Thu.Sep 05, 2024

article thumbnail

Long Analysis of the M-209

Schneier on Security

Really interesting analysis of the American M-209 encryption device and its security.

article thumbnail

IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing

Tech Republic Security

IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

TIDRONE Targets Military and Satellite Industries in Taiwan

Trend Micro

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

article thumbnail

Australia Proposes Mandatory Guardrails for AI

Tech Republic Security

New mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.

Risk 153
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Uncovering & Remediating Dormant Account Risk

Duo's Security Blog

The importance of gaining visibility into identity data Over the last two years, the security of an organization's identity ecosystem has become paramount. Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data.

article thumbnail

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

WIRED Threat Level

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

Hacking 136

More Trending

article thumbnail

RansomHub Emerges in Rapidly Evolving Ransomware Landscape

Security Boulevard

The ransomware space is becoming increasingly fragmented in the wake of law enforcement actions against BlackCat, LockBit, and others, spawning more threat groups and giving rise to prolific newcomers like RansomHub, according to a report by Searchlight Cyber. The post RansomHub Emerges in Rapidly Evolving Ransomware Landscape appeared first on Security Boulevard.

article thumbnail

We Hunted Hidden Police Signals at the DNC

WIRED Threat Level

Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.

article thumbnail

Tracelo Data Breach: 1.4 Million Records Exposed

eSecurity Planet

Data is the new gold, and breaches have become an unfortunate reality. A recent incident involving Tracelo, a popular smartphone geolocation tracking service, has exposed the personal information of over 1.4 million users. This breach, orchestrated by a hacker known as “Satanic,” highlights the vulnerability of even seemingly secure online platforms.

article thumbnail

Cloud Access Security Brokers (CASBs): Are They Still Relevant?

Security Boulevard

Understanding how CASBs are developed and how to use them effectively can assist them in safeguarding their cloud-based assets against evolving threats. The post Cloud Access Security Brokers (CASBs): Are They Still Relevant? appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Quishing, an insidious threat to electric car owners

Security Affairs

Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of “QR Code” and “phishing,” describes a scam in which fraudsters use counterfeit QR Codes to steal sensitive information

Scams 112
article thumbnail

Pool Your Cybersecurity Resources to Build the Perfect Security Ecosystem

Security Boulevard

Cybersecurity has never been something to set once and leave running in the background — it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organizations struggle to secure their networks against rapidly changing cyberthreats. Ransomware attackers have understood the value of targeting smaller.

article thumbnail

OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)

Penetration Testing

OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data. This vulnerability,... The post OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082) appeared first on Cybersecurity News.

article thumbnail

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

The Hacker News

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.

Backups 110
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Beyond Compliance: Building a Culture of Continuous Security Improvement

SecureWorld News

In 2023, the cost of cybercrime globally was projected to reach $8 trillion , with expectations to rise to $10.5 trillion by 2025. This staggering figure underscores the growing threat and the extensive damage cyberattacks can cause, including data breaches, downtime, and compromised sensitive information. On the journey of creating a secure business environment to deal with these emerging threats, compliance should be viewed as just the starting point, not the final destination.

article thumbnail

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

The Hacker News

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S.

Internet 109
article thumbnail

CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise

Penetration Testing

The security researchers have publicly disclosed technical details and proof-of-concept (PoC) exploit code for a CVE-2024-26581 (CVSS 7.8) vulnerability within the Linux kernel. The flaw poses a serious risk, allowing... The post CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise appeared first on Cybersecurity News.

Risk 111
article thumbnail

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

The Hacker News

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Choosing the Best Cybersecurity Prioritization Method for Your Organization

Security Boulevard

Threat monitoring and detection, such as Network Detection and Response (NDR), provide a complement to enhance a threat exposure management strategy. The post Choosing the Best Cybersecurity Prioritization Method for Your Organization appeared first on Security Boulevard.

article thumbnail

New AirPods are arriving next week. Here are the top 4 features I want to see

Zero Day

Industry insiders are confident Apple will announce new AirPods next week during the iPhone 16 launch. Although that's exciting to hear, there are a few things I'd like to see first.

98
article thumbnail

DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress

Penetration Testing

Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLPI and WordPress websites to distribute malicious loaders and maintain control over infected... The post DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress appeared first on Cybersecurity News.

Malware 101
article thumbnail

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

The Hacker News

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster

Penetration Testing

Progress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and load balancer solution. The vulnerability, which carries a CVSS... The post CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster appeared first on Cybersecurity News.

Software 100
article thumbnail

The new Soundcore Space One Pro are smaller and mightier in all the right ways

Zero Day

Soundcore's new Space One Pro headphones boast eight hours of runtime after only a quick five-minute charge. When folded up, they are about the size of a donut.

98
article thumbnail

Moscow Hacker Extradited To US For Cybercrime Involvement

Security Boulevard

As per recent reports, a Moscow hacker has been charged in the US on various accounts of cybercrime. Charges leveled against the hacker include allegedly stealing data, extorting victims, and laundering ransom payments since 2021. In this article, learn more about the threat actor his activities, and cover details about the charges. Deniss Zolotarjovs: The […] The post Moscow Hacker Extradited To US For Cybercrime Involvement appeared first on TuxCare.

article thumbnail

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

The Hacker News

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted organizations in Southeast Asia, Central Asia, and the Balkans.

Malware 91
article thumbnail

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

The Hacker News

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.

article thumbnail

CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access

Penetration Testing

A critical vulnerability, CVE-2024-7012, has been discovered in Foreman, a widely used open-source lifecycle management tool. This authentication bypass flaw, with a CVSS score of 9.8 (the highest severity rating),... The post CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access appeared first on Cybersecurity News.

article thumbnail

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

The Hacker News

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.