Fri.May 24, 2024

article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

Marketing 249
article thumbnail

AI Seoul Summit: 4 Key Takeaways on AI Safety Standards and Regulations

Tech Republic Security

Major breakthroughs were made in global nations’ AI safety commitments, AI safety institutes, research grants and AI risk thresholds at this month’s AI Seoul Summit.

Risk 146
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information

Penetration Testing

Security researcher Matthias Gerstner has discovered a critical vulnerability (CVE-2024-5148) in GNOME Remote Desktop versions 46.0 and 46.1, potentially exposing sensitive information and allowing unauthorized access to remote desktop sessions. gnome-remote-desktop offers remote access... The post CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information appeared first on Penetration Testing.

article thumbnail

CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Tech Republic Security

A leading cyber lawyer in Australia has warned CISOs and other IT leaders their organisations and careers could be at stake if they do not understand data risk and data governance practices.

CISO 134
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Microsoft Copilot fixed worldwide after 24 hour outage

Bleeping Computer

After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [.

Software 132
article thumbnail

Get a Lifetime of 1TB Cloud Storage for Only $80 With FolderFort

Tech Republic Security

Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security.

148
148

More Trending

article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year

Bleeping Computer

Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [.

136
136
article thumbnail

Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP

The Hacker News

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

article thumbnail

CISO Cite Human Error as Top IT Security Risk

Security Boulevard

It’s the wetware. It’s always the wetware. But that’s not the only takeaway from this year’s Voice of the CISO report. The post CISO Cite Human Error as Top IT Security Risk appeared first on Security Boulevard.

CISO 125
article thumbnail

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The Hacker News

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cencora data breach exposes US patient info from 8 drug companies

Bleeping Computer

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [.

article thumbnail

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

The Hacker News

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.

Antivirus 125
article thumbnail

Microsoft: Windows 24H2 will remove Cortana and WordPad apps

Bleeping Computer

Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [.

131
131
article thumbnail

Top Cyber Security Companies in Bangalore

Security Boulevard

Bangalore, often referred to as the Silicon Valley of India, is home to numerous companies specializing in cybersecurity. Given the increasing prevalence of cyber threats and attacks, investing in cybersecurity has become imperative for businesses to safeguard their assets and information. With the rapid digitization of businesses and the increasing prevalence of cyber threats, robust cybersecurity […] The post Top Cyber Security Companies in Bangalore appeared first on Kratikal Blogs.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services.

DNS 120
article thumbnail

ICQ messenger shuts down after almost 28 years

Bleeping Computer

The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [.

Software 140
article thumbnail

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information.

article thumbnail

New ShrinkLocker ransomware uses BitLocker to encrypt your files

Bleeping Computer

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

Security Affairs

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. “You can use Recall on Copilot+ PCs to find the content you have viewed on your device.

article thumbnail

Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies

The Hacker News

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.

article thumbnail

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519 , is an improper access control vulnerability in Apache Flink.

article thumbnail

USENIX Security ’23 – Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness

Security Boulevard

Authors/Presenters:Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, Xinyu Xing Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Risk 104
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Security Affairs

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity ‘type confusion’ in the V8 JavaScript engine, the Google researcher Clément Lecigne and Brendon Tiszka discovered it.

article thumbnail

Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack

The Hacker News

Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor. The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.

Software 105
article thumbnail

Almost all citizens of city of Eindhoven have their personal data exposed

Graham Cluley

A data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. And then they chose not to tell the affected 221,511 people about it. Read more in my article on the Hot for Security blog.

article thumbnail

Cencora data breach exposes US patient info from 11 drug companies

Bleeping Computer

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

The Hacker News

Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.

CISO 98
article thumbnail

Overcoming Survivorship Bias in Cybersecurity

SecureWorld News

During World War II, statistician Abraham Wald provided a counterintuitive recommendation for reducing bomber losses. He suggested reinforcing sections of aircraft that showed no damage after missions. His rationale was clear: damage on returning bombers indicated where an aircraft could sustain hits and still survive. Thus, undamaged areas represented critical vulnerabilities; bombers hit in these sections likely never returned.

article thumbnail

How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar

The Hacker News

Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day.

article thumbnail

Courtroom Recording Software Compromised in Supply Chain Attack

Security Boulevard

Threat actors compromised a popular audio-visual software package used in courtrooms, prisons, government, and lecture rooms around the world by injecting a loader malware that gives the hackers remote access to infected systems, collecting data about the host computer and downloading more malicious payloads along the way. The software supply chain attack targeted Justice AV.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?