Krebs on Security

AUGUST 19, 2024

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 353

Passwords Data breaches Accountability Data privacy 353

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289

Phishing Internet Internet 289

Troy Hunt

AUGUST 23, 2024

It should be so simple: you're a customer who wants to purchase something so you whip out the credit card and buy it. I must have done this thousands of times, and it's easy! I've bought stuff with plastic credit cards, stuff with Apple Pay on my phone and watch and, like all of us, loads of stuff simply by entering credit card details into a website.

Banking 278

Banking Accountability Data breaches 278

Schneier on Security

AUGUST 21, 2024

Rolling Stone has a long investigative story (non-paywalled version here ) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.

261

261

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.

DNS 294

DNS Internet Internet Authentication 294

The Last Watchdog

AUGUST 20, 2024

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.

Cybersecurity 182

Cybersecurity Cyber threats Unstructured Data Data privacy 182

Schneier on Security

AUGUST 19, 2024

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week.

Ransomware 260

Ransomware Accountability 260

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 199

Social Engineering Malware Engineering Banking 199

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Software 173

Software Internet Internet Technology 173

Lohrman on Security

AUGUST 18, 2024

Virginia Tech CISO Randy Marchany discusses his career, SANS training and all things cybersecurity at a major university in 2024.

CISO 197

CISO Cybersecurity 197

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

AUGUST 20, 2024

This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.

Wireless 254

Wireless Hacking Internet Internet 254

Tech Republic Security

AUGUST 21, 2024

A new survey found that 78% of tech leaders are worried about SaaS security threats — and their concerns could worsen as more SaaS apps find their way into the enterprise.

168

168

Penetration Testing

AUGUST 19, 2024

Researchers have published the technical details and proof-of-concept (PoC) exploit code for two critical zero-day vulnerabilities in Windows, tracked as CVE-2024-38202 and CVE-2024-21302. These vulnerabilities, revealed at Black Hat 2024... The post PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

We Live Security

AUGUST 20, 2024

ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.

Phishing 142

Phishing 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

AUGUST 23, 2024

This site will let you take a selfie with a New York City traffic surveillance camera.

Surveillance 281

Surveillance 281

Tech Republic Security

AUGUST 22, 2024

Australia is building a digital ID and information verification system called Trust Exchange, or TEx, that will see the Government verifying customer details for businesses via a smartphone app.

Government 164

Government 164

Penetration Testing

AUGUST 18, 2024

Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless gear-shifting tools used by professional cyclists. This flaw could allow hackers to... The post Shimano Di2 Wireless Protocol: Critical Vulnerabilities Uncovered appeared first on Cybersecurity News.

Wireless 145

Wireless Cybersecurity 145

Security Boulevard

AUGUST 22, 2024

There are significant gaps in cyber resilience, despite growing confidence in organizational strategies, according to a Cohesity survey of 3,100 IT and security decision-makers across eight countries. The post Cyber Resilience Lacking, Organizations Overconfident appeared first on Security Boulevard.

Security Awareness 137

Security Awareness Cybersecurity 137

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

AUGUST 22, 2024

This is a fantastic project mapping the global surveillance industry.

Surveillance 262

Surveillance 262

Tech Republic Security

AUGUST 20, 2024

Perforce reveals that companies are struggling with increased sensitive data in non-production environments, leading to higher breach risks and compliance challenges.

Risk 167

Risk Artificial Intelligence Data breaches Ransomware 167

Penetration Testing

AUGUST 20, 2024

A critical security vulnerability, identified as CVE-2024-7272, has been uncovered in FFmpeg, the world’s leading multimedia framework renowned for its ability to decode, encode, and stream nearly any format imaginable.... The post CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published appeared first on Cybersecurity News.

Cybersecurity 144

Cybersecurity 144

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update screen to conceal data exfiltrating.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

AUGUST 22, 2024

Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

Malware 138

Malware Mobile 138

Tech Republic Security

AUGUST 22, 2024

Australia is rapidly embracing renewable energy. But for the nation to successfully leverage renewable energy, it is imperative to establish strong IT foundations.

Artificial Intelligence 165

Artificial Intelligence Technology 165

Penetration Testing

AUGUST 17, 2024

A critical vulnerability, tracked as CVE-2024-6500 (CVSS 10), has been uncovered in two popular WordPress plugins, InPost PL and InPost for WooCommerce, leaving over 10,000 websites susceptible to complete takeover.... The post 10,000+ WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost Plugins appeared first on Cybersecurity News.

Risk 145

Risk Cybersecurity 145

Security Affairs

AUGUST 19, 2024

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Cryptocurrency 138

Cryptocurrency Marketing Malware Engineering 138

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

AUGUST 23, 2024

Some scammers have the morals of an alley cat. But some sink even lower. Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details. These scammers are becoming more active and new cybercriminals are picking up the method as well, which is something we see very often.

Scams 135

Scams Phishing Risk 135

Tech Republic Security

AUGUST 20, 2024

ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.

Ransomware 181

Ransomware 181

Penetration Testing

AUGUST 22, 2024

Security researcher ‘Frost’ has released proof-of-concept exploit code for the CVE-2024-38054 vulnerability, escalating concerns over a recently patched Windows security flaw. This high-severity vulnerability in the Kernel Streaming WOW Thunk... The post Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk appeared first on Cybersecurity News.

Cybersecurity 143

Cybersecurity 143

Security Boulevard

AUGUST 23, 2024

Oink, oink, FAIL—you’re in jail: Kansas bank chief exec Shan Hanes stole money from investors, a church and others to buy cryptocurrency to feed a scam. The post Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail appeared first on Security Boulevard.

Banking 133

Banking Scams Cryptocurrency Digital transformation 133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity