Tue.Jan 24, 2023

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

article thumbnail

How hackers stole the personal data of 37 million T-Mobile customers

Tech Republic Security

The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. The post How hackers stole the personal data of 37 million T-Mobile customers appeared first on TechRepublic.

Mobile 215
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What is PSaaS and is it Worthwhile?

Security Boulevard

Cloud computing has been adopted more rapidly in recent years, and we see more cloud applications in security. As businesses return to the office, they need to rethink physical security to futureproof their security strategy against the constantly evolving security landscape. Is physical security-as-a-service (PSaaS) the solution for a futureproof security strategy?

article thumbnail

Recent rise in SEO poisoning attacks compromise brand reputations

Tech Republic Security

A new research report from SentinelOne exposes a SEO poisoning attack campaign that hijacks brand names in paid search ads. The post Recent rise in SEO poisoning attacks compromise brand reputations appeared first on TechRepublic.

Media 188
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GoTo says hackers stole customers' backups and encryption key

Bleeping Computer

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. [.

Backups 138
article thumbnail

10 cybersecurity predictions for tech leaders in 2023

Tech Republic Security

From ransomware to third-party vendor security to software-defined perimeters, these cybersecurity topics should be on IT leaders’ radar. The post 10 cybersecurity predictions for tech leaders in 2023 appeared first on TechRepublic.

More Trending

article thumbnail

Companies slow to “mask up” with zero trust cybersecurity protocols

Tech Republic Security

A new study by Gartner predicts that by 2026 just 10% of companies will have zero-trust protocols in place against cybersecurity exploits. The post Companies slow to “mask up” with zero trust cybersecurity protocols appeared first on TechRepublic.

article thumbnail

5 valuable skills your children can learn by playing video games

We Live Security

Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future The post 5 valuable skills your children can learn by playing video games appeared first on WeLiveSecurity

137
137
article thumbnail

Ransomware access brokers use Google ads to breach your network

Bleeping Computer

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. [.

article thumbnail

GoTo admits: Customer cloud backups stolen together with decryption key

Naked Security

We were going to write, "Once more unto the breach, dear friends, once more". but it seems to go without saying these days.

Backups 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China spies on the UK populace with microchips

CyberSecurity Insiders

Britain populace should start being cautious with smart appliances as security analysts suggest that china might have started a spying campaign on them via domestic appliances. Yes, what you’ve read is right! There is a fair amount of chance that Beijing might have weaponized millions of gadgets operating in the household of Britons through microchips.

article thumbnail

The Security Challenges of API Sprawl

Security Boulevard

When you have a lot of something—of anything—it’s hard to keep track. It could be books, cats, tools in the garage, apps on the phone. And when you can’t keep track, you create some level of risk, likely as a result of poor inventory and control. Well, this is what we’re seeing with APIs today. The post The Security Challenges of API Sprawl appeared first on Security Boulevard.

Risk 121
article thumbnail

Privacy’s impact continues to grow, but more remains to be done

Cisco Security

As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study , our sixth annual review of key privacy issues and their impact on business. Drawing on responses from more than 3100 organizations in 26 geographies, the findings show that organizations continue to prioritize and get attractive returns from their privacy investments, while integrating privacy into many of their most important processes, including sales motions, mana

article thumbnail

Attacking The Supply Chain: Developer

Trend Micro

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

article thumbnail

CYGNVS exits stealth, trumpeting its cyberattack recovery platform

CSO Magazine

Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively an all-in-one disaster recovery system for cyberattacks.

Mobile 115
article thumbnail

SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports

The Last Watchdog

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high. Related: Tech giants foster third-party snooping This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

article thumbnail

P-to-P fraud most concerning cyber threat in 2023: CSI

CSO Magazine

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to C

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Security and the Electric Vehicle Charging Infrastructure

Dark Reading

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.

111
111
article thumbnail

How passkeys are changing authentication

CSO Magazine

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication.

article thumbnail

VMware fixes critical security bugs in vRealize log analysis tool

Bleeping Computer

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. [.

105
105
article thumbnail

Chat Cybersecurity: AI Promises a Lot, But Can It Deliver?

Dark Reading

Machine learning offers great opportunities, but it still can't replace human experts.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Emotet Malware Makes a Comeback with New Evasion Techniques

The Hacker News

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.

Malware 102
article thumbnail

Hackers use Golang source code interpreter to evade detection

Bleeping Computer

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. [.

Hacking 101
article thumbnail

ServiceNow to detect open source security vulnerabilities with Snyk integration

CSO Magazine

ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor’s advanced software composition analysis (SCA) backed by Snyk’s security intelligence—a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow p

article thumbnail

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

The Hacker News

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

75k WordPress sites impacted by critical online course plugin flaws

Bleeping Computer

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. [.

100
100
article thumbnail

Microsoft to Block Excel Add-ins to Stop Office Exploits

Dark Reading

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

99
article thumbnail

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Security Affairs

Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack. The power outage impacted all the major cities in Pakistan.

article thumbnail

Fauda: When Hollywood and Cybersecurity Meet

Security Boulevard

The newest season of Fauda, now streaming on Netflix, is a real Hollywood meets Cybersecurity moment. Find out how realistic - or not - it is. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Ermetic. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.