Troy Hunt

JULY 31, 2024

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" &

Scams 325

Scams Passwords Malware Accountability 325

Schneier on Security

JULY 31, 2024

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Internet 288

Internet Internet Malware 288

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-frie

DNS 272

DNS Internet Internet Phishing 272

Lohrman on Security

JULY 28, 2024

On July 19, 2024, a CrowdStrike software update unleashed mayhem on computer systems at airports, banks and more from Australia to Atlanta. What happened, and what lessons can we take away?

Banking 258

Banking Software 258

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JULY 27, 2024

Who would have thought that just a few hours after recording the previous week's video, the world would descend into what has undoubtedly become the largest IT outage we've ever seen: I don’t think it’s too early to call it: this will be the largest IT outage in history — Troy Hunt (@troyhunt) July 19, 2024 By virtue of the CrowdStrike incident occurring in friendly office hours for my corner of the world, I was able to get a thread on it going pretty early on.

Media 220

Media 220

Schneier on Security

JULY 30, 2024

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. That might not cut it in the auto world, where the average age of cars on US roads is only going up.

Software 276

Software Manufacturing Cybersecurity 276

Penetration Testing

JULY 30, 2024

Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990, CVE-2024-7255, and CVE-2024-7256, could potentially allow attackers to... The post Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990) appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Troy Hunt

AUGUST 1, 2024

The ongoing scourge that is spyware (or, as it is commonly known, "stalkerware"), and the subsequent breaches that so often befall them continue to amaze me. More specifically, it's the way they tackle the non-consensual spying aspect of the service which, on the one hand is represented as a big "no-no" but on the others hand, the likes of Spytech in this week's update literally have a dedicated page for!

Spyware 207

Spyware Small Business Scams 207

Schneier on Security

JULY 29, 2024

The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames.

Artificial Intelligence 275

Artificial Intelligence 275

Tech Republic Security

AUGUST 1, 2024

Redmond has confirmed the eight-hour Azure outage on July 30 was triggered by a distributed denial-of-service attack, but an “error in the implementation of [their] defenses” exacerbated it.

DDOS 159

DDOS 159

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JULY 27, 2024

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. [.

144

144

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to their systems being compromised.

Phishing 143

Phishing DNS Social Engineering Engineering 143

Schneier on Security

AUGUST 1, 2024

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment ­ system operations, software developers, committers, and maintainers ­ self-report feeling unfamiliar with secure software development practice

Education 273

Education Software 273

Tech Republic Security

JULY 29, 2024

NordPass, Bitwarden and Dashlane are among a handful of secure and feature-packed password managers for those looking for quality 1Password alternatives.

Password Management 173

Password Management Passwords 173

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 31, 2024

Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. [.

DDOS 142

DDOS 142

Malwarebytes

JULY 31, 2024

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is locked there are several voice-commands your digital assistant can process.

Software 139

Software Mobile Risk Cybersecurity 139

Schneier on Security

AUGUST 2, 2024

Here’s a disaster that didn’t happen : Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog discussed what could have happened : The implications of someone finding this leaked token could be extremely severe.

Software 259

Software Cybersecurity 259

Tech Republic Security

JULY 29, 2024

“Digital intensity” caused by multiple cloud environments, application growth and AI is putting pressure on IT leaders in medium-sized businesses to manage costs while modernising their infrastructure.

Technology 159

Technology Digital transformation Artificial Intelligence Cybersecurity 159

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

AUGUST 2, 2024

Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled [.

143

143

Security Affairs

JULY 27, 2024

Ukraine launched a massive cyber operation that shut down the ATM services of the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. “This is an opportune moment to fully implement the Kremlin’s long-desired ‘import substitution’ in the form of wooden abacuses, paper savings books, and cave paintings for accounting.” reported the KyivPost. “In Russia, it has al

Banking 145

Banking Mobile Hacking Internet 145

Security Boulevard

JULY 31, 2024

There has been a dramatic rise in email attacks and ransomware incidents, with an Acronis report noting a staggering 293% increase in email attacks in the first half of 2024 compared to the same period in 2023. The post Email Attacks Surge, Ransomware Threat Remains Elevated appeared first on Security Boulevard.

Ransomware 134

Ransomware Social Engineering Engineering Security Awareness 134

Tech Republic Security

JULY 30, 2024

Ransomware attacks are attracting record payouts in Australia. Learn whether paying the ransom is viable, about legal implications and about alternative strategies.

Ransomware 156

Ransomware Cybersecurity 156

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

JULY 31, 2024

A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. [.

Banking 132

Banking Accountability Malware Mobile 132

The Hacker News

JULY 29, 2024

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis.

Phishing 139

Phishing Social Engineering Scams Engineering 139

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085. We have started sharing exposed VMware ESXi vulnerable to CVE-2024-37085 (authentication bypass).

Internet 142

Internet Internet Ransomware Authentication 142

Tech Republic Security

JULY 31, 2024

The CVE-2024-37085 vulnerability is present in VMware ESXi hypervisors and has been used to deploy ransomware, according to Microsoft.

Ransomware 164

Ransomware Cybersecurity 164

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JULY 29, 2024

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [.

Cybersecurity 134

Cybersecurity 134

Security Boulevard

JULY 31, 2024

An analysis published today by Cribl, a data management platform provider, suggests that the amount of data being processed and analyzed by cybersecurity teams is increasing exponentially. The post Report: Amount of Data Being Analyzed by Cybersecurity Teams Rises appeared first on Security Boulevard.

Cybersecurity 133

Cybersecurity Security Awareness 133

The Hacker News

JULY 29, 2024

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various legitimate companies.

Phishing 140

Phishing Scams Authentication 140

Tech Republic Security

JULY 29, 2024

SentinelOne Singularity and Microsoft Defender for Endpoint are among the top CrowdStrike alternatives to consider following the recent IT outage in July.

Software 152

Software 152

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity