Schneier on Security
FEBRUARY 1, 2024
Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.
Krebs on Security
FEBRUARY 1, 2024
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
FEBRUARY 1, 2024
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. [.
Penetration Testing
FEBRUARY 1, 2024
Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers. Discovered on January 10, 2024, by JPCERT/CC, this vulnerability has... The post Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnât hand those out too freely. You have stuff thatâs worth protectingâand the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
FEBRUARY 1, 2024
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. [.
Security Boulevard
FEBRUARY 1, 2024
a/k/a BRONZE SILHOUETTE: FBI head Wray wonât tolerate Chinaâs âreal-world threat to our physical safety.â The post FBI Warning: China Will Hack US Infra. (via Router Botnet) appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
SecureWorld News
FEBRUARY 1, 2024
The United States continues to grapple with cyber intrusions emanating from sophisticated hacking groups affiliated with the Chinese government. In December 2023, the U.S. government conducted an extensive operation to disrupt a Chinese state-sponsored botnet that was being used to conceal attacks against American critical infrastructure organizations, the Justice Department announced this week.
Bleeping Computer
FEBRUARY 1, 2024
An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. [.
Security Boulevard
FEBRUARY 1, 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally. The post The State of Ransomware 2024 appeared first on Security Boulevard.
We Live Security
FEBRUARY 1, 2024
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
FEBRUARY 1, 2024
In testimony before the House Select Committee on the Chinese Communist Party yesterday, FBI Director Christopher Wray delivered an ominous message: âChinaâs hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.
Malwarebytes
FEBRUARY 1, 2024
In an unusually emotional and unified setting, the Senate Judiciary Committee found common ground for the need to protect children online yesterday. On January 31, 2024, the CEOs of the most widely used social media platforms appeared before the Committee. Metaâs Mark Zuckerberg, X’s Linda Yaccarino, TikTok’s Shou Chew, Snap’s Evan Spiegel, and Discord’s Jason Citron listened to accusations and answered questions about what they were doing to protect children using their
Security Boulevard
FEBRUARY 1, 2024
The German automotive giant Mercedes-Benz found itself on the wrong end of a software supply chain incident after RedHunt Labs found a leaked GitHub token belonging to an employee of the carmaker that granted "'unrestrictedâ and 'unmonitored'" access to the entirety of source code hosted on Mercedesâ internal GitHub Enterprise Server. The post Lessons from the Mercedes-Benz GitHub source code leak appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 1, 2024
The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans. Unsurprisingly, this is also the time of year where we see an increase in tax-related scams.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
FEBRUARY 1, 2024
In the contemporary digital landscape, new threats emerge constantly. If someone connects to the Internet, it exposes organizations to the risk of being targeted by hackers. Cyber threats have advanced into the industry, making security an important aspect of spreading awareness for both businesses and governments worldwide. For companies without the help of cybersecurity services, [âĤ] The post How Does Cybersecurity Services Prevent Businesses From Cyber Attacks?
WIRED Threat Level
FEBRUARY 1, 2024
A loose coalition of anti-censorship voices is working to highlight reports of one Indian companyâs hacker-for-hire pastâand the legal threats aimed at making them disappear.
Security Affairs
FEBRUARY 1, 2024
A US man has been sentenced to federal prison for his role in a fraudulent scheme that resulted in the theft of millions of dollars through SIM swapping. Daniel James Junk (22) of Portland was sentenced to 72 months in federal prison for his role in a scheme that resulted in the theft of millions of dollars of cryptocurrency using a SIM swapping. The man conducted SIM swapping attacks to take control of victimsâ phone numbers tricking the mobile operator employees into porting them to SIMs under
Bleeping Computer
FEBRUARY 1, 2024
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
FEBRUARY 1, 2024
Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. The attackers were observed exploiting CVE-2023-46805 and CVE-2024-21887 to execute arbitrary commands on the unpatched Ivanti devices.
Bleeping Computer
FEBRUARY 1, 2024
The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. [.
Approachable Cyber Threats
FEBRUARY 1, 2024
Category Awareness, Cybersecurity Fundamentals, News Risk Level Google and Yahoo are requiring DMARC beginning February 2024. So what does that mean for your organization, and how do you implement it? Starting February 1, 2024, Google and Yahoo will implement new requirements for inbound email, primarily geared toward bulk senders. However, the changes may result in potential delivery (and cybersecurity) issues for your organization and customers if the requirements are not implemented correctly
Security Boulevard
FEBRUARY 1, 2024
CISA and FBI have jointly issued a warning about the threat posed by AndroxGh0st malware, emphasizing its use in establishing a botnet for âvictim identification and exploitation within target networks.â Originating in a Lacework report from December 2022, AndroxGh0st, a Python-based malware, has spawned similar tools such as AlienFox, GreenBot (aka Maintance), Legion, and Predator. [âĤ] The post CISA and FBI Warn of AndroxGh0st Malware Threat appeared first on TuxCare.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
FEBRUARY 1, 2024
CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2,
Security Boulevard
FEBRUARY 1, 2024
Seasoned security leader joins TrustCloud to meet demand for programmatic, predictive security, privacy, and assurance solutions that go beyond GRC automation Boston MA â February 1, 2024 â TrustCloudâ˘, the Trust Assurance platform using AI to upgrade GRC into a profit center, today announced the appointment of TJ McDonough as SVP of Sales and Customer [âĤ] The post TrustCloud Expands Executive Team, Adds TJ McDonough as SVP of Sales and Customer Success first appeared on TrustCloud.
Security Affairs
FEBRUARY 1, 2024
Passports, mobile numbers, and email addresses of Indian travelers who requested COVID e-pass have been leaked, 3.5M individuals at risk of identity theft. Last year, due to an increase in the number of people with COVID-19, Tamil Nadu, the southernmost state in India with a population of 79 million, made a COVID e-pass mandatory. This meant that all inter-zone travelers needed to apply for it online and enter a great deal of their personally identifiable information (PII).
Penetration Testing
FEBRUARY 1, 2024
A high-severity flaw has been found in a popular WordPress plugin. The affected plugin, Website Builder by SeedProd, has over 900,000 installations. The Website Builder by SeedProd is a powerful and user-friendly WordPress plugin... The post CVE-2024-1072: Critical Flaw in SeedProd Plugin Exposes 900K WordPress Sites appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, âDo you know whatâs in your software?
Bleeping Computer
FEBRUARY 1, 2024
Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. [.
Penetration Testing
FEBRUARY 1, 2024
In the ever-evolving Internet landscape, the importance of data privacy and compliance with regulations such as GDPR (General Data Protection Regulation) cannot be overstated. WordPress, one of the most popular content management systems, offers... The post Under Attack: CVE-2023-6700 in ‘Cookie Information’ Plugin Threatens 100k WordPress Sites appeared first on Penetration Testing.
Bleeping Computer
FEBRUARY 1, 2024
Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. [.
Heimadal Security
FEBRUARY 1, 2024
The Importance of Choosing the Right Privilege Identity Management Solution The essence of effective Privileged Identity Management (PIM) lies not in identity or management but in privilege. A robust PIM system focuses on identifying those who should, and equally importantly, those who should not, have administrative access to important accounts and systems.
Speaker: Erika R. Bales, Esq.
When we talk about âcompliance and security," most companies want to ensure that steps are being taken to protect what they value most â people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itâs more important than ever that safeguards are in place. Letâs step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
318 
Let's personalize your content