Fri.May 10, 2024

article thumbnail

How Can Businesses Defend Themselves Against Common Cyberthreats?

Tech Republic Security

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.

article thumbnail

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

The Hacker News

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.

139
139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Dell notifies customers about data breach

Malwarebytes

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

article thumbnail

Dell Data Breach Could Affect 49 Million Customers

Security Boulevard

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree. The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

Dell API abused to steal 49 million customer records in data breach

Bleeping Computer

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [.

article thumbnail

Google fixes fifth actively exploited Chrome zero-day this year

Security Affairs

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the wild since the start of the year.

More Trending

article thumbnail

Dell Hell: 49 Million Customers’ Information Leaked

Security Boulevard

DUDE! You’re Getting Phished. Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder. The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

Phishing 111
article thumbnail

Dell Data Breach Affects 49 Million Customers

Identity IQ

Dell Data Breach Affects 49 Million Customers IdentityIQ Dell Data Breach Affects 49 Million Customers Dell recently announced its investigation into a data breach exposing the personal information of more than 49 million customers. If you have purchased a Dell product in the past seven years, your information is likely exposed on the dark web. According to Bitdefender , Dell began emailing those affected on Wednesday, May 8, confirming that a portal containing the information had been breach

article thumbnail

Boeing refused to pay $200 million LockBit ransomware demand

Graham Cluley

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang.

article thumbnail

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

The Hacker News

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms.

Malware 107
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

For Whom the Dell Tolls: Data Breach Affects 49 Million Customers

SecureWorld News

Dell, one of the world's largest technology companies, has just disclosed a major data breach that may have compromised the personal information of tens of millions of current and former customers. According to an internal investigation by the computer giant, hackers managed to gain unauthorized access to Dell's databases sometime in 2022. The breach went undetected for several months before finally being discovered in early 2023.

article thumbnail

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We Live Security

We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action

104
104
article thumbnail

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

The Hacker News

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team.

article thumbnail

Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM

Penetration Testing

SolarWinds, a leading provider of IT management software, has taken swift action to address critical vulnerabilities in its Access Rights Manager (ARM) solution, patching two major flaws that could expose sensitive data and grant... The post Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

RSAC 2024 Takeaways: AI, Next-Gen Tech, Closing the Skills Gap and More

CompTIA on Cybersecurity

Adapting to AI, training the next generation of security workers, and more: CompTIA checks in from the leading cybersecurity conference in San Francisco.

article thumbnail

Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox

Penetration Testing

Technical details have emerged about a significant security vulnerability, CVE-2024-21115, which has been discovered in Oracle VM VirtualBox, a widely used product under Oracle Virtualization. This flaw can lead to the complete takeover of... The post Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox appeared first on Penetration Testing.

article thumbnail

Strengthening DDoS Protection with Threat Intelligence

SecureBlitz

Here, I will show you how to strengthen DDoS Protection with Threat Intelligence… When your adversaries get more creative, your defense has to get smarter. For businesses facing the threat of DDoS attacks, which means gaining greater insight into the weapons targeting your network and how best to act against them. There is no question […] The post Strengthening DDoS Protection with Threat Intelligence appeared first on SecureBlitz Cybersecurity.

DDOS 88
article thumbnail

Tycoon 2FA: The Evolving Threat Bypassing Multi-Factor Authentication

Penetration Testing

The cybersecurity landscape faces a growing threat as Tycoon 2FA, a sophisticated phishing-as-a-service (PhaaS) platform, continues to evolve and evade detection. A new report from Proofpoint highlights how this malicious kit is increasingly targeting... The post Tycoon 2FA: The Evolving Threat Bypassing Multi-Factor Authentication appeared first on Penetration Testing.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Ascension redirects ambulances after suspected ransomware attack

Bleeping Computer

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [.

article thumbnail

CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

The Hacker News

Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses.

article thumbnail

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

We Live Security

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024

article thumbnail

What's the Right EDR for You?

The Hacker News

A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Widely used Telit Cinterion modems open to SMS takeover attacks

Bleeping Computer

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.

article thumbnail

Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793)

Penetration Testing

Apple has released a crucial security update for its iTunes software on Windows, addressing a severe vulnerability that could allow remote attackers to execute malicious code on users’ computers. The flaw, tracked as CVE-2024-27793,... The post Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793) appeared first on Penetration Testing.

article thumbnail

The Week in Ransomware - May 10th 2024 - Chipping away at LockBit

Bleeping Computer

After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [.

article thumbnail

Cybersecurity Salary: How Much Can You Earn?

Security Boulevard

Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and. The post Cybersecurity Salary: How Much Can You Earn? appeared first on Security Boulevard.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Friday Five: Updated International Cyber Policy, Insights from DBIR and ONCD Reports, & More

Digital Guardian

As more insights continue to be unveiled from Verizon's DBIR report and a recently released report from the ONCD, governments and organizations are fighting to keep up with evolving threats. Get up to speed on these stories, the unmasking of LockBit's top admin, and more in this week's Friday Five.

article thumbnail

Widely used modems in industrial IoT devices open to SMS attack

Bleeping Computer

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.

article thumbnail

CVE-2024-32655: SQL Injection Flaw Discovered in Popular PostgreSQL Driver, Npgsql

Penetration Testing

A high-severity security vulnerability (CVE-2024-32655) has been discovered in Npgsql, a widely used open-source data provider for connecting.NET applications to PostgreSQL databases. The flaw, rated with a CVSS score of 8.1, could allow... The post CVE-2024-32655: SQL Injection Flaw Discovered in Popular PostgreSQL Driver, Npgsql appeared first on Penetration Testing.

article thumbnail

‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying

WIRED Threat Level

TunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.

VPN 81
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?