Schneier on Security
DECEMBER 13, 2024
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary : On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer.
Tech Republic Security
DECEMBER 13, 2024
Australian IT pros are urged to strengthen defenses as Chinese cyber threats target critical infrastructure and sensitive data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
DECEMBER 13, 2024
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection.
Security Boulevard
DECEMBER 13, 2024
An unknown hacker called MUT-1244 used information-stealing malware to not only grab sensitive data from cybersecurity professionals but also to steal WordPress credentials from other bad actors who had bought them on the dark web. The post Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors appeared first on Security Boulevard.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Hacker News
DECEMBER 13, 2024
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations.
WIRED Threat Level
DECEMBER 13, 2024
A flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on Americas hottest new conspiracy theory.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
DECEMBER 13, 2024
Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homelandand the Pentagon's ability to respond is limited.
The Hacker News
DECEMBER 13, 2024
Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States.
SecureWorld News
DECEMBER 13, 2024
Automation is the backbone of modern IT and DevOps operations, which is why open-source Infrastructure as Code (IaC) tools like Ansible are gaining momentum with organizations looking to enhance their efficiency. However, the scourge of today's technological boom is that convenience is often prioritized over security. Some enterprises neglect to leverage the full protection potential of modern solutions, only to be swamped in questionably effective and tedious manual routines.
The Hacker News
DECEMBER 13, 2024
A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
DECEMBER 13, 2024
Your main business is healthcare, so your excuse when you get hacked is that you didnt have the budget to secure your network. Am I right? So, in order to prevent a ransomware gang from infiltrating your network, you could just give them what they wantall your data. The seemingly preferred method to accomplish this is to leave the information unprotected and unencrypted in an exposed Amazon S3 bucket.
WIRED Threat Level
DECEMBER 13, 2024
AI creates what its told to, from plucking fanciful evidence from thin air, to arbitrarily removing peoples rights, to sowing doubt over public misdeeds.
Security Boulevard
DECEMBER 13, 2024
By focusing on prioritized, actionable insights, security teams can keep pace with the rapid expansion of the attack surface, manage frequent changes across their digital infrastructure and proactively address evolving attack tactics, techniques and procedures (TTPs). The post Drowning in Visibility? Why Cybersecurity Needs to Shift from Visibility to Actionable Insight appeared first on Security Boulevard.
Security Affairs
DECEMBER 13, 2024
The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox (“rydox.ru” and “rydox[.]cc”). The U.S. Department of Justice (DoJ) seized Rydox, a cybercrime marketplace for selling stolen personal data and fraud tools. Kosovars authorities arrested three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
DECEMBER 13, 2024
This video covers Malone Lam and Jeandiel Serranos $230 million Bitcoin heist that involved using social engineering to bypass security. The scammers spent the stolen funds on luxury items but were caught after bragging online. Our expert highlights the risks of social engineering and the need for strong online security. The post Video: How Two Crypto Scammers Stole $230 Million in Bitcoin appeared first on eSecurity Planet.
The Hacker News
DECEMBER 13, 2024
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual You Did What with Tines?!
WIRED Threat Level
DECEMBER 13, 2024
The white supremacist Robert Rundo faces years in prison. But the Active Club network he helped create has proliferated in countries around the world, from Eastern Europe to South America.
We Live Security
DECEMBER 13, 2024
Our computers on wheels are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
DECEMBER 13, 2024
Healthcare organizations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyberattacks with severe consequences. The post Ransomware in the Global Healthcare Industry appeared first on Security Boulevard.
Zero Day
DECEMBER 13, 2024
Looking for a high-quality microphone to start your podcast, or do you just need a reliable mic for Discord and work calls? We tested the best streaming mics from Shure, SteelSeries, and more.
Penetration Testing
DECEMBER 13, 2024
Patchstack has disclosed two critical vulnerabilities in the widely used Woffice WordPress theme, a premium intranet/extranet solution with over 15,000 sales. Developed by Xtendify, the Woffice theme offers team and... The post Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers appeared first on Cybersecurity News.
We Live Security
DECEMBER 13, 2024
Aggregate vulnerability scores dont tell the whole story the relationship between a flaws public severity rating and the specific risks it poses for your company is more complex than it seems
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
DECEMBER 13, 2024
Deep Instinct Security Researcher Eliran Nissan has uncovered a new and potent lateral movement technique, DCOM Upload & Execute, redefining how attackers might exploit Distributed Component Object Model (DCOM) interfaces... The post DCOM Upload & Execute: A New Backdoor Technique Unveiled appeared first on Cybersecurity News.
Thales Cloud Protection & Licensing
DECEMBER 13, 2024
Thales and Imperva Win Big in 2024 madhav Fri, 12/13/2024 - 08:36 At Thales and Imperva, we are driven by our commitment to make the world safer, and nothing brings us more satisfaction than protecting our customers from daily cybersecurity threats. But that doesnt mean we dont appreciate winning the occasional award. In the year since Imperva joined forces with Thales, lets review the cybersecurity industry accolades and recognition weve both received this year.
Penetration Testing
DECEMBER 13, 2024
Kaspersky Labs has unveiled research on the return of “The Mask,” also known as Careto, a legendary Advanced Persistent Threat (APT) actor. After a decade-long silence since its last known... The post Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 13, 2024
The brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies to publish predictions to capitalize on media attention.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Hacker Combat
DECEMBER 13, 2024
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the. The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
Security Boulevard
DECEMBER 13, 2024
Cybercriminals are employing increasingly sophisticated methods to access our money and data, making this issue particularly relevant for large European banks, where significant financial assets are concentrated. The post Digital Finance: How Do Banks Protect Their Customers Money and Data from Cybercriminals? appeared first on Security Boulevard.
Security Affairs
DECEMBER 13, 2024
The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox malware pre-installed. The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The devices were all located in Germany, they were all using outdatedAndroidversions. “The Federal Office for Information Security (BSI) has now blocked communication between the malware and the computer in up to 30,00
Digital Shadows
DECEMBER 13, 2024
With the ever-growing cybersecurity threats companies face today and a shortage of cybersecurity talent, its no wonder that many are turning to MDR solutions. Ideally, managed detection and response providers can help companies tackle problems like overburdened security teams, lack of expertise in cloud security, or alert noise. Choosing the right MDR provider for your organization is crucial, so its important to evaluate their capabilities before committing.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
247 
Let's personalize your content