Schneier on Security

MAY 22, 2024

Experiments in unredacting text that has been pixelated.

325

325

Tech Republic Security

MAY 22, 2024

Other announcements included a Snapdragon Dev Kit for Windows, GitHub Copilot Extensions and the general availability of Azure AI Studio.

Artificial Intelligence 195

Artificial Intelligence Big data Software 195

Malwarebytes

MAY 22, 2024

A cybercriminal going by the names of EquationCorp and USDoD have released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more.

Passwords 145

Passwords Data breaches Phishing Password Management 145

Tech Republic Security

MAY 22, 2024

This guide explains how you can change the location of your virtual private network for privacy, security or geolocation issues.

VPN 187

VPN 187

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Bleeping Computer

MAY 22, 2024

Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [.

Risk 144

Risk 144

Tech Republic Security

MAY 22, 2024

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

Big data 167

Big data 167

Security Affairs

MAY 22, 2024

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. The keylogger was used to collect account credentials.

Malware 140

Malware Accountability Technology Internet 140

The Hacker News

MAY 22, 2024

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021.

Education 141

Education Banking Government Technology 141

Security Affairs

MAY 22, 2024

A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor their children’s online activities or by employers to keep track of employee productivity and internet usage.

Spyware 139

Spyware Surveillance Software Internet 139

The Hacker News

MAY 22, 2024

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News.

Government 140

Government Cybersecurity 140

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

MAY 22, 2024

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985 (CVSS score: 10.0), in the GitHub Enterprise Server (GHES). GitHub Enterprise Server (GHES) is a self-hosted version of GitHub designed for use within organizations.

Authentication 138

Authentication Encryption Hacking Information Security 138

The Hacker News

MAY 22, 2024

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE.

Cybersecurity 140

Cybersecurity 140

Bleeping Computer

MAY 22, 2024

Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [.

137

137

The Hacker News

MAY 22, 2024

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally.

Internet 139

Internet Internet Cyber threats 139

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 billion. OmniVision Technologies Inc. is an American subsidiary of Chinese semiconductor device and mixed-signal integrated circuit design house Will Semiconductor.

Data breaches 136

Data breaches Ransomware Manufacturing Encryption 136

SecureList

MAY 22, 2024

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here , here and here ), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis.

Malware 134

Malware Cryptocurrency Passwords Marketing 134

Security Affairs

MAY 22, 2024

Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber activity targeting the election in India, which is supported by multiple independent hacktivist groups who arrange cyber-attacks and publication of stolen personal identifiable information (PII) belonging to Indian citizens on the Dark Web.

Government 134

Government Internet Internet Healthcare 134

Security Boulevard

MAY 22, 2024

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost. The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Data privacy Engineering Security Awareness 131

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication environments.

Backups 133

Backups Authentication Accountability Software 133

We Live Security

MAY 22, 2024

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response to questions about AI-powere attacks.

130

130

The Last Watchdog

MAY 22, 2024

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP , is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

Cyber threats 130

Cyber threats Engineering Internet Internet 130

WIRED Threat Level

MAY 22, 2024

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever.

Hacking 128

Hacking 128

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

IT Security Guru

MAY 22, 2024

When it comes to creating presentations, you want the best chance of succeeding. A great presentation will increase your chances of selling the product, informing, or conveying your message. Google Slides is a popular tool for creating slideshows. However, more is needed to make an excellent presentation. Follow these Google Slides tips from experts to enhance your Google Slides presentation and get the job done.

125

125

Bleeping Computer

MAY 22, 2024

A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. [.

Government 125

Government 125

The Hacker News

MAY 22, 2024

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace.

124

124

Bleeping Computer

MAY 22, 2024

LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. [.

Encryption 114

Encryption Passwords Data breaches Software 114

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

MAY 22, 2024

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

GlobalSign

MAY 22, 2024

The FCRA protects consumer rights and regulates credit reporting agencies. This blog explores what the FCRA is and its requirements.

110

110

Heimadal Security

MAY 22, 2024

An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. The vulnerability impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. What to Know About the Vulnerability By taking advantage of the vulnerability, a threat actor might spoof a SAML response and obtain […] The post Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server appeared first on Heim

Authentication 109

Authentication Cybersecurity 109

Graham Cluley

MAY 22, 2024

The United States Department of Justice has dealt a blow to dark web drug traffickers by arresting a man alleged to operate the dark web drugs marketplace Incognito Market. According to a DOJ press release, the alleged operator of a darknet platform sold over $100 million worth of narcotics worldwide. Read more in my article on the Hot for Security blog.

Marketing 106

Marketing Cryptocurrency 106

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!