Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.

Cryptocurrency 287

Cryptocurrency Banking Cybercrime Advertising 287

Security Boulevard

DECEMBER 11, 2024

Researchers in Europe unveil a vulnerability dubbed "BadRAM" that hackers can easily exploit using $10 hardware to bypass protections in AMD's Eypc server processors used in cloud environments and expose sensitive data stored in memory. The post AMD Chip VM Memory Protections Broken by BadRAM appeared first on Security Boulevard.

Data privacy 111

Data privacy Cybersecurity Network Security 111

Security Affairs

DECEMBER 11, 2024

Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. A remote unauthenticated attacker can exploit the vulnerability to gain administrative access.

Authentication 106

Authentication Software Hacking Information Security 106

Schneier on Security

DECEMBER 11, 2024

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

Social Engineering 279

Social Engineering Engineering Hacking 279

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

DECEMBER 11, 2024

Oasis Security today revealed that it worked with Microsoft to fix a flaw in its implementation of multi-factor authentication (MFA) that could have been used by cybercriminals to gain access to every major Microsoft cloud service The post Oasis Security Details MFA Security Flaw Found in Microsoft Cloud Services appeared first on Security Boulevard.

Authentication 102

Authentication Passwords Cybersecurity 102

Security Affairs

DECEMBER 11, 2024

An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign. Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ Cyberspies aimed to establish footholds and compromise downstream entities but were detected and halted early by SentinelOne and Tinexta Cyber.

Firewall 75

Firewall Malware Accountability Technology 75

Tech Republic Security

DECEMBER 11, 2024

December marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft.

Software 174

Software 174

Centraleyes

DECEMBER 11, 2024

The International Air Transport Association (IATA) Cyber Security Regulations represent a set of guidelines and standards aimed at enhancing cybersecurity resilience within the aviation industry. These regulations are critical for ensuring the safety, security, and operational continuity of a highly interconnected global sector. What Are IATA Cyber Security Regulations?

Risk 52

Risk Cybersecurity Penetration Testing Digital transformation 52

Tech Republic Security

DECEMBER 11, 2024

Chinese cybersecurity firm Sichuan Silence has been sanctioned for exploiting a vulnerability in Sophos firewalls used at critical infrastructure organizations in the U.S.

Cybersecurity 166

Cybersecurity Firewall Ransomware Software 166

Security Boulevard

DECEMBER 11, 2024

A warning issued by the new head the United Kingdom's National Cyber Security Centre (NCSC) should be sobering to cybersecurity pros everywhere. Speaking at the agency's headquarters on Tuesday, Richard Horne declared that the cyber-risks faced by his nation and its allies are widely underestimated. The post U.K. cybersecurity chief warns of gap between risks and defenses appeared first on Security Boulevard.

Risk 59

Risk Cybersecurity Cyber Risk Government 59

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Wiz on cloud security, features, pricing, and performance to find the best cybersecurity solution for your business needs.

Cybersecurity 166

Cybersecurity 166

Penetration Testing

DECEMBER 11, 2024

A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as CVE-2024-53247... The post CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

DECEMBER 11, 2024

Keepers extensive authentication options and generous discounts make it an alluring password manager to try this year. Read more about it in our full review.

Password Management 157

Password Management Passwords Authentication 157

Penetration Testing

DECEMBER 11, 2024

The US Department of Justice announced the unsealing of an indictment against Guan Tianfeng, a Chinese national associated with Sichuan Silence Information Technology Co. Ltd., for his alleged role in... The post CVE-2020-12271 Exploited: FBI Seeks Chinese Hacker Behind 81,000 Device Breach appeared first on Cybersecurity News.

Technology 60

Technology Cybersecurity Firewall 60

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Palo Alto Networks in this in-depth article, exploring features, pricing, usability, and performance to find the right solution for your business.

154

154

Penetration Testing

DECEMBER 11, 2024

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to... The post CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 136

Cybersecurity 136

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Splunk, two leading SIEM solutions, focusing on their features, strengths, and differences in cybersecurity effectiveness.

Cybersecurity 136

Cybersecurity 136

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account.

Authentication 128

Authentication Accountability Cybersecurity 128

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

DECEMBER 11, 2024

One of the most significant regulatory mandates on the horizon is the European Unions Digital Operational Resilience Act (DORA). The post Leveraging Crypto Agility to Meet DORA Requirements in Financial Services by January 2025 appeared first on Security Boulevard.

Financial Services 119

Financial Services Cybersecurity 119

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.

Mobile 123

Mobile Spyware Surveillance Malware 123

Penetration Testing

DECEMBER 11, 2024

Researchers at the Lookout Threat Lab have identified a sophisticated surveillance tool, dubbed EagleMsgSpy, reportedly used by law enforcement agencies in mainland China. The tool, operational since at least 2017,... The post EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool appeared first on Cybersecurity News.

Surveillance 117

Surveillance Cybersecurity Spyware Malware 117

The Hacker News

DECEMBER 11, 2024

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News.

Malware 118

Malware 118

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

DECEMBER 11, 2024

This blog explores ten essential web design security practices every developer and business should adopt to stay ahead of potential attacks. The post Top 10 Web Design Security Best Practices to Follow in 2025 appeared first on Security Boulevard.

Security Awareness 110

Security Awareness Cybersecurity 110

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.

DNS 118

DNS Malware Cybersecurity 118

Security Boulevard

DECEMBER 11, 2024

The post AI: Overhyped or Essential for the Workforce? appeared first on AI-Enhanced Security Automation. The post AI: Overhyped or Essential for the Workforce? appeared first on Security Boulevard.

98

98

The Hacker News

DECEMBER 11, 2024

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023.

Cyber Attacks 117

Cyber Attacks Media Government 117

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

DECEMBER 11, 2024

We tested the best all-in-one computers that combine the power of a desktop PC with a slim, lightweight design.

81

81

The Hacker News

DECEMBER 11, 2024

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.

DDOS 114

DDOS 114

Security Boulevard

DECEMBER 11, 2024

As organizations prepare for the coming year those affected by NYDFS may struggle to efficiently include the requirements in their [] The post Understanding and Taking Advantage of the NYDFS Risk Assessment Requirement appeared first on Security Boulevard.

Risk 78

Risk CISO Government Cybersecurity 78

The Hacker News

DECEMBER 11, 2024

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine.

Malware 94

Malware 94

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!