Tue.Jun 18, 2024

article thumbnail

Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends

Tech Republic Security

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%. Three of the other vulnerability trends in this report relate to Microsoft.

Mobile 183
article thumbnail

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks

Penetration Testing

Trellix, a prominent cybersecurity provider, has issued urgent patches for two critical vulnerabilities discovered in its Intrusion Prevention System (IPS). The flaws, tracked as CVE-2024-5671 and CVE-2024-5731, leave unprotected systems vulnerable to remote code... The post CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Is Zero Trust Security?

Tech Republic Security

In today’s dynamic threat environment, traditional security perimeters are proving to be increasingly vulnerable. Ray Fernandez, writing for TechRepublic Premium, presents an in-depth exploration of zero trust security that offers professionals a clear path to strengthening their security posture and compliance by providing a deep understanding of the concepts and principles, delving into its operational.

143
143
article thumbnail

Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM

The Hacker News

A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

VMware fixes critical vCenter RCE vulnerability, patch now

Bleeping Computer

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. [.

138
138
article thumbnail

CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials

Penetration Testing

A critical vulnerability has been discovered in the Rancher Kubernetes Engine (RKE), a widely used Kubernetes distribution that simplifies the installation and operation of Kubernetes. This vulnerability, identified as CVE-2023-32191 and rated with a... The post CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials appeared first on Cybersecurity News.

More Trending

article thumbnail

Survey Surfaces Lack of Confidence in Security Tools

Security Boulevard

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches. The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

article thumbnail

Analysis of user password strength

SecureList

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of same-case English letters and digits, or 36 combinable characters, within just 17 seconds.

Passwords 122
article thumbnail

Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated.

Security Boulevard

Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face. The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.

article thumbnail

The 5 Best VPNs With Free Trials in 2024

Tech Republic Security

Here are the best VPNs with free trials available today. They offer access to premium VPN features and let you test drive paid VPNs without purchasing a subscription.

VPN 118
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

ASUS Router User? Patch ASAP!

Security Boulevard

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto. The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

Firmware 135
article thumbnail

Data breach at Total Fitness exposed almost half a million people’s photos – no password required

Graham Cluley

UK-based gym chain Total Fitness has been accused of sloppy security, following the discovery of an unsecured database containing the images of 470,000 members and staff - all accessible to anyone on the internet, no password required. Read more in my article on the Hot for Security blog.

Passwords 118
article thumbnail

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

The Hacker News

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.

115
115
article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

The remote code execution vulnerabilities from last week’s recap continue, and Microsoft Patch Tuesday identifies plenty of issues to patch — but fortunately, most of them aren’t critical vulnerabilities. PHP’s Windows flaw is now being exploited by ransomware, almost immediately after researchers publicized the issue. Google also has an elevation of privilege vulnerability in its Pixel phones, among others; Android has published fixes for all the device issues.

Firmware 113
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

The Hacker News

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.

Software 111
article thumbnail

Explained: Android overlays and how they are used to trick people

Malwarebytes

Sometimes you’ll see the term “overlays” used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are visiting a legitimate website or using a trusted app while in reality they are not.

article thumbnail

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

The Hacker News

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

article thumbnail

ONNX phishing service targets Microsoft 365 accounts at financial firms

Bleeping Computer

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [.

Phishing 111
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

The Financial Dynamics Behind Ransomware Attacks

Security Affairs

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate sensitive data and then threaten to publicly expose it if a ransom demand is not paid.

article thumbnail

Malvertising Campaign Uses Fake Installers to Spread Oyster Backdoor

Penetration Testing

Rapid7, a cybersecurity firm, has uncovered a recent malvertising campaign using fake software installers to distribute the Oyster backdoor, also known as Broomstick. This sophisticated malware targets users searching for popular downloads like Google... The post Malvertising Campaign Uses Fake Installers to Spread Oyster Backdoor appeared first on Cybersecurity News.

Malware 107
article thumbnail

Convicted BEC scammer could face over 100 years in prison

Graham Cluley

A US court has found a Nigerian national guilty of charges related to a US $1.5 million business email compromise (BEC) scam and could face the rest of his life in prison as a consequence. Read more in my article on the Hot for Security blog.

Scams 106
article thumbnail

Scathing report on Medibank cyberattack highlights unenforced MFA

Bleeping Computer

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [.

102
102
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Hacker News

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.

Malware 103
article thumbnail

Microsoft says bug causes Windows 10 apps to display Open With dialogs

Bleeping Computer

Microsoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [.

95
article thumbnail

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

The Hacker News

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA).

CISO 98
article thumbnail

VMware fixed RCE and privilege escalation bugs in vCenter Server

Security Affairs

VMware addressed vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. VMware addressed multiple vCenter Server vulnerabilities that remote attackers can exploit to achieve remote code execution or privilege escalation. vCenter Server is a centralized management platform developed by VMware for managing virtualized environments.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

43% of couples experience pressure to share logins and locations, Malwarebytes finds

Malwarebytes

All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of physical or emotional harm. These are latest findings from original research conducted by Malwarebytes to explore how romantic couples navigate shared digital access to one another’s devices, accounts, and loc

article thumbnail

Meta delays training its AI using public content shared by EU users 

Security Affairs

Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU. Meta announced it is delaying the training of its large language models (LLMs) using public content shared by adults on Facebook and Instagram following the Irish Data Protection Commission (DPC) request. “The DPC welcomes the decision by Meta to pause its plans to train its large language model using public content shared by adults on Facebook a

Hacking 95
article thumbnail

FTC files complaint against Adobe for deceptive cancellation practices

Bleeping Computer

The Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. [.

article thumbnail

How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report

Cisco Security

The Cisco Cyber Threat Trends report examines malicious domains for trends and patterns. See what the data tells us about the threat landscape. The Cisco Cyber Threat Trends report examines malicious domains for trends and patterns. See what the data tells us about the threat landscape.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?