Thu.Jul 04, 2024

article thumbnail

Rethinking Cybersecurity in the Age of AI

Security Boulevard

IT managers and CSOs need to rethink their approach to cybersecurity and protect their organizations from this new breed of AI-powered attacks. The post Rethinking Cybersecurity in the Age of AI appeared first on Security Boulevard.

article thumbnail

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

WIRED Threat Level

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Smashing Silos With a Vulnerability Operations Center (VOC)

Security Boulevard

VOC enables teams to address the vulnerabilities that present the greatest risk to their specific attack surface before they can be exploited. The post Smashing Silos With a Vulnerability Operations Center (VOC) appeared first on Security Boulevard.

Risk 126
article thumbnail

Cyber Insurance Premiums Are Declining Worldwide as Businesses Improve Security, Howden Insurance Broker Report Finds

Tech Republic Security

Rates have declined by 15% since the market peak in 2022, according to Howden Insurance Brokers.

Insurance 148
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Compliance, Security and the Role of Identity

Security Boulevard

While compliance frameworks establish baseline requirements for data protection, they may not always align with the rapidly evolving threat landscape. The post Compliance, Security and the Role of Identity appeared first on Security Boulevard.

article thumbnail

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

Trend Micro

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

More Trending

article thumbnail

Ethereum mailing list breach exposes 35,000 to crypto draining attack

Bleeping Computer

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. [.

Phishing 114
article thumbnail

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The Hacker News

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024.

111
111
article thumbnail

Volcano Demon ransomware group rings its victims to extort money

Graham Cluley

Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims. Read more in my article on the Tripwire State of Security blog.

article thumbnail

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

The Hacker News

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top").

DDOS 107
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Authy phone numbers accessed by cybercriminals, warns Twilio

Malwarebytes

Twilio has warned users of the Authy multi-factor authentication (MFA) app about an incident in which cybercriminals may have obtained their phone numbers. Twilio said the cybercriminals abused an unsecured Application Programming Interface (API) endpoint to verify the phone numbers of millions of Authy multi-factor authentication users. Authy is an app that you install on your device which then produces a MFA code for you when logging into services.

article thumbnail

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

The Hacker News

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition.

106
106
article thumbnail

Cyber Criminals Don't Take Holidays, You Need a Solution That Doesn't Either

GlobalSign

During the holiday period, cyber threats are larger than ever – find out how to protect your business while having peace of mind through automated security solutions.

article thumbnail

OVHcloud mitigated a record-breaking DDoS attack in April 2024

Security Affairs

OVHcloud successfully mitigated a record-breaking DDoS attack in April, which reached 840 million packets per second (Mpps). The cloud services provider OVHcloud announced it has mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year. The attack reached a record packet rate of 840 million packets per second (Mpps). “Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps.

DDOS 98
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web Framework, Fiber

Penetration Testing

A high-severity vulnerability (CVE-2024-38513) has been discovered in Fiber, a widely-used web framework for the Go programming language. This flaw allows attackers to hijack user sessions, potentially leading to unauthorized access and data breaches.... The post CVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web Framework, Fiber appeared first on Cybersecurity News.

article thumbnail

Brazil data protection authority bans Meta from training AI models with data originating in the country

Security Affairs

Brazil’s data protection authority temporarily banned Meta from using data originating in the country to train its artificial intelligence. Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has imposed a temporary ban on Meta from processing users’ personal data for training its artificial intelligence (AI) models. “The National Data Protection Authority (ANPD) issued today a Preventive Measure determining the immediate suspension, in Brazil,

article thumbnail

Hackers attack HFS servers to drop malware and Monero miners

Bleeping Computer

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [.

Malware 108
article thumbnail

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Security Affairs

Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise. “In Splunk Enterprise versions below 9.0.10, 9.1.5, and

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Widespread Supply Chain Attack on NPM: Trojanized jQuery Discovered

Penetration Testing

A sophisticated and persistent supply chain attack targeting the popular JavaScript library jQuery has been uncovered by cybersecurity researchers at Phylum. The attack, which has been active since late May, involves the distribution of... The post Widespread Supply Chain Attack on NPM: Trojanized jQuery Discovered appeared first on Cybersecurity News.

article thumbnail

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

Security Affairs

Twilio states that threat actors have identified the phone numbers of users of its two-factor authentication app, Authy, TechCrunch reported. Last week, the notorious hacker ShinyHunters claimed to have stolen 33 million phone numbers from Twilio. This week the messaging firm told TechCrunch that “threat actors” identified data of Authy users, a two-factor authentication app owned by Twilio, including their phone numbers.

article thumbnail

Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities

Penetration Testing

Two critical vulnerabilities have been identified in the Logsign Unified SecOps Platform, a comprehensive software solution for security operations. These vulnerabilities, CVE-2024-5716 and CVE-2024-5717, when combined, can enable remote, unauthenticated code execution on the... The post Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

Healthcare fintech firm HealthEquity disclosed a data breach

Security Affairs

Healthcare firm HealthEquity disclosed a data breach caused by a partner’s compromised account that exposed protected health information. Healthcare fintech firm HealthEquity disclosed a data breach after a partner’s compromised account was used to access its systems. The intruders have stolen protected health information from the company systems.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884)

Penetration Testing

Recently, the Apache Software Foundation has rushed to release Apache HTTP Server version 2.4.61, a crucial update that addresses a severe source code disclosure vulnerability (CVE-2024-39884). This flaw, rated as “Important” by the Apache... The post Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884) appeared first on Cybersecurity News.

article thumbnail

The Runtime Secrets’ Security Gap

Security Boulevard

The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets. The post The Runtime Secrets’ Security Gap appeared first on Security Boulevard.

article thumbnail

Your PCI-DSS v4.0 Roadmap: Charting a Course of Education, Analysis & System Enhancements

Thales Cloud Protection & Licensing

Your PCI-DSS v4.0 Roadmap: Charting a Course of Education, Analysis & System Enhancements josh.pearson@t… Thu, 07/04/2024 - 07:00 The Payment Card Industry Data Security Standard (PCI-DSS) v4.0 is about protecting cardholder data and maintaining the secure reputation of the industry as a whole. Cyber threats are continuing to grow and evolve in frequency, vector and complexity requiring stronger protection, particularly for payments data.

article thumbnail

NTT DATA Romania Probes Security Incident as RansomHub Threatens Data Leak

Heimadal Security

The Romanian branch of NTT DATA has reportedly been targeted in a significant cyber attack, with the RansomHub ransomware group claiming responsibility. The hackers allege that they have exfiltrated 230 GB of sensitive data. The attack was first detected on June 14, 2024, and the cybercriminals have set a ransom deadline of July 5, 2024, […] The post NTT DATA Romania Probes Security Incident as RansomHub Threatens Data Leak appeared first on Heimdal Security Blog.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Privacy-Enhanced Data Sharing: How to Drive Business Growth by Protecting Your Data

Security Boulevard

If data is the new oil, then organizations will get little benefit from hoarding it. They need to share it between individuals, departments, organizations and/or systems to improve decision making and drive growth. But there are risks. To avoid major financial, reputational and legal repercussions, these same enterprises need to build “secure pipelines” down which that data can travel.

Risk 62
article thumbnail

Mekotio Banking Trojan Resurges, Targeting Latin American Financial Systems

Penetration Testing

A new wave of cyberattacks utilizing the sophisticated Mekotio banking trojan is raising alarms across Latin America, according to a recent report by Trend Micro Research. The malware, active since 2015 and primarily targeting... The post Mekotio Banking Trojan Resurges, Targeting Latin American Financial Systems appeared first on Cybersecurity News.

Banking 58
article thumbnail

Upskill, Reskill, or Hire? For GenAI, You Need All Three

Security Boulevard

The buzz around AI is palpable! The need for new skills and the rush to create AI-powered teams grows stronger – the whispers of Gen. Read More The post Upskill, Reskill, or Hire? For GenAI, You Need All Three appeared first on ISHIR | Software Development India. The post Upskill, Reskill, or Hire? For GenAI, You Need All Three appeared first on Security Boulevard.

article thumbnail

Social media and teen mental health – Week in security with Tony Anscombe

We Live Security

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Media 81
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?