New Bluetooth Attack
Schneier on Security
DECEMBER 8, 2023
New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.
Schneier on Security
DECEMBER 8, 2023
New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.
Tech Republic Security
DECEMBER 8, 2023
Connect and protect your whole team with this mini router that offers 10,000 sq ft coverage and a built-in VPN for the low price of $599.99.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 8, 2023
Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.
The Hacker News
DECEMBER 8, 2023
A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
DECEMBER 8, 2023
Misconfigured AWS Role Enables Cloud Initial Access The post AWS Misconfiguration Leads to Buckets of Data appeared first on Horizon3.ai. The post AWS Misconfiguration Leads to Buckets of Data appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 8, 2023
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Anton on Security
DECEMBER 8, 2023
In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” Some of them were public ( example and example ), while others private. One particular person went on a quest through several “leading” companies’ security operations to see how they have implemented a “modern” SOC. However, what she found was a lot of companies improving on the classic model, with visible elements of NOC and help desk “DNA” showing (bye-bye 1990s, hi 198
Security Affairs
DECEMBER 8, 2023
An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k downloads on the Google Play store and focuses on e-commerce clients.
Bleeping Computer
DECEMBER 8, 2023
Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. [.
Security Boulevard
DECEMBER 8, 2023
The introduction of generative AI has been a game changer for fraudsters, transforming ordinary schemes into highly sophisticated efforts. The post Fighting the Next Generation of Fraud appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 8, 2023
Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange has pleaded in a money-laundering scheme. Anatoly Legkodymov (41) (aka Anatolii Legkodymov, Gandalf, and Tolik), the Russian founder of the unlicensed Bitzlato cryptocurrency exchange, has pleaded guilty in a money-laundering scheme. The police arrested Legkodymov in Miami in January, he was charged in a U.S. federal court with conducting a money-transmitting business that transported and transmitted illicit funds and that f
Bleeping Computer
DECEMBER 8, 2023
Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users. [.
Security Boulevard
DECEMBER 8, 2023
Fraud incidents are on the rise, largely attributed to the surge in impersonation fraud and the accessibility of sophisticated attack methods and tools. The post Identity Fraud Rises as E-Commerce, Payment Firms Targeted appeared first on Security Boulevard.
Penetration Testing
DECEMBER 8, 2023
In the dynamic landscape of cyber threats, a new botnet, “InfectedSlurs,” has emerged, exploiting critical vulnerabilities in FXC Routers to orchestrate a sophisticated Distributed Denial of Service (DDoS) attack network. Discovered by Akamai’s Security... The post New botnet malware exploits zero-day CVE-2023-49897 flaw in routers appeared first on Penetration Testing.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
DECEMBER 8, 2023
Insight #1 Guard against island hopping. The recent ransomware attack against 60 credit unions was due to the lack of proactive cybersecurity in a managed service provider (MSP). It is high time that every organization expands penetration testing and threat hunting to their MSPs. Insight #2 As geopolitical tension manifests in cyberspace, zero days are being produced on a weekly basis.
eSecurity Planet
DECEMBER 8, 2023
Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. This article explores how to secure the DNS protocol, DNS servers, and DNS access against a spectrum of attacks through: Table of Contents Toggle 3 General DNS Attack Prevention Best Practices Prevention Tips for DNS Server Attacks How to Prevent
Bleeping Computer
DECEMBER 8, 2023
Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. [.
The Hacker News
DECEMBER 8, 2023
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
DECEMBER 8, 2023
A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours.
Security Boulevard
DECEMBER 8, 2023
Learn six top tips for great holistic AppSec and software supply chain security. The post Six Top Tips For Holistic AppSec and Software Supply Chain Security appeared first on Mend. The post Six Top Tips For Holistic AppSec and Software Supply Chain Security appeared first on Security Boulevard.
The Hacker News
DECEMBER 8, 2023
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.
Bleeping Computer
DECEMBER 8, 2023
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. [.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
DECEMBER 8, 2023
Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware.
Heimadal Security
DECEMBER 8, 2023
The Black Cat/AlphV ransomware gang claimed to have targeted California-based accounting software provider Tipalti. This alleged cyberattack raised concerns, particularly as the gang started threatening several high-profile Tipalti clients, including Roblox, Twitch, and more. Despite requests for comment, Tipalti’s initial response came through a Monday statement on social media, acknowledging the claim and emphasizing their […] The post Tipalti Is Investigating Alleged Ransomware At
The Hacker News
DECEMBER 8, 2023
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging.
Penetration Testing
DECEMBER 8, 2023
Microsoft has released a new update for Microsoft Edge Stable Channel (Version 120.0.2210.61) that addresses several critical security vulnerabilities. These vulnerabilities could allow attackers to remotely execute code, gain elevated privileges, or disclose sensitive... The post Patch Your Edge Now: Critical Sandbox Escape Vulnerability (CVE-2023-35618) appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
DECEMBER 8, 2023
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems.
InfoWorld on Security
DECEMBER 8, 2023
Meta has introduced Purple Llama, a project dedicated to creating open-source tools for developers to evaluate and boost the trustworthiness and safety of generative AI models before they are used publicly. Meta emphasized the need for collaborative efforts in ensuring AI safety, stating that AI challenges cannot be tackled in isolation. The company said the goal of Purple Llama is to establish a shared foundation for developing safer genAI as concerns mount about large language models and other
Malwarebytes
DECEMBER 8, 2023
Meta has announced Purple Llama, a project that aims to “bring together tools and evaluations to help the community build responsibly with open generative AI models.” Generative Artificial Intelligence (AI) models have been around for years and their main function, compared to older AI models is that they can process more types of input.
We Live Security
DECEMBER 8, 2023
ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins, modus operandi, and techniques they use to circumvent Google Play.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Let's personalize your content