Thu.Feb 15, 2024

article thumbnail

On the Insecurity of Software Bloat

Schneier on Security

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself, but many exploits are due to logic fails, and less progress has been made scanning for those.

Software 246
article thumbnail

Malware Response Checklist

Tech Republic Security

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized. Using a guide and pre-formatted malware response checklist, written by Erik Eckel.

Malware 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive utility scam campaign spreads via online ads

Malwarebytes

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam , where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can. This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a visit to your door.

Scams 141
article thumbnail

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

The Hacker News

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating system used by the Utah-based software company for the device is CentOS 6.4.

Firmware 135
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Facebook Marketplace users’ stolen data offered for sale

Malwarebytes

Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer. A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor. The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users.

article thumbnail

RansomHouse gang automates VMware ESXi attacks with new MrAgent tool

Bleeping Computer

The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. [.

More Trending

article thumbnail

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud

Bleeping Computer

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [.

article thumbnail

FTC Warns AI Companies About Changing Policies to Leverage User Data

Security Boulevard

The Federal Trade Commission is warning AI companies against secretly changing their security and privacy policies in hopes of leveraging the data they collect from customers to feed models they use to develop their products and services. Surreptitiously amending terms of service without notifying customers is not unusual in the business world and AI companies’.

article thumbnail

New Qbot malware variant uses fake Adobe installer popup for evasion

Bleeping Computer

The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [.

Malware 115
article thumbnail

The Problem With One-Time Passcodes

Duo's Security Blog

What are OTPs (one-time passcodes)? As organizations have improved their security posture, cybercriminals have found new ways to circumvent those controls. Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. And that also makes it a target for cybercriminals. Therefore, it is not enough to have MFA turned on, organizations must also deploy secure policies to ensure their users are protected.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

FBI disrupts Moobot botnet used by Russian military hackers

Bleeping Computer

The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) in spearphishing and credential theft attacks targeting the United States and its allies. [.

110
110
article thumbnail

Major Node.js Security Flaws: Millions of Apps Could Be Vulnerable

Penetration Testing

Node.js, the popular JavaScript runtime environment used by millions of developers worldwide, has recently issued security updates targeting multiple high-severity vulnerabilities. These flaws could leave your applications open to attack if not addressed immediately.... The post Major Node.js Security Flaws: Millions of Apps Could Be Vulnerable appeared first on Penetration Testing.

article thumbnail

US offers up to $15 million for tips on ALPHV ransomware gang

Bleeping Computer

The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. [.

article thumbnail

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

The Hacker News

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS.

Banking 122
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison

Bleeping Computer

Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. [.

Malware 102
article thumbnail

North Korea successfully hacks email of South Korean President’s aide, gains access to sensitive information

Graham Cluley

The office of South Korean president Yoon Suk Yeol has confirmed that North Korea hacked into the personal emails of one of its staff members. Read more in my article on the Hot for Security blog.

Hacking 115
article thumbnail

Microsoft says it fixed a Windows Metadata server issue that’s still broken

Bleeping Computer

Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. [.

110
110
article thumbnail

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

Internet 113
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

Bleeping Computer

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. [.

99
article thumbnail

Types of Cybersecurity Threats and Vulnerabilities

Security Boulevard

Reading Time: 4 min Uncover the types of cybersecurity threats and vulnerabilities lurking online! ️ Learn how to protect yourself with actionable tips and free resources. Stay safe online today! The post Types of Cybersecurity Threats and Vulnerabilities appeared first on Security Boulevard.

article thumbnail

OpenAI blocks state-sponsored hackers from using ChatGPT

Bleeping Computer

OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. [.

article thumbnail

U.S. State Government Network Breached via Former Employee's Account

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

CISA Warns of Active Exploitation Cisco and Microsoft Exchange Vulnerability

Penetration Testing

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States flagged an alert, adding two vulnerabilities to the catalog of “Known Exploited Vulnerabilities (KEV),” which showed a call for urgent attention. CVE-2024-21410 and... The post CISA Warns of Active Exploitation Cisco and Microsoft Exchange Vulnerability appeared first on Penetration Testing.

article thumbnail

Randall Munroe’s XKCD ‘Research Account’

Security Boulevard

via the comic artistry and dry wit of Randall Munroe , creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Research Account’ appeared first on Security Boulevard.

article thumbnail

Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161)

Penetration Testing

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) appeared first on Penetration Testing.

article thumbnail

Rhysida ransomware cracked! Free decryption tool released

Graham Cluley

A group of South Korean security researchers have uncovered a vulnerability in the infamous Rhysida ransomware that provides a way for encrypted files to be unscrambled. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

The US authorities dismantled the Moobot botnet, which was controlled by the Russia-linked cyberespionage group APT28. A court order allowed US authorities to neutralize the Moobot botnet, a network of hundreds of small office/home office (SOHO) routers under the control of the Russia-linked group APT28. The botnet was used by the Russian state-sponsored hackers to carry out a broad range of attacks. “A January 2024 court-authorized operation has neutralized a network of hundreds of small

Firewall 105
article thumbnail

U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage

The Hacker News

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S.

article thumbnail

A cyberattack halted operations at Varta production plants

Security Affairs

On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration. VARTA AG is a leading global manufacturer of batteries with over 4,500 employees worldwide, reporting revenue of €1.2 billion in 2023.

article thumbnail

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

The Hacker News

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023.

104
104
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.