Mon.Jul 08, 2024

article thumbnail

Industrial Cyber Security Basics Can Help Protect APAC Operational Technology Operators: Dragos

Tech Republic Security

Operational technology users face challenges including communication between process engineering and cyber security teams, a growth in malware and ransomware, and insiders making basic technology mistakes.

article thumbnail

CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows

Penetration Testing

The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code. The most severe vulnerability, CVE-2024-36138, is... The post CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked

Tech Republic Security

Last year, hackers breached an online forum used by OpenAI employees and stole confidential information about the firm’s AI systems.

Hacking 157
article thumbnail

AI-Powered Super Soldiers Are More Than Just a Pipe Dream

WIRED Threat Level

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events

Bleeping Computer

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. [.

Phishing 134
article thumbnail

Passwordless 360°: Unblocking the Challenges of FIDO Key Management

Thales Cloud Protection & Licensing

Passwordless 360°: Unblocking the Challenges of FIDO Key Management josh.pearson@t… Mon, 07/08/2024 - 23:25 Identity & Access Management Access Control Gregory Vigroux | Senior Product Manager More About This Author > With sensitive data and apps dispersed across fragmented computing environments, multi-factor authentication (MFA) has emerged as the best way to authenticate and protect our digital identities in the zero-trust security framework.

More Trending

article thumbnail

5 Best Endpoint Detection & Response (EDR) Solutions for 2024

Tech Republic Security

Endpoint detection and response (EDR) software is the best way to detect, investigate, and respond to advanced attacks. Endpoint detection and response software is a security solution that protects against malware and other threats.

Software 116
article thumbnail

Human Vigilance is Required Amid AI-Generated Cybersecurity Threats

Security Boulevard

While many organizations are adopting AI at an alarming pace to gain efficiencies and lower operating costs through technology and headcount reduction, they may also be sacrificing their security. The post Human Vigilance is Required Amid AI-Generated Cybersecurity Threats appeared first on Security Boulevard.

article thumbnail

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

The Hacker News

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

article thumbnail

Notepad finally gets spellcheck, autocorrect for all Windows 11 users

Bleeping Computer

Microsoft has finally released a spell check and autocorrect feature in Notepad for all Windows 11 users, forty-one years after the program was introduced in 1983. [.

120
120
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. RockYou2024 announcement: Source CyberNews The compilation (“rockyou2024.txt”) contains 9,948,575,739 unique plaintext passwords was posted on July 4th by a user with the handle “ObamaCare.” The experts believe the c

Passwords 116
article thumbnail

VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover

Penetration Testing

A proof-of-concept (PoC) exploit has been released, targeting a recently patched high-severity vulnerability (CVE-2024-22274) in the VMware vCenter Server. With a CVSS score of 7.2, the flaw allows attackers with administrative privileges to execute... The post VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover appeared first on Cybersecurity News.

article thumbnail

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399 , to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to depl

Malware 115
article thumbnail

Unleashing the Power of Next-Gen Agents for Robust Cloud-Native Security

Security Boulevard

While there’s no one-size-fits-all option for securing the cloud, next-generation agents thrive in these fast-moving environments and serve as the critical component of any cloud security strategy. The post Unleashing the Power of Next-Gen Agents for Robust Cloud-Native Security appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Microsoft: Windows 11 22H2 reaches end of service in October

Bleeping Computer

Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024. [.

Software 119
article thumbnail

Balancing Security and Convenience with EV Charging

Security Boulevard

Even as manufacturers tackle convenience issues, the need for digital trust throughout EV infrastructure and ecosystems still remains. The post Balancing Security and Convenience with EV Charging appeared first on Security Boulevard.

article thumbnail

Avast releases free decryptor for DoNex ransomware and past variants

Bleeping Computer

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. [.

article thumbnail

New APT Group "CloudSorcerer" Targets Russian Government Entities

The Hacker News

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

ZOTAC Security Breach Exposes Customer Data in Google Search

Penetration Testing

In a recent revelation, hardware manufacturer ZOTAC faced a significant security lapse that compromised sensitive customer information. Due to inadequate security policies within its after-sales system, critical data related to returns and exchanges became... The post ZOTAC Security Breach Exposes Customer Data in Google Search appeared first on Cybersecurity News.

article thumbnail

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

The Hacker News

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release.

article thumbnail

RCE bug in widely used Ghostscript library now exploited in attacks

Bleeping Computer

A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. [.

113
113
article thumbnail

Why SPRS Matters and 4 Steps to Improve Your Security Posture

Security Boulevard

The supplier performance risk system (SPRS) is a database maintained by the DoD that “utilizes suppliers’ performance data in areas of product delivery and quality to rate performance and predict potential risk.” The post Why SPRS Matters and 4 Steps to Improve Your Security Posture appeared first on Security Boulevard.

Risk 107
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

The Hacker News

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week.

Malware 105
article thumbnail

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

Online identities continue to be at risk of vulnerabilities. Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. This unprecedented leak has put the cybersecurity community and beyond on high alert—as if it was not already there—highlighting the ongoing need for robust digital security practices.

Passwords 104
article thumbnail

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

The Hacker News

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.

Banking 104
article thumbnail

Russia forces Apple to remove dozens of VPN apps from App Store

Bleeping Computer

Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. [.

VPN 106
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

RockYou2024: Nearly 10 Billion Passwords Exposed in Data Leak

Identity IQ

RockYou2024: Nearly 10 Billion Passwords Exposed in Data Leak IdentityIQ In a cybersecurity incident that has sent shockwaves through the online community, nearly 10 billion unique passwords have been exposed in the “RockYou2024” data breach. This unprecedented leak is believed to be the largest ever recorded, posing significant risks to individual users and organizations globally.

Passwords 104
article thumbnail

Navigating Authentication Challenges: A Closer Look at Contemporary CIAM

Security Boulevard

The need for robust authentication mechanisms has become paramount in the ever-evolving landscape of digital security. The post Navigating Authentication Challenges: A Closer Look at Contemporary CIAM appeared first on Security Boulevard.

article thumbnail

ChatGPT for Mac app flaw left users’ chat history exposed

Graham Cluley

OpenAI's ever-so-clever ChatGPT's software was doing something really-rather-stupid: storing users' chats on their Mac computers in plaintext. Read more in my article on the Hot for Security blog.

article thumbnail

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

The Hacker News

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week.

Malware 94
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?