Tech Republic Security

OCTOBER 15, 2024

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 181

Risk Artificial Intelligence Software Cybersecurity 181

Tech Republic Security

OCTOBER 17, 2024

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

Ransomware 200

Ransomware Artificial Intelligence Software 200

Lohrman on Security

OCTOBER 13, 2024

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 267

Scams 267

Tech Republic Security

OCTOBER 17, 2024

The NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.

Cybersecurity 176

Cybersecurity 176

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

OCTOBER 16, 2024

CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators. The post Apple Enrages IT — 45-Day Cert Expiration Fury appeared first on Security Boulevard.

System Administration 134

System Administration Social Engineering Data privacy IoT 134

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 234

Malware Cryptocurrency Internet Internet 234

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT 188

IoT Mobile Cyber threats Internet 188

Malwarebytes

OCTOBER 18, 2024

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 145

Adware Spyware Mobile Technology 145

Schneier on Security

OCTOBER 15, 2024

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand.

Marketing 273

Marketing Technology IoT Engineering 273

Security Affairs

OCTOBER 12, 2024

U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. and U.K. cyber agencies warned.

Data collection 141

Data collection Authentication Government Hacking 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

OCTOBER 15, 2024

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

Cyber Attacks 185

Cyber Attacks Data breaches Cybersecurity 185

Malwarebytes

OCTOBER 15, 2024

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid. And none of that has to do with who wins. According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.

Scams 142

Scams Identity Theft Cybercrime Accountability 142

Schneier on Security

OCTOBER 18, 2024

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.

Government 221

Government 221

Security Affairs

OCTOBER 15, 2024

WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a popular plugin for WordPress that provides a suite of features to enhance website functionality, security, and performance.

Hacking 136

Hacking 136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

OCTOBER 17, 2024

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

Ransomware 175

Ransomware Cyber Attacks Cybersecurity 175

Malwarebytes

OCTOBER 16, 2024

Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser.

Risk 134

Risk Cybersecurity 134

Schneier on Security

OCTOBER 16, 2024

The men’s world conkers champion is accused of cheating with a steel chestnut.

157

157

Security Affairs

OCTOBER 17, 2024

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access if exploited under specific conditions. A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. Only Kubernetes clusters with nodes using VM images from the Image Builder project and its Proxmox provider are impacted by this issue. “A security issue was discovered in the Kubernetes I

Accountability 139

Accountability Passwords Hacking Cybersecurity 139

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 16, 2024

Getting buy-in can be difficult. Safe-U founder and CEO Jorge Litvin explains how to create a common language between the CISO and the rest of the C-suite.

CISO 167

CISO Cybersecurity Digital transformation 167

eSecurity Planet

OCTOBER 15, 2024

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

Cybersecurity 133

Cybersecurity Penetration Testing Cyber threats Firewall 133

Schneier on Security

OCTOBER 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. The list is maintained on this page.

157

157

Security Affairs

OCTOBER 15, 2024

North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions.

Malware 138

Malware Banking Hacking Accountability 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 15, 2024

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 158

CISO Software Cybersecurity 158

The Hacker News

OCTOBER 18, 2024

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.

Technology 144

Technology 144

SecureList

OCTOBER 15, 2024

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.

Malware 141

Malware Encryption Architecture Phishing 141

Security Affairs

OCTOBER 14, 2024

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. The Dutch police have announced the success of a new joint law enforcement operation that led to the shutdown of the dual dark web marketplace Bohemia/Cannabia. These are two of the largest and longest-running dark web platforms for the trade of illegal goods, drugs, and cybercrime services.

Marketing 133

Marketing Cybercrime DDOS Cryptocurrency 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

OCTOBER 16, 2024

Learn how data from call detail records can help you find fraud calls made by your phone system — and prevent them from happening again.

Big data 157

Big data Software Mobile Network Security 157

Malwarebytes

OCTOBER 16, 2024

Millions of people are turning normal pictures into nude images, and it can be done in minutes. Journalists at Wired found at least 50 “nudify” bots on Telegram that claim to create explicit photos or videos of people with only a couple of clicks. Combined, these bots have millions of monthly users. Although there is no sure way to find out how many unique users that are, it’s appalling, and highly likely there are much more than those they found.

Media 144

Media Marketing Backups Accountability 144

The Hacker News

OCTOBER 15, 2024

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.

Encryption 144

Encryption Authentication 144

Security Affairs

OCTOBER 17, 2024

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately reported to VMware by Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) through the Trend Micro Zero Day Initiative (

Authentication 137

Authentication Mobile Hacking Information Security 137

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity