Schneier on Security

SEPTEMBER 5, 2024

Really interesting analysis of the American M-209 encryption device and its security.

Encryption 288

Encryption 288

Tech Republic Security

SEPTEMBER 5, 2024

IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.

Cybersecurity 207

Cybersecurity Internet Internet 207

Joseph Steinberg

SEPTEMBER 5, 2024

Over the summer, criminals released a video of Gaston Reinesch, governor of the Central Bank of Luxembourg, and Mariette Zenners, a journalist with RTL television, in which the two are shown discussing a new “important project” of the aforementioned European nation’s central bank – a project that is designed to enable people to earn $7,000 or more per week, even if the folks participating in the project do not have any significant knowledge of investments or other areas of finance.

Banking 169

Banking Artificial Intelligence Scams Cryptocurrency 169

Tech Republic Security

SEPTEMBER 5, 2024

New mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.

Risk 193

Risk Artificial Intelligence 193

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

WIRED Threat Level

SEPTEMBER 5, 2024

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

Hacking 145

Hacking 145

Trend Micro

SEPTEMBER 5, 2024

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Manufacturing 144

Manufacturing 144

Security Affairs

SEPTEMBER 5, 2024

A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that air traffic was not impacted. “Our office connection was hacked, and we are now taking protective measures.” DFS is working

Cyber Attacks 137

Cyber Attacks Hacking Government Accountability 137

The Hacker News

SEPTEMBER 5, 2024

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.

Backups 135

Backups Software 135

Security Affairs

SEPTEMBER 5, 2024

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of “QR Code” and “phishing,” describes a scam in which fraudsters use counterfeit QR Codes to steal sensitive information

Scams 135

Scams Education Phishing Hacking 135

The Hacker News

SEPTEMBER 5, 2024

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S.

Internet 134

Internet Internet Government 134

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

SecureList

SEPTEMBER 5, 2024

Executive summary Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.

Government 127

Government Malware Encryption Penetration Testing 127

Graham Cluley

SEPTEMBER 5, 2024

Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog.

Ransomware 126

Ransomware Malware 126

Security Boulevard

SEPTEMBER 5, 2024

The ransomware space is becoming increasingly fragmented in the wake of law enforcement actions against BlackCat, LockBit, and others, spawning more threat groups and giving rise to prolific newcomers like RansomHub, according to a report by Searchlight Cyber. The post RansomHub Emerges in Rapidly Evolving Ransomware Landscape appeared first on Security Boulevard.

Ransomware 124

Ransomware Malware Cybersecurity Network Security 124

WIRED Threat Level

SEPTEMBER 5, 2024

Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.

Surveillance 123

Surveillance Software 123

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

SEPTEMBER 5, 2024

Cybersecurity has never been something to set once and leave running in the background — it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organizations struggle to secure their networks against rapidly changing cyberthreats. Ransomware attackers have understood the value of targeting smaller.

Cybersecurity 124

Cybersecurity Ransomware Security Awareness Network Security 124

Security Affairs

SEPTEMBER 5, 2024

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted organizations in Southeast Asia, Central Asia, and the Balkans.

Malware 123

Malware Telecommunications Encryption Hacking 123

The Hacker News

SEPTEMBER 5, 2024

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.

Internet 121

Internet Internet Accountability 121

SecureWorld News

SEPTEMBER 5, 2024

The U.S. Department of Justice (DOJ) announced on Wednesday, September 4, that it had seized 32 internet domains in a covert Russian government-sponsored foreign malign influence operation. This operation, known as "Doppelganger," targeted audiences in the United States and other countries to influence the 2024 U.S. Presidential Election and other political objectives.

Media 120

Media Government Advertising Internet 120

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

SEPTEMBER 5, 2024

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.

Accountability 116

Accountability Cybersecurity 116

SecureWorld News

SEPTEMBER 5, 2024

In 2023, the cost of cybercrime globally was projected to reach $8 trillion , with expectations to rise to $10.5 trillion by 2025. This staggering figure underscores the growing threat and the extensive damage cyberattacks can cause, including data breaches, downtime, and compromised sensitive information. On the journey of creating a secure business environment to deal with these emerging threats, compliance should be viewed as just the starting point, not the final destination.

Threat Detection 117

Threat Detection Phishing Penetration Testing Education 117

The Hacker News

SEPTEMBER 5, 2024

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.

Government 115

Government 115

Security Boulevard

SEPTEMBER 5, 2024

Understanding how CASBs are developed and how to use them effectively can assist them in safeguarding their cloud-based assets against evolving threats. The post Cloud Access Security Brokers (CASBs): Are They Still Relevant? appeared first on Security Boulevard.

Security Awareness 115

Security Awareness Cybersecurity 115

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

eSecurity Planet

SEPTEMBER 5, 2024

Data is the new gold, and breaches have become an unfortunate reality. A recent incident involving Tracelo, a popular smartphone geolocation tracking service, has exposed the personal information of over 1.4 million users. This breach, orchestrated by a hacker known as “Satanic,” highlights the vulnerability of even seemingly secure online platforms.

Data breaches 113

Data breaches Identity Theft Data privacy Risk 113

The Hacker News

SEPTEMBER 5, 2024

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.

Software 113

Software 113

Malwarebytes

SEPTEMBER 5, 2024

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.

Ransomware 112

Ransomware Passwords Insurance Healthcare 112

Penetration Testing

SEPTEMBER 5, 2024

The security researchers have publicly disclosed technical details and proof-of-concept (PoC) exploit code for a CVE-2024-26581 (CVSS 7.8) vulnerability within the Linux kernel. The flaw poses a serious risk, allowing... The post CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise appeared first on Cybersecurity News.

Risk 111

Risk Cybersecurity 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

SEPTEMBER 5, 2024

In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowe’s has their own employe portal called MyLowesLife , for all matters related to schedule, pay stubs, or benefits. Lowe’s employees who searched for “myloweslife” during that time, may have seen one or multiple fraudulent ads.

Phishing 110

Phishing Identity Theft Accountability Retail 110

Penetration Testing

SEPTEMBER 5, 2024

OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data. This vulnerability,... The post OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082) appeared first on Cybersecurity News.

Authentication 110

Authentication Cybersecurity 110

Security Boulevard

SEPTEMBER 5, 2024

Threat monitoring and detection, such as Network Detection and Response (NDR), provide a complement to enhance a threat exposure management strategy. The post Choosing the Best Cybersecurity Prioritization Method for Your Organization appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity Security Awareness 104

Penetration Testing

SEPTEMBER 5, 2024

Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLPI and WordPress websites to distribute malicious loaders and maintain control over infected... The post DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress appeared first on Cybersecurity News.

Malware 101

Malware Cybersecurity 101

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!