Bleeping Computer

JULY 19, 2024

Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [.

141

141

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JULY 18, 2024

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the essential infrastructure and tools for constructing, managing, and deploying predictive AI workfl

Hacking 132

Hacking Risk Cybersecurity Cybercrime 132

Security Boulevard

JULY 18, 2024

The number of data breach victims in the first half (H1) of 2024 has surged to 1,078,989,742, marking a 490% increase compared to the same period in 2023, which saw 182,645,409 victims. The post Data Breaches Impact Growing Number of Victims, ITRC Finds appeared first on Security Boulevard.

Data breaches 128

Data breaches Social Engineering Engineering Security Awareness 128

Malwarebytes

JULY 15, 2024

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 128

Risk Cybersecurity 128

Bleeping Computer

JULY 16, 2024

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [.

Hacking 141

Hacking Accountability 141

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password.

Passwords 131

Passwords Software Authentication Hacking 131

The Hacker News

JULY 18, 2024

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement.

Cryptocurrency 128

Cryptocurrency Cyber Attacks 128

Security Boulevard

JULY 16, 2024

SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard.

IoT 127

IoT Security Awareness Mobile Cybersecurity 127

Bleeping Computer

JULY 15, 2024

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [.

Antivirus 142

Antivirus Software Cybersecurity 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity