Tue.Jun 04, 2024

article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

article thumbnail

Paris Olympics 2024: Cyber Attackers are Targeting Companies Associated With Games, Report Finds

Tech Republic Security

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

The Last Watchdog

Business data today gets scattered far and wide across distributed infrastructure. Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations. At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

Big data 162
article thumbnail

Cisco Live 2024: Cisco Unveils AI Deployment Solution With NVIDIA

Tech Republic Security

A $1 billion commitment will send Cisco money to Cohere, Mistral AI and Scale AI.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

WIRED Threat Level

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

article thumbnail

6 Best VPNs for the UK in 2024

Tech Republic Security

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 193

LifeWorks

More Trending

article thumbnail

TargetCompany’s Linux Variant Targets ESXi Environments

Trend Micro

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

article thumbnail

Inside the Biggest FBI Sting Operation in History

WIRED Threat Level

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

article thumbnail

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

The Hacker News

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

article thumbnail

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the telecommunications giant.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

The Hacker News

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.

article thumbnail

Utility scams update

Malwarebytes

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.

Scams 135
article thumbnail

Was the Ticketmaster Leak Snowflake’s Fault?

Security Boulevard

Snowflake, Inc. says NO, threatening legal action against those who say it was. But reports are coming in of several more massive leaks from other Snowflake customers. The post Was the Ticketmaster Leak Snowflake’s Fault? appeared first on Security Boulevard.

article thumbnail

Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

Security Affairs

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. Resecurity has uncovered a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known as “V3B”) to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accou

Banking 132
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

The Hacker News

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.

article thumbnail

CISOs and Senior Leadership at Odds Over Security

Security Boulevard

Only half of cybersecurity leaders feel their C-suite understands cybersecurity risks, a Trend Micro survey found. Four in five have been told to downplay a potential risk’s severity. The post CISOs and Senior Leadership at Odds Over Security appeared first on Security Boulevard.

CISO 129
article thumbnail

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

The Hacker News

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts.

Malware 129
article thumbnail

8 Takeaways from Apple 2023 Threat Research

Security Boulevard

The newly-released Apple cybersecurity threat study reveals interesting data points and demonstrates how the threat landscape is evolving. The post 8 Takeaways from Apple 2023 Threat Research appeared first on Security Boulevard.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Microsoft deprecates Windows NTLM authentication protocol

Bleeping Computer

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. [.

article thumbnail

Debt collection agency FBCS leaks information of 3 million US citizens

Malwarebytes

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification , listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors.

article thumbnail

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

The Hacker News

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant.

125
125
article thumbnail

ARRL says it was hacked by an "international cyber group"

Bleeping Computer

American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. [.

Hacking 119
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Next Generation of RBI (Remote Browser Isolation)

The Hacker News

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.

Malware 118
article thumbnail

Russian Threat Groups Turn Eyes to the Paris Olympic Games

Security Boulevard

Russian threat groups are using old tactics and generative AI to run malicious disinformation campaigns meant to discredit the Paris Olympic Games, France and its president, and the IOC fewer than two months before the Games begin. The post Russian Threat Groups Turn Eyes to the Paris Olympic Games appeared first on Security Boulevard.

article thumbnail

Cisco Security at Cisco Live 2024: Innovating at Scale

Cisco Security

No matter how reliable and performant your network is, it doesn’t matter if it’s not secure. To help make the world a safer place, we need to reimagine security. No matter how reliable and performant your network is, it doesn’t matter if it’s not secure. To help make the world a safer place, we need to reimagine security.

article thumbnail

Russians Love YouTube. That’s a Problem for the Kremlin

WIRED Threat Level

YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking advantage.

Media 113
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cisco Enhances Zero Trust Access with Google

Cisco Security

Cisco and Google are collaborating to help organizations block threats and secure access across internet destinations and private applications. Cisco and Google are collaborating to help organizations block threats and secure access across internet destinations and private applications.

Internet 116
article thumbnail

AI Is Your Coworker Now. Can You Trust It?

WIRED Threat Level

Generative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about.

Hacking 111
article thumbnail

SafetyDetectives Interview With Daniel Segun – CEO and Founder of SecureBlitz

SecureBlitz

In the latest SafetyDetectives interview, we sat down with Daniel Segun, the CEO and Founder of SecureBlitz Cybersecurity Media. With a passion for cybersecurity that began in childhood, Daniel has dedicated his career to making online security information accessible to everyone. During our conversation, he shared insights into SecureBlitz’s mission to empower users through clear, actionable content. […] The post SafetyDetectives Interview With Daniel Segun – CEO and Founder of Secur

Media 110
article thumbnail

Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights

Security Boulevard

The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Votiro. The post Privacy Reimagined: The Impact of the American Privacy Act on Consumer Rights appeared first on Security Boulevard.

109
109
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!