Krebs on Security

AUGUST 19, 2024

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 353

Passwords Data breaches Accountability Data privacy 353

Tech Republic Security

NOVEMBER 4, 2024

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.

Software 211

Software Cybersecurity Passwords 211

The Hacker News

NOVEMBER 19, 2024

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.

137

137

NetSpi Technical

NOVEMBER 14, 2024

Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.

Passwords 145

Passwords Risk Data collection Backups 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

NOVEMBER 12, 2024

A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared. The BBC reports it tried several methods to reach the company but failed in this effort. London offices are closed, nobody answers the phone, and clients are no longer capable of accessing their online records. All the company’s social media accounts haven’t been updated since 2023 at the latest.

Insurance 145

Insurance Accountability Risk Data breaches 145

Zero Day

NOVEMBER 11, 2024

This extension lets you easily migrate your follows and block list from X (formerly Twitter) to Bluesky, but you need to act fast because its functionality may be short-lived. Here's why.

145

145

Penetration Testing

NOVEMBER 11, 2024

A coordinated attack targeting the Tor network has been neutralized thanks to the swift action of the Tor community and security researchers. In late October, the Tor Project faced a... The post Tor Network Thwarts IP Spoofing Attack appeared first on Cybersecurity News.

Cybersecurity 144

Cybersecurity 144

Google Security

NOVEMBER 15, 2024

Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities , which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.

Risk 136

Risk Software 136

Kali Linux

OCTOBER 21, 2024

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Images and releases will no longer be created for this platform. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. These terms apply more generally to any Debian-based Linux distribution. amd64 refers to the x86-64 architecture, ie. the 64-bit version of the x86 instructi

Architecture 145

Architecture Software 145

SecureList

OCTOBER 23, 2024

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in 50+ unique campaigns targeting governments, diplomatic entities, financial institutions, mili

Engineering 145

Engineering Social Engineering Accountability Cryptocurrency 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.

Spyware 142

Spyware Media Malware Hacking 142

Tech Republic Security

AUGUST 13, 2024

On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.

Data breaches 218

Data breaches 218

The Hacker News

NOVEMBER 18, 2024

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts.

Phishing 117

Phishing 117

Security Boulevard

NOVEMBER 15, 2024

A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 when less than half of the top vulnerabilities were zero-day exploits. The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

Cybersecurity 129

Cybersecurity Cyber threats 129

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

NOVEMBER 7, 2024

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We’ve learned to expect that “smart” appliances come with privacy risks— toothbrushes aside —but I really hadn’t given my air fryer any thought. Now things are about to change. You don’t need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet.

Surveillance 144

Surveillance Manufacturing Healthcare Risk 144

NSTIC

NOVEMBER 13, 2024

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.

Insurance 131

Insurance Mobile 131

WIRED Threat Level

SEPTEMBER 26, 2024

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Hacking 145

Hacking Engineering 145

Penetration Testing

NOVEMBER 8, 2024

A critical vulnerability, tagged as CVE-2024-10470, has been identified in WPLMS, a WordPress premium theme widely used for online course management. Security researcher István Márton at Wordfence reported that this... The post CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Zero Day

NOVEMBER 20, 2024

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

Technology 131

Technology 131

Kali Linux

SEPTEMBER 10, 2024

With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.

Firmware 145

Firmware Architecture Education Passwords 145

Bleeping Computer

JULY 27, 2024

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. [.

144

144

Security Affairs

OCTOBER 22, 2024

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.

Firmware 144

Firmware Mobile Spyware Media 144

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Google Security

SEPTEMBER 25, 2024

Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding , a secure-by-design approach that prioritizes transitioning to memory-safe languages.

Risk 137

Risk Software Manufacturing Government 137

The Hacker News

NOVEMBER 17, 2024

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin.

Authentication 118

Authentication 118

Security Boulevard

NOVEMBER 5, 2024

We have entered a new era of cyberthreats, and employees must be equipped to defend the company from more cunning and effective attacks than ever. The post How Cybersecurity Training Must Adapt to a New Era of Threats appeared first on Security Boulevard.

Cybersecurity 131

Cybersecurity Security Awareness 131

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID.

Accountability 145

Accountability Authentication Malware Banking 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Duo's Security Blog

SEPTEMBER 5, 2024

The importance of gaining visibility into identity data Over the last two years, the security of an organization's identity ecosystem has become paramount. Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data.

Accountability 141

Accountability Risk Authentication Passwords 141

WIRED Threat Level

OCTOBER 22, 2024

The North Atlantic Fella Organization, which started as a way to fight Kremlin propaganda, has raised millions of dollars to send vital equipment directly to soldiers fighting Russia.

141

141

Penetration Testing

NOVEMBER 17, 2024

In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of.safepay as the... The post SafePay Ransomware: A New Threat with Sophisticated Techniques appeared first on Cybersecurity News.

Ransomware 136

Ransomware Cybersecurity Malware 136

We Live Security

AUGUST 20, 2024

ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.

Phishing 142

Phishing 142

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.