Sat.Aug 13, 2022 - Fri.Aug 19, 2022

article thumbnail

When Efforts to Contain a Data Breach Backfire

Krebs on Security

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.

article thumbnail

USB “Rubber Ducky” Attack Tool

Schneier on Security

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms.

Passwords 353
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 309

Troy Hunt

Right off the back of a visit to our wedding venue (4 weeks and counting!) and a few hours before heading to the snow (yes, Australia has snow), I managed to slip in a weekly update earlier today. I've gotta say, the section on Shitexpress is my favourite because there's just so much to give with this one; a service that literally ships s**t with a public promise of multiple kinds of animal s**t whilst data that proves only horse s**t was ever shipped, a promise of 100% anonymity whils

Passwords 225
article thumbnail

How phishing attacks are exploiting Amazon Web Services

Tech Republic Security

By using a legitimate service like AWS to create phishing pages, attackers can bypass traditional security scanners, says Avanan. The post How phishing attacks are exploiting Amazon Web Services appeared first on TechRepublic.

Phishing 191
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote cont

Scams 339
article thumbnail

Zoom Exploit on MacOS

Schneier on Security

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

Passwords 313

More Trending

article thumbnail

How to strengthen the human element of cybersecurity

Tech Republic Security

Security expert explains how IT leaders can work with employees to ensure security strategies and techniques are actually implemented. The post How to strengthen the human element of cybersecurity appeared first on TechRepublic.

article thumbnail

Google blocked the largest Layer 7 DDoS reported to date

Security Affairs

Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed that the attack reached 46 million requests per second (RPS). The attack took place on June 1st, at 09:45, it started with more than 10,000 requests per second (rps) and targeted a customer’s HTTP/S Load Balancer.

DDOS 144
article thumbnail

$23 Million YouTube Royalties Scam

Schneier on Security

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught. No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud. While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before.

Scams 223
article thumbnail

CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

eSecurity Planet

Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain , according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines.

Software 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to deploy the Bitwarden self-hosted server with Docker

Tech Republic Security

Jack Wallen walks you through the process of deploying a Bitwarden vault server with the help of Docker containers. The post How to deploy the Bitwarden self-hosted server with Docker appeared first on TechRepublic.

179
179
article thumbnail

Janet Jackson's music video is now a vulnerability for crashing hard disks

Bleeping Computer

Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers. [.].

145
145
article thumbnail

Google Cloud blocks largest HTTPS DDoS attack ever

CSO Magazine

Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google stated the attack, which occurred on June 1, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the M?

DDOS 142
article thumbnail

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Alternatives to facial recognition authentication

Tech Republic Security

Learn the problem with facial recognition as well as software and hardware alternatives to the technology. The post Alternatives to facial recognition authentication appeared first on TechRepublic.

article thumbnail

PwC Survey Finds C-Level Execs View Cybersecurity as Biggest Risk

Security Boulevard

A survey of 722 C-level executives published today by PwC finds 40% of business leaders now rank cybersecurity as being the number one serious risk their organizations face today. In addition, 58% of corporate directors said they would benefit most from enhanced reporting around cybersecurity and technology. Nearly half of respondents (49%) said as a.

Risk 142
article thumbnail

UK 5G Network company EE blocks 200 million phishing texts

CyberSecurity Insiders

Everything Everywhere shortly and widely known as EE, a UK based company that offers super-fast telecom and data network services based on 5G says that it has officially blocked 200 million phishing texts and over 11 million scammed calls to its users in the month of this year’s July alone. The revelation comes just after a couple of days when another network provider revealed scamsters are circulating fake messages induced with the Apple Pay, Evri and NHS links that aren’t genuine in real and,

Phishing 140
article thumbnail

Cyber Resiliency Isn't Just About Technology, It's About People

Dark Reading

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Facial recognition: Top software vendors

Tech Republic Security

Learn about the top facial recognition technology vendors. Find out how it works, what it can and can't do, and its current state. The post Facial recognition: Top software vendors appeared first on TechRepublic.

Software 170
article thumbnail

Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild

Security Affairs

Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds checking.

Hacking 140
article thumbnail

4 Common Automotive Cybersecurity Vulnerabilities

Security Boulevard

Several high-profile cyberattacks in recent years revealed growing levels of security risk in the automotive sector. The industry needs to quickly increase awareness of the current attack surface, often through the installed base of network assets, including machines and devices on plant floors. The Risks in the Automotive Sector Successful attacks create not only financial.

article thumbnail

Security automation can save millions otherwise incurred through data breaches

CyberSecurity Insiders

A recent survey conducted by IBM has discovered that companies can save millions incurred from data breaches, just by automating their cybersecurity posture. The report that goes with the title ‘IBM Cost of Data Breach Report’ stated that organizations can save for themselves about $3.05 million per data breach, if they take the help of the technology of Artificial Intelligence (AI) along with Automation.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

In security, there is no average behavior

Tech Republic Security

Doron Hendler, CEO and co-founder of RevealSecurity, explains the right way and the wrong way to detect malicious behavior. The post In security, there is no average behavior appeared first on TechRepublic.

158
158
article thumbnail

Two more malicious Python packages in the PyPI

SecureList

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were intended to steal developers’ personal data and credentials. Following this research, we used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.

Passwords 138
article thumbnail

Honker Union: Has the grandfather of Chinese Hacktivism returned?

Digital Shadows

Now over 20-years-old, the Honker Union of China (HUC) is one of the originals of Chinese hacktivism. But when it. The post Honker Union: Has the grandfather of Chinese Hacktivism returned? first appeared on Digital Shadows.

135
135
article thumbnail

Google blocks largest HTTPS DDoS attack 'reported to date'

Bleeping Computer

A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. [.].

DDOS 134
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Browser extension threat targets millions of users

Tech Republic Security

Browser extensions are amazing tools but sometimes not what they pretend to be. Some are in fact malicious and might be a great risk to the user or his/her data. The post Browser extension threat targets millions of users appeared first on TechRepublic.

Risk 157
article thumbnail

eSecurity Planet’s 2022 Cybersecurity Product Awards

eSecurity Planet

The editors of eSecurity Planet have been giving advice to enterprise security buyers for more than a decade, and for the last five years we’ve been rating the top enterprise cybersecurity products, compiling roughly 50 lists to date on every product imaginable, from networks to endpoints and out to the cloud and beyond. This year, for the first time, we’re ranking the overall best companies and products in 14 of those categories.

article thumbnail

VPNs Don’t Work on iOS — and Apple Doesn’t Care

Security Boulevard

“VPNs on iOS are a scam.” That’s what an angry security researcher would have you believe. The post VPNs Don’t Work on iOS — and Apple Doesn’t Care appeared first on Security Boulevard.

Scams 131
article thumbnail

CISA adds 7 vulnerabilities to list of bugs exploited by hackers

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google. [.].

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.