Schneier on Security

AUGUST 16, 2024

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

276

276

The Last Watchdog

AUGUST 16, 2024

Cary, NC, Aug. 16, 2024, CyberNewsWire — The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions.

Cybersecurity 130

Cybersecurity Architecture Technology Network Security 130

Tech Republic Security

AUGUST 16, 2024

NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.

Encryption 153

Encryption Artificial Intelligence Cybersecurity 153

Security Affairs

AUGUST 16, 2024

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

Firewall 123

Firewall Engineering Hacking Information Security 123

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Tech Republic Security

AUGUST 16, 2024

A new report from cyberthreat intelligence company Intel471 reveals that threat actors are increasingly targeting macOS.

Malware 146

Malware 146

Security Boulevard

AUGUST 16, 2024

Evolving threat actor tactics are capitalizing on business and technology consolidation to launch widespread ransomware attacks and requiring organizations to rethink how to address new vulnerabilities to stay secure and resilient. The post Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A appeared first on Security Boulevard.

Ransomware 125

Ransomware Cybersecurity Technology Security Awareness 125

Security Boulevard

AUGUST 16, 2024

Trust is vital to upholding the entire ecosystem in which all businesses operate, and the erosion of trust has considerable consequences for everyone. The post Holding Trust for Ransom: What’s at Stake as Business Trust Erodes appeared first on Security Boulevard.

Security Awareness 122

Security Awareness Risk Cybercrime Ransomware 122

The Hacker News

AUGUST 16, 2024

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.

Architecture 111

Architecture Cryptocurrency Cybercrime Malware 111

Security Boulevard

AUGUST 16, 2024

Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity. The post Striking a Balance Between Business Growth, Risk Management and Cybersecurity appeared first on Security Boulevard.

Risk 120

Risk Cybersecurity Security Awareness 120

The Hacker News

AUGUST 16, 2024

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.

Risk 110

Risk Malware Software 110

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

AUGUST 16, 2024

Two U.S. lawmakers are asking the Commerce Department to investigate whether the Wi-Fi routers built by Chinese company TP-Link could be used by Chinese-sponsored threat groups to infiltrate U.S. government and private networks, posing a security risk to the country. The post Lawmakers Ask for Probe of Chinese Router Maker TP-Link appeared first on Security Boulevard.

Government 119

Government Risk Malware Cybersecurity 119

The Hacker News

AUGUST 16, 2024

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.

Media 107

Media Accountability 107

Security Boulevard

AUGUST 16, 2024

A global survey of 1,850 IT and cybersecurity decision-makers finds more than half (51%) reporting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. The post Survey: Senior Executives Being Held More Accountable for Cybersecurity appeared first on Security Boulevard.

Accountability 114

Accountability Cybersecurity CISO Security Awareness 114

The Hacker News

AUGUST 16, 2024

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election.

Accountability 102

Accountability 102

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

AUGUST 16, 2024

Crowdstrike’s update malfunction caused a global IT outage three weeks ago. Industry experts share the biggest lesson for IT leaders to learn. The post The Biggest Lesson From Crowdstrike’s Update Malfunction appeared first on Security Boulevard.

Security Awareness 109

Security Awareness Cybersecurity 109

Security Affairs

AUGUST 16, 2024

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace. The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on the dark web marketplace, Slilpp.

Banking 96

Banking Accountability Retail Mobile 96

The Hacker News

AUGUST 16, 2024

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.

Malware 99

Malware Cybersecurity 99

Security Affairs

AUGUST 16, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as CVE-2024-28986 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Government 98

Government Software Authentication Hacking 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

AUGUST 16, 2024

Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.

Malware 99

Malware 99

Penetration Testing

AUGUST 16, 2024

Researchers at Trend Micro’s Zero Day Initiative (ZDI) published the technical details for a vulnerability in Windows, identified as CVE-2024-38213, which has exposed a critical flaw in the operating system’s... The post ZDI Details Copy2Pwn: Zero-Day CVE-2024-38213 Evades Windows Security Measures appeared first on Cybersecurity News.

Cybersecurity 95

Cybersecurity 95

The Hacker News

AUGUST 16, 2024

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February.

Banking 97

Banking 97

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claim it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 84

Malware Cryptocurrency Advertising Architecture 84

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

AUGUST 16, 2024

“Multiple intrusion attempts” have been connected to an ongoing social engineering campaign purportedly tied to the Black Basta ransomware group, which aims to steal credentials and install a malware dropper named SystemBC. What Do We Know About the Operation? According to cybersecurity professionals, the approach is nothing out of the ordinary, following the usual pattern […] The post SystemBC Malware Used to Target Users by Black Basta-Linked Threat Actors appeared first on H

Malware 82

Malware Social Engineering Engineering Ransomware 82

The Hacker News

AUGUST 16, 2024

SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited.

Risk 82

Risk 82

Security Boulevard

AUGUST 16, 2024

In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant. The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Strobes Security. The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Security Boulevard.

80

80

Penetration Testing

AUGUST 16, 2024

Recently, cybersecurity firm Rapid7 identified a series of sophisticated intrusion attempts linked to an ongoing social engineering campaign that has been actively monitored by its threat intelligence team. The campaign,... The post Cybercriminals Evolve Social Engineering Tactics, Exploit CVE-2022-26923 in Sophisticated Campaign appeared first on Cybersecurity News.

Social Engineering 75

Social Engineering Engineering Cybersecurity 75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 16, 2024

Cary, NC, Aug. 16, 2024, CyberNewsWire — The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity … (more…) The post News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training first appeared on The Last Watchdog.

Cybersecurity 72

Cybersecurity Architecture 72

Penetration Testing

AUGUST 16, 2024

The device encryption feature in Windows 10/11 was originally an optional function, with some OEMs enabling it on laptops and other devices to enhance security. Device encryption is based on... The post Windows 11 24H2: Microsoft Enforces Device Encryption by Default appeared first on Cybersecurity News.

Encryption 66

Encryption Cybersecurity 66

Security Boulevard

AUGUST 16, 2024

The internet’s widespread availability has changed the world. It has transformed how we talk to each other and get things done every day. We can now share files, pay bills, and shop by putting our personal details online. But do we know the risks of giving out our private information in these transactions? We might […] The post How Kratikal’s GDPR Compliance Services Will Help Secure Businesses?

Risk 69

Risk 69

Penetration Testing

AUGUST 16, 2024

Kaspersky Lab has uncovered an international cyber campaign targeting the theft of cryptocurrency and personal data from Windows and macOS users worldwide. The campaign has been named “Tusk.” The attacks... The post Tusk Campaign: Russian Cybercriminals Target Gaming & Crypto appeared first on Cybersecurity News.

Cryptocurrency 63

Cryptocurrency Cybersecurity Malware 63

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft