Wed.Nov 13, 2024

article thumbnail

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches. 11 years and 14 billion breached records later, I'm still surp

article thumbnail

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem

NSTIC

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.

Insurance 133
article thumbnail

China’s Volt Typhoon botnet has re-emerged

Security Affairs

China’s Volt Typhoon botnet has re-emerged, using the same core infrastructure and techniques, according to SecurityScorecard researchers. The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers. In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.

VPN 120
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Amazon's Latest Data Breach a Ripple Effect of MOVEit

SecureWorld News

On Monday, November 11, Amazon confirmed a data breach that impacted its employee data. The breach, linked to the infamous MOVEit Transfer vulnerability, underscores the far-reaching consequences of last year's major supply chain attack. The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems.

article thumbnail

Mapping License Plate Scanners in the US

Schneier on Security

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.

Mobile 300

LifeWorks

More Trending

article thumbnail

These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER

Security Boulevard

‘Bobby’ flaw flagged WONTFIX: Company doesn’t make storage devices now; has zero interest in fixing this catastrophic vulnerability. The post These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER appeared first on Security Boulevard.

Internet 128
article thumbnail

Patch Tuesday: Four Critical Vulnerabilities Paved Over

Tech Republic Security

The November 2024 Microsoft updates let Windows 11 users remap the Copilot button.

Software 187
article thumbnail

CVE-2024-10914: Critical Flaw in D-Link NAS Devices Actively Exploited, No Patch!

Penetration Testing

A critical command injection vulnerability (CVE-2024-10914) impacting numerous end-of-life D-Link network-attached storage (NAS) devices is currently under active exploitation. This vulnerability, assigned a CVSSv3 score of 9.2, poses a significant... The post CVE-2024-10914: Critical Flaw in D-Link NAS Devices Actively Exploited, No Patch!

article thumbnail

SSL Certificate Best Practices Policy

Tech Republic Security

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers. The purpose of this SSL Certificate Best Practices Policy, created by.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

PlatformEngineering.com: Strengthening Security in the Software Development Lifecycle 

Security Boulevard

The Techstrong Group is thrilled to announce the launch of PlatformEngineering.com, a new platform dedicated to advancing the platform engineering discipline. This addition to the Techstrong family—including Security Boulevard—promises to be a critical resource for organizations seeking to enhance their software delivery pipelines while ensuring robust security measures.

article thumbnail

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

The Hacker News

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware.

article thumbnail

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

WIRED Threat Level

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

article thumbnail

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

The Hacker News

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash.

Phishing 131
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

WIRED Threat Level

Three technologists in India used a homemade Faraday cage and a microwave oven to get around Apple’s location blocks.

Hacking 125
article thumbnail

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

The Hacker News

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices.

IoT 122
article thumbnail

RustyAttr Trojan: Lazarus Group’s New macOS Malware Evades Antivirus with Ease

Penetration Testing

Researchers at Group-IB have discovered a new stealth technique employed by the North Korean APT group Lazarus, targeting macOS systems through a unique code-smuggling method. Known for its sophisticated cyber-espionage... The post RustyAttr Trojan: Lazarus Group’s New macOS Malware Evades Antivirus with Ease appeared first on Cybersecurity News.

Antivirus 114
article thumbnail

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

The Hacker News

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis.

115
115
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

7 things to know about Bluesky before you join - and why you should

Zero Day

It's not a direct replacement for Twitter (X), but Bluesky has a lot to offer those who want a fresh start in a decentralized, privacy-minded network.

111
111
article thumbnail

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

Security Boulevard

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods [.

59
article thumbnail

How Amazon Haul aims to beat Temu and Shein with its $20-or-less store

Zero Day

If you're wary of purchasing from popular discount apps, you now have a new, more familiar option with 'crazy low prices'.

110
110
article thumbnail

Comprehensive Guide to Building a Strong Browser Security Program

The Hacker News

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Bluesky picks up 1 million new users since US election as more people exit X

Zero Day

Bluesky is now home to more than 15 million users amid a growing decline in X's audience.

110
110
article thumbnail

Safer with Google: New intelligent, real-time protections on Android to keep you safe

Google Security

Posted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. From Gmail’s defenses that stop more than 99.9% of spam, phishing and malware, to Google Messages’ advanced security that protects users from 2 billion suspicious messages a month and beyond, we're constantly develo

Scams 101
article thumbnail

How to add PGP support on Android for added security and privacy

Zero Day

If you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there's one clear and easy route to success.

article thumbnail

Sorting the SOC Drawer: How to Tidy Up Cybersecurity Tools

Security Boulevard

The post Sorting the SOC Drawer: How to Tidy Up Cybersecurity Tools appeared first on Votiro. The post Sorting the SOC Drawer: How to Tidy Up Cybersecurity Tools appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

I've tested a lot of AI tools for work. These are the four I use almost daily to get more done - faster

Zero Day

My top picks are easy to use, boost my productivity at work - and most are free.

107
107
article thumbnail

ESET Research Podcast: Gamaredon

We Live Security

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

article thumbnail

Businesses must reinvent themselves in the age of agentic AI

Zero Day

Being prepared for reinvention is crucial in an AI-first future. This research suggests your architecture and mindset need to adapt accordingly.

article thumbnail

Smashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?

Graham Cluley

Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection. in a Travelodge outside Oxford. Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there's yet more headaches for troubled 2

Hacking 77
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!