Krebs on Security

NOVEMBER 1, 2024

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Phishing 272

Phishing Accountability Artificial Intelligence Cybercrime 272

Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.

Spyware 143

Spyware Media Malware Hacking 143

Malwarebytes

NOVEMBER 1, 2024

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers.

Phishing 123

Phishing Advertising Engineering Risk 123

Security Boulevard

NOVEMBER 1, 2024

Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. The post Ô! China Hacks Canada too, Says CCCS appeared first on Security Boulevard.

Hacking 128

Hacking Social Engineering Cyber Attacks Data privacy 128

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

IT Security Guru

NOVEMBER 1, 2024

In today’s interconnected world, national security concerns have evolved beyond traditional military threats. As technology advances, so do the methods and motivations of those who seek to disrupt global stability. Understanding these threats is crucial for nations looking to protect their citizens, economies, and overall stability. This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental con

Technology 109

Technology Cyber Attacks Government Social Engineering 109

Security Boulevard

NOVEMBER 1, 2024

GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover. The post GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices appeared first on Security Boulevard.

IoT 127

IoT Technology Cybersecurity Threat Detection 127

Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants.

Spyware 98

Spyware Media Malware Hacking 98

Heimadal Security

NOVEMBER 1, 2024

The European Commission has adopted new cybersecurity rules for critical infrastructure across the EU, taking a major step toward enhancing digital resilience. This implementing regulation under the updated NIS2 Directive specifies cybersecurity measures for essential sectors and outlines when companies must report significant incidents to national authorities.

Cybersecurity 97

Cybersecurity 97

Penetration Testing

NOVEMBER 1, 2024

The researcher published the technical details and a proof-of-concept (PoC) exploit for CVE-2024-38821 (CVSS 9.1). This vulnerability, affecting versions of Spring WebFlux, allows attackers to access restricted resources under certain... The post PoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821 appeared first on Cybersecurity News.

Cybersecurity 76

Cybersecurity 76

Security Boulevard

NOVEMBER 1, 2024

Keep Your Organization Safe with Up-to-Date CVE Information Cybersecurity vulnerability warnings from the National Institute of Standards and Technology (NIST) continue to identify critical concerns. If not promptly addressed, your organization is at risk. Recent high-severity vulnerabilities highlight the urgent need for timely patching and updates to defend against both existing and new threats.

Cybersecurity 64

Cybersecurity Technology Risk 64

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Penetration Testing

NOVEMBER 1, 2024

The EclecticIQ Threat Research Team recently unveiled a new malvertising campaign linked to the notorious LUNAR SPIDER group, a Russian-speaking, financially motivated cybercriminal organization known for deploying high-profile malware families... The post LUNAR SPIDER Resurfaces: Financial Sector Targeted in Latest Malvertising Campaign appeared first on Cybersecurity News.

Malware 70

Malware Cybersecurity 70

Security Boulevard

NOVEMBER 1, 2024

Microsoft is again delaying the release of its controversial Recall feature for new Windows Copilot+ PCs until December to get new security capabilities in place and hopefully avoid the industry backlash it faced when first introducing the tool in May. The post Microsoft’s Controversial Recall Feature Release Delayed Again appeared first on Security Boulevard.

Data privacy 72

Data privacy Security Awareness Mobile Cybersecurity 72

BH Consulting

NOVEMBER 1, 2024

ChatGPT has been many people’s first encounter with generative AI, to understand what it does or how it might help them. But it comes with concerns, especially in sensitive areas like data privacy and intellectual property. This blog analyses those risks and gives guidance on whether you can deploy it safely. If your business hasn’t started using ChatGPT, even unofficially, there’s a good chance that might change soon.

Data privacy 59

Data privacy Risk Encryption Internet 59

Security Boulevard

NOVEMBER 1, 2024

Insight #1: You can be sued for your junky software, EU says The EU recently updated its Product Liability Directive ( PDF ) to reflect the critical role of software in modern society. This means software vendors are now liable for defects that cause harm, including personal injury, property damage or data loss. This change emphasizes the growing importance of prioritizing safety and security in software development.

CISO 59

CISO Cybersecurity Data breaches Software 59

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

NOVEMBER 1, 2024

Microsoft warns that Chinese threat actors steal credentials in password-spray attacks by using the Quad7 (7777) botnet, which is made up of hijacked SOHO routers. Quad7 is a botnet that consists of compromised SOHO routers. Cybersecurity specialists reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless devices, Axentra […] The post Microsoft Reveals Chinese Threat Actors Use Quad7 Botnet to Steal Credentials appeared first on Heim

Wireless 52

Wireless Passwords Cybersecurity 52

Security Boulevard

NOVEMBER 1, 2024

Authors/Presenters:niks, Charles Waterhouse Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – AppSec Village – Hacking Corporate Banking for Fun and Profit appeared first on Security Boulevard.

Banking 64

Banking Hacking Education Cybersecurity 64

The Hacker News

NOVEMBER 1, 2024

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.

Passwords 136

Passwords 136

Security Boulevard

NOVEMBER 1, 2024

Supply chain security for servers, PCs, laptops, and devices has correctly focused on protecting these systems from vulnerabilities introduced through third-party suppliers. The applicable supply chains range from design and manufacturing to distribution and integration. Each stage presents potential risks, as malicious actors could introduce compromised components, counterfeit products, or software backdoors that could be […] The post Why Supply Chain Security Demands Focus on Hardware appeared

Manufacturing 59

Manufacturing Software Risk 59

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

NOVEMBER 1, 2024

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim.

Cybersecurity 135

Cybersecurity 135

Security Boulevard

NOVEMBER 1, 2024

Foreign adversaries proactively interfering in U.S. presidential elections is nothing new. Related: Targeting falsehoods at US minorities, US veterans It’s well-documented how Russian intelligence operatives proactively meddled with the U.S. presidential election in 2016 and technologists and regulators have been … (more…) The post Shared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. elections first appeared on The Last Watchdog.

59

59

The Hacker News

NOVEMBER 1, 2024

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event.

Cybersecurity 123

Cybersecurity 123

WIRED Threat Level

NOVEMBER 1, 2024

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Hacking 115

Hacking 115

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

NOVEMBER 1, 2024

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.

Artificial Intelligence 119

Artificial Intelligence 119

Zero Day

NOVEMBER 1, 2024

'The window for proactive risk prevention is closing fast,' the company warns. Here's why.

Government 110

Government Risk 110

The Hacker News

NOVEMBER 1, 2024

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams.

Data breaches 111

Data breaches Risk 111

Zero Day

NOVEMBER 1, 2024

Some 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.

107

107

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

NOVEMBER 1, 2024

What’s New in CJIS 5.9.5 as it Relates to Firmware Security? n the latest CJIS Security Policy, the FBI is now requiring that IT firmware be verified for integrity and monitored for unauthorized changes. Failure to comply with it can lead to denial of access to information in the CJIS system, as well as monetary […] The post Getting the Gist of CJIS - 5.9.5 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Firmware 59

Firmware 59

Zero Day

NOVEMBER 1, 2024

Your hearing health is important to your mental or physical health. Now, Apple's new hearing health features can help you track, manage, and supplement it. Here's how.

106

106

Security Boulevard

NOVEMBER 1, 2024

It’s hard not to see IoT security failures in the news because they can be dramatic, and this week was no different. The Register reported that in Moscow a skyscraper-high plume of sewage had erupted, with speculation that Ukrainian hackers were behind it (the official explanation was that it was a gas release because of […] The post IoT Security Failures Can Be Sh*tty appeared first on Viakoo, Inc.

IoT 72

IoT 72

Zero Day

NOVEMBER 1, 2024

Key features make the CMF Phone 1 one of the few budget phones I'd recommend to almost anyone. Just make sure your carrier supports it.

97

97

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!