Tech Republic Security
DECEMBER 23, 2024
A look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025.
Tech Republic Security
DECEMBER 23, 2024
Patch management software ensures that known vulnerabilities are patched efficiently to prevent breaches while streamlining IT workflows. Find the best patch management solution for your business.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 26, 2024
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.
Zero Day
DECEMBER 24, 2024
In just two years, AI has gone from hype to essential skill, offering massive productivity gains and increasing creativity among teams who use it. Here's how.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
DECEMBER 24, 2024
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Lohrman on Security
DECEMBER 27, 2024
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions, forecasts, trends and outlook reports from the top security industry vendors, technology magazines, expert thought leaders and more.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 22, 2024
US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S. Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges.
Schneier on Security
DECEMBER 27, 2024
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.
Zero Day
DECEMBER 24, 2024
I've used and covered Linux for nearly 30 years. Here's my top pick for my favorite open-source distro in 2024.
Tech Republic Security
DECEMBER 23, 2024
Trend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more for one year.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 21, 2024
Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones. Bitsight researchers uncovered new BADBOX infrastructure, company’s telemetry shows that over192,000 devices were infected with the BADBOX bot. The botnet includes 160,000 previously unseen devices, notably Yandex 4K QLED Smart TVs and T963 Hisense Smartphones.
Schneier on Security
DECEMBER 23, 2024
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Penetration Testing
DECEMBER 22, 2024
The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range... The post CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability appeared first on Cybersecurity News.
WIRED Threat Level
DECEMBER 27, 2024
Smartphones and face recognition are being combined to create new digital travel documents. The paper passports days are numbereddespite new privacy risks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 27, 2024
Palo Alto Networks addressed a high-severity PAN-OS flaw that could trigger denial-of-service (DoS) on vulnerable devices. Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. An unauthenticated attacker can exploit this vulnerability to reboot the firewall by sending a malicious packet through its data plane.
The Hacker News
DECEMBER 24, 2024
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said.
Penetration Testing
DECEMBER 22, 2024
The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to... The post NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager appeared first on Cybersecurity News.
Zero Day
DECEMBER 27, 2024
In 2024, AI became truly helpful. Here are 15 clever ways I integrated it into my workflow for quicker, better results - and how you can too.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 23, 2024
A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle.
Security Boulevard
DECEMBER 27, 2024
Shouldve used MFA: $T loses yet more customer datathis time, from almost all of them. The post Best of 2024: AT&T Says 110M Customers Data Leaked Yep, its Snowflake Again appeared first on Security Boulevard.
The Hacker News
DECEMBER 23, 2024
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
Zero Day
DECEMBER 22, 2024
Who is liable: the product maker, the library coder, or the company that chose the product? Our Part 2 analysis examines this sticky issue if a catastrophic outcome occurs.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 26, 2024
A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday. A cyber attack hit Japan Airlines (JAL) on Thursday, the offensive began at 7:24 a.m. and impacted internal and external systems. The Associated Press reported that the attack disabled a router, causing system malfunctions and suspending ticket sales for Thursday departures.
WIRED Threat Level
DECEMBER 25, 2024
AI voice cloning and deepfakes are supercharging scams. One method to protect your loved ones and yourself is to create secret code words to verify someones identity in real time.
The Hacker News
DECEMBER 23, 2024
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.
Zero Day
DECEMBER 23, 2024
In 2024, AI became truly helpful. Here are 15 clever ways I integrated it into my workflow for quicker, better results - and what I hope to do with it in 2025.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 26, 2024
A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19. Pittsburgh Regional Transit (PRT) is the public transportation agency that serves the Pittsburgh metropolitan area in Pennsylvania, USA.
Penetration Testing
DECEMBER 26, 2024
On December 24, 2024, at approximately 5:24 PM UTC, Cyberhaven experienced a sophisticated and targeted attack. According to an official statement from the company, the attacker successfully gained access to... The post Cyberhaven Chrome Extension Compromised in Targeted Attack appeared first on Cybersecurity News.
The Hacker News
DECEMBER 26, 2024
A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S.
Zero Day
DECEMBER 26, 2024
Suno will use its AI skills to create a song based on your description of a specific genre and topic.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
172 
Let's personalize your content