Wed.Jun 19, 2024

article thumbnail

New Blog Moderation Policy

Schneier on Security

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.

article thumbnail

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

The Last Watchdog

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Perplexity Is a B t Machine

WIRED Threat Level

A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.

145
145
article thumbnail

Google Chrome 126 update addresses multiple high-severity flaws

Security Affairs

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

Hacking 142
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

The Hacker News

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.

137
137
article thumbnail

Chip maker giant AMD investigates a data breach

Security Affairs

AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the chip maker told media outlets. “We are working closely with law enforcement officials and a third-party hosting partner to i

LifeWorks

More Trending

article thumbnail

Cryptojacking campaign targets exposed Docker APIs

Security Affairs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open.

Internet 136
article thumbnail

CDK Global cyberattack impacts thousands of US car dealerships

Bleeping Computer

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [.

Software 136
article thumbnail

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The Hacker News

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.

135
135
article thumbnail

Alleged researchers stole $3 million from Kraken exchange

Security Affairs

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Cybersecurity Worker Burnout Costing Businesses Big

Security Boulevard

The constant vigilance required to protect against evolving threats, and the sheer volume of routine tasks that demand attention contribute significantly to burnout. The post Cybersecurity Worker Burnout Costing Businesses Big appeared first on Security Boulevard.

article thumbnail

Cyber Efficiency vs. Hacker Threat: Is Innovation Losing Ground?

Jane Frankland

As we emerge from an intense season of industry conferences like Infosec and RSA, I believe the cybersecurity community finds itself at a critical juncture. While hot topics like AI’s role in combating hacker threats has dominated discussions, an equally significant issue has remained— mental health and burnout. As an industry veteran, having spent over two decades in cybersecurity, I’ve been thinking a lot about the current state of the field—our relentless pursuit of productivity,

article thumbnail

Debunking Common Myths About Catastrophic Cyber Incidents

Security Boulevard

The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure. The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.

article thumbnail

This Is What Would Happen if China Invaded Taiwan

WIRED Threat Level

The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028.

128
128
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe

Security Boulevard

The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology. The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.

Passwords 129
article thumbnail

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

The Hacker News

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.

VPN 127
article thumbnail

Advance Auto Parts confirms data breach exposed employee information

Bleeping Computer

Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [.

article thumbnail

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

The Hacker News

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.

Scams 125
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Hacktivism is evolving – and that could be bad news for organizations everywhere

We Live Security

Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat

122
122
article thumbnail

IRONSCALES Applies Generative AI to Phishing Simulation

Security Boulevard

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour. The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.

Phishing 121
article thumbnail

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

The Hacker News

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.

Software 119
article thumbnail

T-Mobile denies it was hacked, links leaked data to vendor breach

Bleeping Computer

T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [.

Mobile 116
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

The Hacker News

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.

114
114
article thumbnail

Worldwide 2023 Email Phishing Statistics and Examples

Trend Micro

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.

Phishing 113
article thumbnail

Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations

The Hacker News

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.

Malware 112
article thumbnail

Juneteenth: Celebrating Freedom and Security

SecureWorld News

On June 19, 1865, Union soldiers arrived in Galveston, Texas, to announce that the Civil War had ended and that all enslaved people were now free—more than two years after the Emancipation Proclamation was issued. This momentous occasion is celebrated as Juneteenth, commemorating the end of slavery in the United States. Juneteenth is a day to reflect on the immense struggle and perseverance of those who endured the inhumane institution of slavery.

Education 101
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

Bleeping Computer

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [.

article thumbnail

Best DNS, IP, and WebRTC Leaks Test Sites

SecureBlitz

This post will show you the best DNS, IP, and WebRTC leak test sites. Also, how to overcome the leaks. DNS, IP, and WebRTC leaks happen every day when we browse the internet; because we use local ISPs, we are bound to have these leaks. DNS leak is a problem that keeps your privacy on […] The post Best DNS, IP, and WebRTC Leaks Test Sites appeared first on SecureBlitz Cybersecurity.

DNS 98
article thumbnail

Crown Equipment confirms a cyberattack disrupted manufacturing

Bleeping Computer

Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [.

article thumbnail

IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers

Identity IQ

IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers IdentityIQ – Survey Finds Top Consumer Credit Concern is Not Knowing How to Effectively Strengthen Their Credit Profile – TEMECULA, Calif. – June 20, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, today released a report detailing consumer credit concerns voiced by mortgage, real estate, len

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!