Tech Republic Security

JANUARY 11, 2024

Looking for the best anonymous (no-log) VPN? Check out our comprehensive list to find the top VPN services that prioritize anonymity and security.

VPN 185

VPN 185

Schneier on Security

JANUARY 11, 2024

Add pharmacies to the list of industries that are giving private data to the police without a warrant.

Healthcare 327

Healthcare Data privacy 327

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

Cryptocurrency 328

Cryptocurrency Government Cybercrime Accountability 328

Joseph Steinberg

JANUARY 10, 2024

Cybersecurity For Dummies , the best-selling cybersecurity book written for general audiences by Joseph Steinberg , is now available in Portuguese. Like its English, French, Dutch, and German counterparts, the Portuguese edition, entitled Cibersegurança Para Leigos , and published in Brazil, helps people stay cyber-secure regardless of their technical skillsets.

Cybersecurity 286

Cybersecurity Artificial Intelligence Data breaches Malware 286

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Troy Hunt

JANUARY 7, 2024

It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent

Data breaches 282

Data breaches Accountability 282

Schneier on Security

JANUARY 10, 2024

In 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks in,” a vaguely robotic voice says as images of cheeseburgers glitch in and out over fake computer code. “BK presents Hangover Whopper, a technology that

Marketing 326

Marketing Technology 326

Lohrman on Security

JANUARY 8, 2024

With the modern Internet, it’s easier than ever before to learn from, imitate and even plagiarize other people’s work. So how will new generative AI tools change our media landscape in 2024 and beyond?

Media 209

Media Internet Internet 209

The Last Watchdog

JANUARY 9, 2024

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience. AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world.

Technology 203

Technology Cybersecurity Risk Mobile 203

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

IoT 322

IoT Software Manufacturing Internet 322

Tech Republic Security

JANUARY 12, 2024

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 192

VPN Cybersecurity Network Security 192

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Jane Frankland

JANUARY 9, 2024

In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. However, not all organisations have had the means to invest in and manage the staffing and infrastructure required for a Security Operations Centre (SOC). This is where Managed Detection & Response (MDR) providers come in.

Threat Detection 147

Threat Detection Technology Marketing Artificial Intelligence 147

Malwarebytes

JANUARY 11, 2024

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue.

Accountability 145

Accountability Authentication Passwords Malware 145

Schneier on Security

JANUARY 9, 2024

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

Malware 321

Malware Banking Passwords Authentication 321

Tech Republic Security

JANUARY 9, 2024

ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.

Antivirus 185

Antivirus Malware Spyware Ransomware 185

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Trend Micro

JANUARY 11, 2024

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

Malware 145

Malware 145

Security Affairs

JANUARY 7, 2024

A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS). Threat actors hit the Beirut International Airport Rafic Hariri in Lebanon and breached the Flight Information Display System (FIDS). Rafic Hariri International Airport is the main international airport serving Beirut, the capital of Lebanon.

Cyber Attacks 145

Cyber Attacks Hacking Information Security 145

Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

Technology 303

Technology 303

Tech Republic Security

JANUARY 10, 2024

While its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.

VPN 167

VPN Marketing 167

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 143

Passwords Firewall Marketing Authentication 143

Security Affairs

JANUARY 7, 2024

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements.

Cryptocurrency 144

Cryptocurrency Marketing Hacking Data breaches 144

Bleeping Computer

JANUARY 12, 2024

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

142

142

Tech Republic Security

JANUARY 7, 2024

A web browser is an indispensable feature of every computer and, in some cases, the only truly essential feature (such as with Google Chromebooks). The purpose of this policy from TechRepublic Premium is to provide guidelines for the secure configuration and use of web browsers on company systems. It also includes steps for remediation and.

Software 152

Software 152

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

JANUARY 10, 2024

Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules.

Passwords 137

Passwords Antivirus Malware Encryption 137

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

Authentication 144

Authentication Software Passwords Hacking 144

Bleeping Computer

JANUARY 12, 2024

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [.

Firewall 140

Firewall 140

Trend Micro

JANUARY 8, 2024

Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.

Malware 136

Malware Phishing 136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Malwarebytes

JANUARY 7, 2024

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing —sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what it is exactly, and how cybercriminals can use it. The first thing we need to look at is the Simple Mail Transfer Protocol (SMTP), a protocol that allows the exchange of emails.

DNS 136

DNS Authentication Firewall Ransomware 136

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical tactical capabilities, including cybersecurity and remote cryptographic management systems for clients including the DoD, FBI, DEA, NATO, AT&T, the

Hacking 144

Hacking Ransomware Data breaches Manufacturing 144

Bleeping Computer

JANUARY 10, 2024

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [.

136

136

Security Boulevard

JANUARY 10, 2024

AirDrop hashing is weaksauce: Chinese citizens using peer-to-peer wireless comms “must be identified.” The post China Cracks Apple Private Protocol — AirDrop Pwned appeared first on Security Boulevard.

Wireless 135

Wireless Social Engineering Firewall Data privacy 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk