Lohrman on Security
OCTOBER 27, 2024
A new report from Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security provides recommendations for the incoming presidential administration. Here are some report highlights.
The Hacker News
OCTOBER 29, 2024
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
OCTOBER 31, 2024
This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations.
Tech Republic Security
OCTOBER 30, 2024
Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 24/7 support, and ESET provides scalability.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
OCTOBER 30, 2024
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change Healthcare in the third week of February quickly spawned disruptions across the U.S. healthcare system that reverberated for months, thanks to the company’s c
Penetration Testing
OCTOBER 30, 2024
ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. These vulnerabilities could enable unauthorized... The post ServiceNow Patches Critical Sandbox Escape Vulnerability – CVE-2024-8923 (CVSS 9.8) appeared first on Cybersecurity News.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 30, 2024
Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.
Krebs on Security
NOVEMBER 1, 2024
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.
Penetration Testing
OCTOBER 29, 2024
A new critical vulnerability has been discovered in CyberPanel, a popular open-source web hosting control panel, by security researcher DreyAnd. The flaw, a zero-click pre-authentication root remote code execution (RCE),... The post 22,000 CyberPanel Servers Exposed: Zero-Click RCE Vulnerability Discovered, PoC Published appeared first on Cybersecurity News.
Schneier on Security
OCTOBER 31, 2024
Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
OCTOBER 28, 2024
Like other password managers, there are risks and drawbacks to consider before trusting Firefox Password Manager with your credentials.
WIRED Threat Level
OCTOBER 31, 2024
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.
Penetration Testing
OCTOBER 27, 2024
The SonicWall Capture Labs Threat Research Team has published an in-depth analysis of CVE-2024-38812, a critical heap-overflow vulnerability found in VMware vCenter Server. This vulnerability affects VMware vCenter Server version... The post Researcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware vCenter appeared first on Cybersecurity News.
Schneier on Security
OCTOBER 30, 2024
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 31, 2024
Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.
Security Boulevard
NOVEMBER 1, 2024
GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover. The post GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices appeared first on Security Boulevard.
Security Affairs
NOVEMBER 1, 2024
New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.
Schneier on Security
OCTOBER 28, 2024
It’s low tech , but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
OCTOBER 31, 2024
An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing incoming and outgoing calls, allowing users to answer or reject calls, as well as initiate calls.
Security Boulevard
OCTOBER 31, 2024
A report by the Identity Theft Resource Center found that while the number of small businesses hit by a cyberattack and the amount of losses continues to grow, companies are adopting stronger security best practices and investing more in security and compliance tools. The post Small Businesses Boosting Cybersecurity as Threats Grow: ITRC appeared first on Security Boulevard.
Penetration Testing
OCTOBER 28, 2024
A high-severity vulnerability has been discovered in the Common Log File System (CLFS) driver in Windows 11, enabling local users to escalate their privileges. CLFS is responsible for efficiently managing... The post CLFS Flaw in Windows 11 Allows for Privilege Escalation, PoC Published appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 1, 2024
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
OCTOBER 30, 2024
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.
Security Boulevard
OCTOBER 29, 2024
Dimon’s dollars (not yours): No, Chase Bank isn’t going to let you cash bad checks. It’s fraud—no matter what X and TikTok tell you. The post TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan appeared first on Security Boulevard.
Penetration Testing
OCTOBER 30, 2024
In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now! appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 1, 2024
Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
OCTOBER 30, 2024
The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number. The malware allows operators to steal bank users’ sensitive information and money from their bank accounts.
Security Boulevard
OCTOBER 30, 2024
The Cloud Security Alliance, noting the increasing cyberthreats to critical infrastructure in a highly interconnected world, released a report outlining steps organizations can take to implement zero trust policies to protect against nation-state actors and other threat groups. The post Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure appeared first on Security Boulevard.
Penetration Testing
OCTOBER 30, 2024
In a recent discovery, ESET researchers unveiled “CloudScout,” a sophisticated cyberespionage toolset employed by the advanced persistent threat (APT) group called Evasive Panda. This China-aligned group has reportedly used CloudScout... The post From Gmail to Google Drive: How Evasive Panda Exploits Cloud Services with CloudScout appeared first on Cybersecurity News.
The Hacker News
OCTOBER 27, 2024
A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
280 
Let's personalize your content