Thu.Aug 29, 2024

article thumbnail

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

Schneier on Security

The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia

article thumbnail

The North American Have I Been Pwned Tour

Troy Hunt

It was 2019 that I was last in North America, spending time in San Francisco, Los Angeles, Vegas, Denver, Minnesota, New York and Seattle. The year before, it was Montreal and Vancouver and since then, well, things got a bit weird for a while. It's a shame it's been this long because North America is such an important part of the world for so many of the things we (including Charlotte in this too) do; it's the lion's share of the audience for my content, the companies whose s

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns

Tech Republic Security

Threat actors are abusing Microsoft Sway to host QR Code phishing campaigns.

Phishing 195
article thumbnail

CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE

Penetration Testing

A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a near-perfect CVSS score... The post CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE appeared first on Cybersecurity News.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Tech Republic Security

There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability.

185
185
article thumbnail

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ). using exploits previously used by surveillance software vendors NSO Group and Intellexa.

LifeWorks

More Trending

article thumbnail

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

The Hacker News

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.

Phishing 135
article thumbnail

Don’t Leave Your Digital Security to Chance: Get Norton 360

Tech Republic Security

Norton 360 Standard offers award-winning protection for your digital life — malware defense, cloud backup, and a VPN — for just $17.99 for a 15-month plan.

Backups 167
article thumbnail

North Korean Hackers Target Developers with Malicious npm Packages

The Hacker News

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets.

article thumbnail

Cisco addressed a high-severity flaw in NX-OS software

Security Affairs

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a high-severity flaw in the DHCPv6 relay agent. Cisco released security updates for NX-OS software that address multiple vulnerabilities. The most severe of the vulnerabilities fixed by the IT giant is a high-severity issue tracked as CVE-2024-20446. The vulnerability impacts the DHCPv6 relay agent of NX-OS, an attacker can trigger the flaw to cause a denial-of-service (DoS) condition. “This vulnerability is due t

Software 127
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

The Hacker News

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware.

Hacking 126
article thumbnail

Corona Mirai botnet spreads via AVTECH CCTV zero-day 

Security Affairs

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras.

Firmware 126
article thumbnail

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

The Hacker News

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware.

Mobile 126
article thumbnail

Google, Apple, and Discord Let Harmful AI 'Undress' Websites Use Their Sign-On Systems

WIRED Threat Level

Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

The Hacker News

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus.

Malware 124
article thumbnail

Fake Canva home page leads to browser lock

Malwarebytes

In a previous blog post , we showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. We continue this series with another clever trick abusing Canva , a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page.

article thumbnail

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

The Hacker News

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.

123
123
article thumbnail

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro

Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.

Malware 117
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled

Penetration Testing

The QiAnXin Threat Intelligence Center has disclosed the technical details of a sophisticated cyber espionage campaign dubbed “Operation DevilTiger,” orchestrated by the elusive APT-Q-12 group, also known as “Pseudo Hunter.”... The post Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled appeared first on Cybersecurity News.

article thumbnail

How to enhance the security of your social media accounts

Pen Test Partners

TL;DR Strong passwords : Use a password manager. Multi-factor authentication (MFA) : MFA requires multiple forms of identification, adding an extra layer of security. This makes it harder for unauthorised users to gain access even if they have your password. Phishing awareness : Stay alert to phishing attempts by scrutinising emails and messages that request personal information or direct you to suspicious websites.

Media 115
article thumbnail

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

WIRED Threat Level

Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.

Spyware 111
article thumbnail

Fake Palo Alto Tool Delivers Sophisticated Malware in Middle East Cyberattack

Penetration Testing

Trend Micro researchers have identified a sophisticated malware campaign specifically targeting organizations in the Middle East. This campaign leverages a meticulously crafted tool masquerading as the legitimate Palo Alto GlobalProtect... The post Fake Palo Alto Tool Delivers Sophisticated Malware in Middle East Cyberattack appeared first on Cybersecurity News.

Malware 110
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

The Hacker News

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances.

article thumbnail

New Snake Keylogger Variant Slithers Into Phishing Campaigns

Penetration Testing

Fortinet’s FortiGuard Labs has unearthed a new variant of the notorious Snake Keylogger, delivered through a malicious Excel document in a phishing campaign. This keylogger, also known as “404 Keylogger”... The post New Snake Keylogger Variant Slithers Into Phishing Campaigns appeared first on Cybersecurity News.

Phishing 110
article thumbnail

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

The Hacker News

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report.

Phishing 109
article thumbnail

Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security

Cisco Security

Hybrid mesh firewall platforms enable security policy enforcement between workloads and users across any network, especially in on prem-first organizations. Hybrid mesh firewall platforms enable security policy enforcement between workloads and users across any network, especially in on prem-first organizations.

Firewall 109
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Over 500,000 Members of Texas Credit Union Affected by Data Breach

SecureWorld News

Texas Dow Employees Credit Union (TDECU) has alerted the Maine Attorney General's Office that it is notifying more than 500,000 members about a significant data breach. The breach, detailed in the notification , occurred due to a hack on the MOVEit file transfer software more than a year ago—on May 29, 2023—which was only discovered on July 30th. The incident involved the theft of files containing sensitive personal information, including names, dates of birth, Social Security numbers, bank acco

article thumbnail

$2.5 million reward offered for hacker linked to notorious Angler Exploit Kit

Graham Cluley

Who doesn't fancy earning US $2.5 million? That's the reward that's on offer from US authorities for information leading to the arrest and/or conviction of the man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. Read more in my article on the Tripwire State of Security blog.

Malware 106
article thumbnail

Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One)

Heimadal Security

Top cybersecurity companies play a pivotal role in addressing the financial impact of cybercrime, as evidenced by Cybersecurity Ventures’ forecast that in 2024, global cybercrime damage costs will reach $9.5 trillion USD annually, $793 billion USD monthly, and $182.5 billion USD weekly. As the need for strong security measures increases, the cybersecurity technology sector has […] The post Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One) appeared first on

article thumbnail

‘Big-game hunting’ – Ransomware gangs are focusing on more lucrative attacks

Graham Cluley

2024 looks set to be the highest-grossing year yet for ransomware gangs, due - in no small part - to emboldened cybercriminals causing costly disruption at larger companies. Read more in my article on the Exponential-e blog.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!