Tech Republic Security

DECEMBER 2, 2024

TechRepublic asked cyber experts to predict the top trends that will impact the security field in 2025.

Artificial Intelligence 191

Artificial Intelligence Data breaches Cybersecurity 191

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering 189

Social Engineering Engineering Phishing Cybersecurity 189

Schneier on Security

DECEMBER 2, 2024

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details , discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Engineering 276

Engineering 276

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Cybercrime 256

Cybercrime Phishing Accountability Internet 256

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

DECEMBER 3, 2024

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.

Antivirus 131

Antivirus Phishing Software Cybersecurity 131

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. These are some of the most important cybersecurity professionals out there, and many of them are being worked to exhaustion.

Artificial Intelligence 135

Artificial Intelligence Cybersecurity Data collection Risk 135

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Cybercrime 196

Cybercrime Ransomware Cryptocurrency Government 196

Tech Republic Security

DECEMBER 6, 2024

A new report by security vendor CyberArk shows that most Australian employees fail to adhere to safe cybersecurity practices.

Risk 153

Risk Cybersecurity Artificial Intelligence Passwords 153

The Last Watchdog

DECEMBER 3, 2024

Tel Aviv, Israel, Dec. 3, 2024, CyberNewswire — With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time.

CISO 130

CISO Threat Detection Media Technology 130

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform.

Ransomware 123

Ransomware Telecommunications Healthcare Insurance 123

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Lohrman on Security

DECEMBER 1, 2024

The Cybersecurity and Infrastructure Security Agency is launching CISA Learning, a new learning management platform to help with cybersecurity training and much more.

Government 160

Government Cybersecurity 160

Tech Republic Security

DECEMBER 4, 2024

Datadog's report highlights long-lived credentials as a cloud security Achilles' heel. Discover risks and ways to secure your environment.

Risk 149

Risk Cyber Attacks 149

The Last Watchdog

DECEMBER 5, 2024

Alisa Viejo, Calif., Dec. 5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Logan We are deeply honored to be recognized amongst the winners of the 12th annual Cyber Defense Awards at CyberDefenseCon 2024, said Mark Logan, CEO of One Identity.

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Recent reports from Russia show increased censorship targeting the Tor network, including blocking bridges, pluggable transports, and circumvention apps. Russian watchdog Roskomnadzor is making some bridges inaccessible, highlighting the urgent need for more WebTunnel bridges.

Government 127

Government Internet Internet Hacking 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

DECEMBER 3, 2024

Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News.

Backups 135

Backups Software Cybersecurity 135

Tech Republic Security

DECEMBER 5, 2024

Richard Horne, the head of the U.K.’s National Cyber Security Centre, says that hostile activity has “increased in frequency, sophistication and intensity.

Cyber Risk 145

Cyber Risk Risk Cybersecurity 145

The Last Watchdog

DECEMBER 4, 2024

Cheltenham, England, Dec. 4, 2024 –A majority of senior cybersecurity professionals at the UK’s largest organisations struggle with feelings of helplessness and professional despair, new research by Green Raven Limited indicates. These negative emotions result from practitioners’ anticipation of eventual, inevitable failure to protect their organisation.

Cybersecurity 130

Cybersecurity Cyber threats Risk CISO 130

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident.

Banking 141

Banking Government Accountability Hacking 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

DECEMBER 5, 2024

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing.

Encryption 126

Encryption Identity Theft Media Telecommunications 126

WIRED Threat Level

DECEMBER 4, 2024

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it's already turning up victims.

Spyware 142

Spyware Mobile Hacking 142

The Hacker News

DECEMBER 1, 2024

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.

Cybercrime 143

Cybercrime Government 143

Security Affairs

NOVEMBER 30, 2024

McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs. 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa. SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss.

Social Engineering 127

Social Engineering Media Mobile Scams 127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

DECEMBER 4, 2024

The caution comes after Chinese-state-affiliated breaches of American telecommunication networks. Organizations with Cisco infrastructure should take particular note.

Telecommunications 136

Telecommunications CISO Mobile 136

Zero Day

DECEMBER 3, 2024

The company is threatening to add a watermark to the desktop of any unsupported PC running Windows 11.

136

136

The Hacker News

DECEMBER 4, 2024

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7.

Cryptocurrency 131

Cryptocurrency Software Cybersecurity 131

Security Affairs

DECEMBER 2, 2024

International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized over $400 million. A global operation code-named Operation HAECHI V, involving 40 countries, resulted in 5,500+ arrests and seized $400M in assets. Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud.

Cryptocurrency 126

Cryptocurrency Phishing Scams Cybercrime 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Cisco Security

DECEMBER 4, 2024

The Cisco and AWS integration is a radically new approach to ensuring the availability of modern apps today's multicloud, hybrid environments.

131

131

Zero Day

DECEMBER 5, 2024

Key questions remain unresolved concerning the use of Gen AI tools, while one country may need stronger deterrence against data theft.

130

130

Security Boulevard

DECEMBER 4, 2024

National Public Data, the data broker whose systems were breached and 2.9 billion files holding sensitive data from 170 million this year, has shut down following the attack and after a judge dismissed parent company Jerico Pictures' bankruptcy filing. The post National Public Data Shuts Down Months After Massive Breach appeared first on Security Boulevard.

Data privacy 121

Data privacy Data breaches Mobile Cybersecurity 121

Security Affairs

DECEMBER 3, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC. A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation. Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million year-to-date.

Ransomware 118

Ransomware Encryption Technology Cybersecurity 118

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity