Schneier on Security

OCTOBER 7, 2024

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.

DDOS 257

DDOS 257

Tech Republic Security

OCTOBER 7, 2024

These 15 cyber attacks or data breaches impacted large swaths of users across the United States and changed what was possible in cybersecurity.

Data breaches 204

Data breaches Cyber Attacks Cybersecurity Software 204

We Live Security

OCTOBER 7, 2024

ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal.

Government 145

Government 145

Tech Republic Security

OCTOBER 7, 2024

Gain a comprehensive understanding of cybersecurity with this 12-hour, 5-course bundle that covers everything from foundational concepts to advanced strategies.

Cybersecurity 187

Cybersecurity Hacking Network Security 187

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

OCTOBER 7, 2024

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: ВГТРК) or Russian Television and Radio Broadcasting Company, also known as Russian Television and Radio,

Media 136

Media Cyber Attacks Backups Government 136

Tech Republic Security

OCTOBER 7, 2024

Read more about the U.S. Department of Justice and Microsoft’s efforts to interrupt the activities of Russian-based threat actor Star Blizzard, and learn how to protect from this threat.

Government 187

Government Software 187

Tech Republic Security

OCTOBER 7, 2024

Australian cyber professionals are reporting more job stress, partly due to skills gaps and other growing industry challenges.

Cybersecurity 179

Cybersecurity Cyber Attacks 179

SecureList

OCTOBER 7, 2024

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).

Phishing 134

Phishing Government Malware Software 134

Tech Republic Security

OCTOBER 7, 2024

DNS and IP address management is getting harder as multi-cloud strategies take over in Australia and the APAC region.

DNS 178

DNS 178

Security Affairs

OCTOBER 7, 2024

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected unauthorized activity in one of our internal applications.

Data breaches 134

Data breaches Identity Theft Hacking Ransomware 134

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

OCTOBER 7, 2024

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.

131

131

Security Affairs

OCTOBER 7, 2024

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.

Data breaches 132

Data breaches Telecommunications Ransomware Accountability 132

The Last Watchdog

OCTOBER 7, 2024

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP , a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA , has partnered with Hybrid Analysis , a platform that provides advanced malware analysis and threat intelligence, to enhance threat research. This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more effective threat mitigation s

Malware 130

Malware Engineering Cyber threats Phishing 130

Security Boulevard

OCTOBER 7, 2024

Akamai Technologies has made available at no extra cost a connector that makes it simpler for cybersecurity teams to discover application programming interfaces (APIs) that organizations have exposed via its content delivery network (CDN). The post Akamai Embeds API Security Connector in CDN Platform appeared first on Security Boulevard.

Technology 128

Technology Cybersecurity 128

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

OCTOBER 7, 2024

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.

Big data 128

Big data Software Hacking Information Security 128

The Hacker News

OCTOBER 7, 2024

Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack.

Cyber Attacks 127

Cyber Attacks Media 127

Security Boulevard

OCTOBER 7, 2024

The zero-trust model demands robust identity security, which needs continuous verification of individuals and systems. The post How to Prepare Identity Stack to Adopt the Zero-Trust Model appeared first on Security Boulevard.

Security Awareness 124

Security Awareness Cybersecurity 124

Malwarebytes

OCTOBER 7, 2024

Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on your screen—for example, the battery level, who’s calling you, or what item your finger is on.

Passwords 123

Passwords Mobile Software Risk 123

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

OCTOBER 7, 2024

The DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com last year. The post DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group appeared first on Security Boulevard.

Social Engineering 124

Social Engineering Cryptocurrency Engineering Hacking 124

Graham Cluley

OCTOBER 7, 2024

When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase. Little did he know that the cleaning machine scuttling about his family's feet contained a security flaw that could let anyone see and hear their every move. Read more in my article on the Hot for Security blog.

118

118

Security Boulevard

OCTOBER 7, 2024

There is a growing disconnect between the increasing sophistication of cybersecurity threats and the preparedness of IT teams to combat them, according to an O’Reilly study of more than 1300 IT professionals. The post Critical Skills Gap in AI, Cloud Security appeared first on Security Boulevard.

Cybersecurity 118

Cybersecurity 118

The Hacker News

OCTOBER 7, 2024

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.

Accountability 112

Accountability 112

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

OCTOBER 7, 2024

Understanding reachability is increasingly important for enterprises, as it can significantly influence their risk management strategies. The post Reachability and Risk: Prioritizing Protection in a Complex Security Landscape appeared first on Security Boulevard.

Risk 118

Risk Cybersecurity Network Security 118

Penetration Testing

OCTOBER 7, 2024

A new study has revealed the extent to which smart TVs use Automatic Content Recognition (ACR) technology to track users’ viewing habits. The research, conducted by a team of scientists... The post Your Smart TV is Watching You: New Research Reveals the Extent of ACR Tracking appeared first on Cybersecurity News.

Technology 111

Technology Cybersecurity 111

The Hacker News

OCTOBER 7, 2024

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.

Software 110

Software 110

SecureWorld News

OCTOBER 7, 2024

In a significant win against cybercrime, Microsoft, in collaboration with the U.S. Department of Justice (DOJ), successfully disrupted the operations of a Russian-backed hacking group known as Star Blizzard (also called ColdRiver or Callisto Group). Between January 2023 and August 2024, Star Blizzard launched persistent spear-phishing campaigns targeting civil society organizations, U.S. government agencies, and private companies.

Hacking 109

Hacking Cybercrime Phishing Government 109

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 7, 2024

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.

109

109

Malwarebytes

OCTOBER 7, 2024

A data breach at Financial Business and Consumer Solutions (FBCS), a US debt collection agency, has led to the loss of data of some Comcast Cable Communications and Truist Bank customers. FBCS is in the business of collecting unpaid debts on behalf of its customers. The data breach occurred in February 2024 and the cybercriminals responsible for the incident gained access to: Full names Social Security Numbers (SSNs) Date of birth Account information and other provider information ID card and/or

Banking 104

Banking Data breaches Identity Theft Insurance 104

The Hacker News

OCTOBER 7, 2024

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late!

Cybersecurity 109

Cybersecurity DDOS Scams Government 109

Approachable Cyber Threats

OCTOBER 7, 2024

Category Awareness, Compliance, Cybersecurity Fundamentals, FedRAMP, CMMC Risk Level NIST recently updated its decades-old password security guidance after years of scrutiny, skepticism, and flat-out ineffectiveness finally forced the agency to address practical security considerations and realistic threats while abandoning what many considered to be ineffective security theater.

Passwords 104

Passwords Password Management Authentication Risk 104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!