Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 324

Internet Internet DDOS Cybercrime 324

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 256

Accountability Cryptocurrency Passwords DNS 256

Lohrman on Security

JULY 14, 2024

Preparations for the Paris Summer Olympics have been going on for years. And given the expected global audience and international participation, cybersecurity is at the center of the action.

Cybersecurity 236

Cybersecurity 236

Tech Republic Security

JULY 19, 2024

Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.

201

201

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JULY 19, 2024

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. He’s written a blog post about what he’s learned and what comes next.

291

291

WIRED Threat Level

JULY 19, 2024

A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Banking 145

Banking 145

Bleeping Computer

JULY 19, 2024

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [.

142

142

Schneier on Security

JULY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom. I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024. The list is maintained on this page.

244

244

Tech Republic Security

JULY 16, 2024

While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.

VPN 152

VPN 152

Security Boulevard

JULY 19, 2024

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide. The post Global Outage Outrage: CrowdStrike Security Tool Blamed appeared first on Security Boulevard.

Digital transformation 135

Digital transformation Software Risk Government 135

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Bleeping Computer

JULY 15, 2024

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [.

Malware 138

Malware Advertising Passwords 138

Penetration Testing

JULY 16, 2024

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.

Cybersecurity 137

Cybersecurity 137

Tech Republic Security

JULY 17, 2024

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

163

163

Security Boulevard

JULY 15, 2024

AI-powered scams are becoming increasingly sophisticated, making distinguishing between legitimate and fraudulent communications harder. Learn about the different types of AI scams, their risks, and how to protect yourself from falling victim. The post What Happens When Scammers Get Their Hands on Artificial Intelligence? appeared first on Security Boulevard.

Artificial Intelligence 131

Artificial Intelligence Scams Risk 131

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

JULY 15, 2024

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.

Risk 131

Risk Cybersecurity 131

Bleeping Computer

JULY 19, 2024

Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [.

141

141

Tech Republic Security

JULY 14, 2024

SELinux stands for Security-Enhanced Linux. It is a Linux kernel security model that provides a hardened set of access control security policies for the Linux operating system. SELinux tends to get a bad rap, because it often seems to go out of its way to prevent legitimate applications from working. This guide, created by Jack.

Software 143

Software 143

Security Boulevard

JULY 16, 2024

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 130

Hacking Cryptocurrency Phishing Social Engineering 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Trend Micro

JULY 14, 2024

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Internet 132

Internet Internet 132

Bleeping Computer

JULY 16, 2024

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [.

Hacking 141

Hacking Accountability 141

Tech Republic Security

JULY 17, 2024

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

VPN 163

VPN 163

Security Boulevard

JULY 18, 2024

The number of data breach victims in the first half (H1) of 2024 has surged to 1,078,989,742, marking a 490% increase compared to the same period in 2023, which saw 182,645,409 victims. The post Data Breaches Impact Growing Number of Victims, ITRC Finds appeared first on Security Boulevard.

Data breaches 128

Data breaches Social Engineering Engineering Security Awareness 128

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

We Live Security

JULY 18, 2024

ESET Research uncovers a Chinese browser injector dubbed HotPage that poses as a security product blocking advertisements but actually introduces even more ads – all while leaving the door open for other threats to run code at the highest privilege level in Windows.

Advertising 127

Advertising 127

Bleeping Computer

JULY 15, 2024

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [.

Antivirus 142

Antivirus Software Cybersecurity 142

WIRED Threat Level

JULY 19, 2024

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.

Scams 124

Scams Software Hacking 124

Security Boulevard

JULY 16, 2024

SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard.

IoT 127

IoT Security Awareness Mobile Cybersecurity 127

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) impacts the Veeam Backup & Replication component. An attacker can exploit the issue to obtain encrypted credentials stored in the configuration database, potentially leading to gaining access to the backup infrastructure hosts.

Backups 130

Backups Ransomware Antivirus DNS 130

Bleeping Computer

JULY 18, 2024

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. [.

125

125

eSecurity Planet

JULY 17, 2024

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. However, the warfare landscape has undergone a significant transformation in recent decades. The rise of cyberthreats has emerged as a major concern for NATO and its member states.

Cybersecurity 120

Cybersecurity Technology Security Defenses Software 120

Security Boulevard

JULY 16, 2024

The Satori Threat Intelligence Team funded by HUMAN Security, a provider of a platform thwarting bot-based attacks, today disclosed it has uncovered a massive ad fraud operation involving the setting up of “evil twins” of applications found in the Google Play Store. The post Report Identifies More Than 250 Evil Twin Mobile Applications appeared first on Security Boulevard.

Mobile 126

Mobile Security Awareness Software Malware 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity