Schneier on Security

DECEMBER 8, 2023

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

Authentication 333

Authentication 333

Tech Republic Security

DECEMBER 8, 2023

Connect and protect your whole team with this mini router that offers 10,000 sq ft coverage and a built-in VPN for the low price of $599.99.

VPN 192

VPN Mobile Network Security 192

Security Affairs

DECEMBER 8, 2023

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Hacking 145

Hacking Malware Cybersecurity Information Security 145

The Hacker News

DECEMBER 8, 2023

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

Firmware 144

Firmware IoT Mobile 144

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

DECEMBER 8, 2023

Misconfigured AWS Role Enables Cloud Initial Access The post AWS Misconfiguration Leads to Buckets of Data appeared first on Horizon3.ai. The post AWS Misconfiguration Leads to Buckets of Data appeared first on Security Boulevard.

140

140

Security Affairs

DECEMBER 8, 2023

An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k downloads on the Google Play store and focuses on e-commerce clients.

Passwords 133

Passwords Identity Theft Phishing Hacking 133

Bleeping Computer

DECEMBER 8, 2023

A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems. [.

Mobile 132

Mobile 132

Security Affairs

DECEMBER 8, 2023

Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme. The police arrested Legkodymov in Miami in January, he was charged in a U.S. federal court with conducting a money-transmitting business that transported and transmitted illicit funds and that f

Cryptocurrency 127

Cryptocurrency Marketing Advertising Hacking 127

Bleeping Computer

DECEMBER 8, 2023

Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. [.

122

122

Security Boulevard

DECEMBER 8, 2023

The introduction of generative AI has been a game changer for fraudsters, transforming ordinary schemes into highly sophisticated efforts. The post Fighting the Next Generation of Fraud appeared first on Security Boulevard.

Social Engineering 122

Social Engineering Data privacy Engineering Phishing 122

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

DECEMBER 8, 2023

Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users. [.

119

119

Security Boulevard

DECEMBER 8, 2023

Fraud incidents are on the rise, largely attributed to the surge in impersonation fraud and the accessibility of sophisticated attack methods and tools. The post Identity Fraud Rises as E-Commerce, Payment Firms Targeted appeared first on Security Boulevard.

Social Engineering 119

Social Engineering Engineering Risk Government 119

eSecurity Planet

DECEMBER 8, 2023

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. This article explores how to secure the DNS protocol, DNS servers, and DNS access against a spectrum of attacks through: Table of Contents Toggle 3 General DNS Attack Prevention Best Practices Prevention Tips for DNS Server Attacks How to Prevent

DNS 115

DNS DDOS Firewall Architecture 115

Security Boulevard

DECEMBER 8, 2023

Insight #1 Guard against island hopping. The recent ransomware attack against 60 credit unions was due to the lack of proactive cybersecurity in a managed service provider (MSP). It is high time that every organization expands penetration testing and threat hunting to their MSPs. Insight #2 As geopolitical tension manifests in cyberspace, zero days are being produced on a weekly basis.

Penetration Testing 115

Penetration Testing Cybersecurity Ransomware Accountability 115

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

DECEMBER 8, 2023

The Black Cat/AlphV ransomware gang claimed to have targeted California-based accounting software provider Tipalti. This alleged cyberattack raised concerns, particularly as the gang started threatening several high-profile Tipalti clients, including Roblox, Twitch, and more. Despite requests for comment, Tipalti’s initial response came through a Monday statement on social media, acknowledging the claim and emphasizing their […] The post Tipalti Is Investigating Alleged Ransomware At

Ransomware 114

Ransomware Media Accountability Software 114

Malwarebytes

DECEMBER 8, 2023

Meta has announced Purple Llama, a project that aims to “bring together tools and evaluations to help the community build responsibly with open generative AI models.” Generative Artificial Intelligence (AI) models have been around for years and their main function, compared to older AI models is that they can process more types of input.

Risk 111

Risk Artificial Intelligence Manufacturing Cybersecurity 111

Penetration Testing

DECEMBER 8, 2023

In the dynamic landscape of cyber threats, a new botnet, “InfectedSlurs,” has emerged, exploiting critical vulnerabilities in FXC Routers to orchestrate a sophisticated Distributed Denial of Service (DDoS) attack network. Discovered by Akamai’s Security... The post New botnet malware exploits zero-day CVE-2023-49897 flaw in routers appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing Malware DDOS Cyber threats 110

Bleeping Computer

DECEMBER 8, 2023

Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. [.

109

109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

We Live Security

DECEMBER 8, 2023

ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins, modus operandi, and techniques they use to circumvent Google Play.

Media 109

Media 109

Bleeping Computer

DECEMBER 8, 2023

A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours.

Ransomware 109

Ransomware 109

The Hacker News

DECEMBER 8, 2023

Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.

Ransomware 108

Ransomware Cybercrime Cybersecurity 108

Security Boulevard

DECEMBER 8, 2023

Learn six top tips for great holistic AppSec and software supply chain security. The post Six Top Tips For Holistic AppSec and Software Supply Chain Security appeared first on Mend. The post Six Top Tips For Holistic AppSec and Software Supply Chain Security appeared first on Security Boulevard.

Software 101

Software 101

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

DECEMBER 8, 2023

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites.

108

108

We Live Security

DECEMBER 8, 2023

The healthcare industry is often a target of hackers, and legacy protocols including the likes of DICOM make it an easy target, as hospitals often keep outdated legacy systems in place for, most often, budgetary reasons. It’s important that these systems are either replaced, or in situations where it may be too complex or financially difficult to replace the systems, then appropriate action must be taken to avoid lapses of security.

Healthcare 100

Healthcare 100

The Hacker News

DECEMBER 8, 2023

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware.

Software 106

Software Malware 106

SecureBlitz

DECEMBER 8, 2023

Check out our gaming guide. In the dynamic realm of technology, gaming stands as a unique fusion of entertainment, education, and innovation. From the pixelated adventures of arcade classics to the breathtaking worlds of modern AAA titles, gaming has captivated millions of players across all demographics, transcending cultural and linguistic barriers to become a global […] The post Essential Gaming Guide: Mastering Cybersecurity in the Digital Arena appeared first on SecureBlitz Cybersecur

Cybersecurity 98

Cybersecurity Education Technology 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

DECEMBER 8, 2023

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging.

Malware 105

Malware 105

SecureBlitz

DECEMBER 8, 2023

Here is our enterprise security guide, read on! In today's interconnected world, organizations face a complex and ever-evolving threat landscape. Cyberattacks are becoming increasingly sophisticated, targeting sensitive data, disrupting business operations, and damaging reputations. Enterprise security, therefore, has become a critical aspect of organizational success, requiring a comprehensive and strategic approach to safeguarding assets, protecting […] The post Enterprise Security Guide

Cybersecurity 98

Cybersecurity 98

The Hacker News

DECEMBER 8, 2023

The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems.

Phishing 102

Phishing 102

SecureBlitz

DECEMBER 8, 2023

Here is our malware guide, read on! In the ever-evolving landscape of cybersecurity, understanding the complexities of malware becomes imperative for fortifying your digital defenses. This malware guide delves into the mechanics of malware, providing insights into its various types and offering practical steps to shield your computer system from these incessant threats.

Malware 98

Malware Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!