Schneier on Security

DECEMBER 17, 2024

Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware 276

Firmware Hacking Software 276

Penetration Testing

DECEMBER 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 121

Software Cybersecurity 121

SecureWorld News

DECEMBER 17, 2024

The U.S. government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). In a joint advisory released by the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) , organizations in the Water and Wastewater Systems sector are urged to secure HMIs, which provide critical access to industrial machines and control systems.

Internet 108

Internet Internet Risk Passwords 108

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. The report includes a set of recommendations to mitigate the exposure to the threat behind the current scanning campaigns. “The Federal Bureau of Investigation (FBI) is releasing this Private In

Architecture 107

Architecture Internet Internet Malware 107

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

SecureWorld News

DECEMBER 17, 2024

Researchers at Datadog Security Labs have uncovered a year-long, large-scale cybercrime campaign by a threat actor tracked as MUT-1244. This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Additionally, sensitive SSH private keys and AWS access keys were exfiltrated from compromised systems, implicating a diverse victim pool of red teamers, penetration testers, security researchers, and other malicious a

Phishing 108

Phishing Threat Detection Social Engineering Cybercrime 108

Security Affairs

DECEMBER 17, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference ( CVE-2024-35250 ) and Adobe ColdFusion Improper Access Control ( CVE-2024-20767 ) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 107

Hacking Cybersecurity Ransomware Risk 107

Security Boulevard

DECEMBER 17, 2024

CrowdStrike and Salt Security have extended their alliance to make it simpler to feed application programming interface (API) security data directly into a security information event management (SIEM) platform. The post CrowdStrike Allies With Salt Security to Improve API Security appeared first on Security Boulevard.

Security Awareness 114

Security Awareness Cybersecurity 114

Security Affairs

DECEMBER 17, 2024

Ukraine’s SBU uncovered an FSB espionage campaign recruiting minors for criminal activities disguised as “quest games.” The Security Service of Ukraine (SBU or SSU) uncovered a new espionage campaign linked to Russia’s intelligence agency Federal Security Service (FSB), which consists of involving minor Ukrainians in criminal activities under the guise of “quest games” In Kharkiv, Ukrainian law enforcement identified and detained two FSB agent groups of 15-16-

Accountability 105

Accountability Hacking Information Security 105

Thales Cloud Protection & Licensing

DECEMBER 17, 2024

Application and API Security in 2025: What Will the New Year Bring? madhav Wed, 12/18/2024 - 05:24 As we step into 2025, the critical importance of application and API security has never been more evident. In 2024, APIs solidified their role as the backbone of digital innovation. However, this surge in API adoption has also expanded the attack surface, with 27% of API attacks targeting business logic vulnerabilities , a 10% increase from the previous year.

Risk 71

Risk Digital transformation Software Technology 71

Penetration Testing

DECEMBER 17, 2024

Cybersecurity researchers from Netskope have uncovered a new side-loaded backdoor, dubbed Yokai, targeting Thai officials through decoy documents and a legitimate application. This campaign highlights the continued use of DLL... The post DLL Side-Loading Strikes Again: Yokai Backdoor Bypasses Security appeared first on Cybersecurity News.

Cybersecurity 66

Cybersecurity Malware 66

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Thales Cloud Protection & Licensing

DECEMBER 17, 2024

Application and API Security in 2025: What Will the New Year Bring? madhav Wed, 12/18/2024 - 05:24 As we step into 2025, the critical importance of application and API security has never been more evident. In 2024, APIs solidified their role as the backbone of digital innovation. However, this surge in API adoption has also expanded the attack surface, with 27% of API attacks targeting business logic vulnerabilities , a 10% increase from the previous year.

Risk 62

Risk Technology CISO Threat Detection 62

Tech Republic Security

DECEMBER 17, 2024

CrowdStrike's AI Survey reveals how generative AI is reshaping cybersecurity, uncovering trends and challenges faced by organizations today.

Cybersecurity 159

Cybersecurity Artificial Intelligence 159

Penetration Testing

DECEMBER 17, 2024

A new malware campaign, identified as I2PRAT (I2P Remote Access Trojan), is raising the bar for cybercriminals ability to evade detection. Detailed in a report by Banu Ramakrishnan, a Malware... The post New Malware I2PRAT Exploits Anonymous I2P Network for Stealthy Command and Control appeared first on Cybersecurity News.

Malware 63

Malware Cybersecurity 63

Security Affairs

DECEMBER 17, 2024

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers. Texas Tech University disclosed a data breach that impacted over 1.4 million individuals following a cyber attack. The security breach exposed the personal, health, and financial data from its health sciences centers, the Health Sciences Center and Health Sciences Center El Paso.

Data breaches 59

Data breaches Insurance Ransomware Cyber Attacks 59

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Penetration Testing

DECEMBER 17, 2024

A new report by CYFIRMA reveals an alarming escalation in cyber threats targeting the UK, orchestrated by Russian state-sponsored actors and privateer groups. Sophisticated campaigns now focus on critical infrastructure,... The post Russian State Actors Target UK Critical Infrastructure in New Cyber Campaign appeared first on Cybersecurity News.

Cyber threats 63

Cyber threats Cybersecurity 63

Tech Republic Security

DECEMBER 17, 2024

Uncover the pros and cons of Astrill VPN. Explore its speed, security, and features to see if its the right choice for privacy and performance.

VPN 147

VPN 147

Penetration Testing

DECEMBER 17, 2024

Forescout Research – Vedere Labs, in collaboration with PRODAFT, has unveiled a massive ransomware campaign exploiting vulnerabilities in DrayTek Vigor routers, marking a new frontier in the targeting of network... The post Massive Ransomware Campaign Targets DrayTek Routers appeared first on Cybersecurity News.

Ransomware 63

Ransomware Cybersecurity Malware 63

Security Boulevard

DECEMBER 17, 2024

As a passionate cybersecurity enthusiast & a professional with ColorTokens, participating in the recently concluded 19th Annual Information Security Summit (AISS) 2024, organized by NASSCOM-DSCI, was an invaluable opportunity to immerse myself in the latest trends, innovations, and discussions shaping our industry. AISS 2024 lived up to its reputation as Indias premier platform for cybersecurity [] The post Bits & Bytes: A Recap of AISS 2024 appeared first on ColorTokens.

Information Security 52

Information Security Cybersecurity 52

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Hacker's King

DECEMBER 17, 2024

The cybersecurity world has been abuzz with news of a new Linux variant of FASTCash, a sophisticated malware targeting the banking sector. FASTCash has gained notoriety for its ability to bypass banking security protocols, enabling cybercriminals to withdraw massive amounts of cash from ATMs. This new variant, designed to exploit Linux systems, signals a significant evolution in malware capabilities, highlighting the urgent need for robust defenses.

Banking 52

Banking Social Engineering Malware Cyber threats 52

The Hacker News

DECEMBER 17, 2024

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

Data breaches 125

Data breaches Accountability 125

Zero Day

DECEMBER 17, 2024

The biggest Ray-Ban update yet is here, and it makes the smart glasses more useful than ever.

Artificial Intelligence 124

Artificial Intelligence Technology 124

The Hacker News

DECEMBER 17, 2024

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.

Social Engineering 122

Social Engineering Malware Engineering 122

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Zero Day

DECEMBER 17, 2024

Also now available: An improved version of Google's Imagen 3 image generator and a fun, new experiment.

Artificial Intelligence 117

Artificial Intelligence Technology 117

WIRED Threat Level

DECEMBER 17, 2024

The marketing of illegal drugs on open platforms is gaining prominence, authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

Media 116

Media Marketing 116

The Hacker News

DECEMBER 17, 2024

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.

Malware 116

Malware Cyber Attacks Software 116

Penetration Testing

DECEMBER 17, 2024

A newly discovered vulnerability in MinIO, the popular open-source object storage platform, could allow any user to escalate their privileges to the administrator level, posing a significant risk to data... The post CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges appeared first on Cybersecurity News.

Risk 113

Risk Cybersecurity 113

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

DECEMBER 17, 2024

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.

Malware 112

Malware 112

WIRED Threat Level

DECEMBER 17, 2024

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

106

106

The Hacker News

DECEMBER 17, 2024

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity.

108

108

Heimadal Security

DECEMBER 17, 2024

This post is authored by Heimdals Cybersecurity Architect and Technical Product Marketing Manager Andrei Hinodache. You may know him as the face of our popular series of webinars. If you want to watch the full webinar this EDR strategy guide is based on, check out the recording here. If you want to understand why effective […] The post The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy appeared first on Heimdal Security Blog.

Marketing 98

Marketing Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!