Malwarebytes

OCTOBER 15, 2024

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid. And none of that has to do with who wins. According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.

Scams 140

Scams Identity Theft Cybercrime Accountability 140

Security Affairs

OCTOBER 15, 2024

WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a popular plugin for WordPress that provides a suite of features to enhance website functionality, security, and performance.

Hacking 131

Hacking 131

eSecurity Planet

OCTOBER 15, 2024

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

Cybersecurity 133

Cybersecurity Penetration Testing Cyber threats Firewall 133

SecureList

OCTOBER 15, 2024

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.

Malware 143

Malware Encryption Architecture Phishing 143

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Google Security

OCTOBER 15, 2024

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities 2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm.

Computers and Electronics 118

Computers and Electronics Software Risk Architecture 118

Schneier on Security

OCTOBER 15, 2024

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand.

Marketing 300

Marketing Technology IoT Engineering 300

Tech Republic Security

OCTOBER 15, 2024

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 211

Risk Artificial Intelligence Software Cybersecurity 211

Security Boulevard

OCTOBER 15, 2024

Multiple security vulnerabilities were identified in PHP, a widely-used open source general purpose scripting language which could compromise the security and integrity of web applications. These vulnerabilities include incorrect parsing of multipart/form-data, improper handling of directives, and flawed logging mechanisms. Let’s dive into the details of the recent vulnerabilities.

113

113

Tech Republic Security

OCTOBER 15, 2024

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

Cyber Attacks 200

Cyber Attacks Data breaches Cybersecurity 200

The Hacker News

OCTOBER 15, 2024

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.

Encryption 141

Encryption Authentication 141

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

OCTOBER 15, 2024

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 189

CISO Software Cybersecurity 189

The Hacker News

OCTOBER 15, 2024

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S.

Hacking 140

Hacking Engineering Government Technology 140

WIRED Threat Level

OCTOBER 15, 2024

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

Artificial Intelligence 138

Artificial Intelligence 138

The Hacker News

OCTOBER 15, 2024

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

Malware 139

Malware 139

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Google Security

OCTOBER 15, 2024

Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off.

Authentication 137

Authentication Accountability Passwords Banking 137

Trend Micro

OCTOBER 15, 2024

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.

Ransomware 136

Ransomware Accountability 136

SecureWorld News

OCTOBER 15, 2024

The Pentagon has officially released the final rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0, setting the stage for full implementation by mid-2025. This new standard will require U.S. Department of Defense (DoD) contractors to meet specific cybersecurity requirements to better protect sensitive data and defense information. Public inspection of the rule began last Friday, and formal publication is expected by today, October 15, according to the DoD.

Risk 135

Risk Government Cybersecurity Accountability 135

The Hacker News

OCTOBER 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.

Software 134

Software Cybersecurity 134

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

We Live Security

OCTOBER 15, 2024

Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details via fake QR codes targeting electric car owners

132

132

The Hacker News

OCTOBER 15, 2024

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery.

Software 134

Software 134

Security Affairs

OCTOBER 15, 2024

GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server to bypass SAML SSOand unauthorized user access.

Encryption 127

Encryption Phishing Authentication Hacking 127

The Hacker News

OCTOBER 15, 2024

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week.

Banking 134

Banking 134

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

OCTOBER 15, 2024

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

Technology 113

Technology Artificial Intelligence 113

The Hacker News

OCTOBER 15, 2024

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload.

Malware 122

Malware Cybersecurity 122

Security Boulevard

OCTOBER 15, 2024

via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’ appeared first on Security Boulevard.

111

111

Approachable Cyber Threats

OCTOBER 15, 2024

Category CMMC, News Risk Level The long-awaited CMMC rule has finally been officially published and is accompanied by some beneficial changes from the original draft. We break them down for you so you and your organization can begin to prepare for the imminent enforcement. If you read our Race to CMMC Compliance breakdown or watched our recent Hive Live episode CMMC 101 , then you are already well-versed in the different levels and assessment requirements for the new Cybersecurity Maturity Model

Risk 110

Risk Penetration Testing Encryption Surveillance 110

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

OCTOBER 15, 2024

Read how AppOmni and Okta address the challenge of security teams correlating identity behavior with SaaS activity through the Shared Signals Framework (SSF). The post Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection appeared first on AppOmni. The post Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection appeared first on Security Boulevard.

108

108

SecureWorld News

OCTOBER 15, 2024

Now is the time, my friends. I didn't give this advice last year for Cybersecurity Awareness Month, but I'm sure giving it now. It's time to freeze your credit, and you can do that in less than an hour (maybe less than half an hour with this guide—my experience was fairly quick). Why? It's never been easier to open a fake account in your name. You have to assume that all of the pertinent info with which to do so is within the grasp of someone with the will to exploit what you've built.

Cybersecurity 104

Cybersecurity Accountability Password Management Passwords 104

Zero Day

OCTOBER 15, 2024

Roku's new integration features include a Camera Carousel, Smart Home Web View, and more notifications coming to your TV.

98

98

Heimadal Security

OCTOBER 15, 2024

Managing access to sensitive systems and data is more crucial than ever. Organizations across all industries face significant challenges in ensuring that their security measures keep pace with the complexities of user access management. To address these challenges, we’ve developed a comprehensive User Access Review (UAR) Policy Template, designed to streamline the process of managing […] The post Free & Downloadable User Access Review Policy Template – 2024 appeared first

97

97

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!