Voice Cloning with Very Short Samples
Schneier on Security
JANUARY 15, 2024
New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.
Mon.Jan 15, 2024
256 
Weekly Update 382
Troy Hunt
JANUARY 15, 2024
Geez it's nice to be back in Oslo! This city has such a special place in my heart for so many reasons, not least of which by virtue of being Charlotte's home town we have so many friends and family here. Add in NDC Security this week with so many more mutual connections, beautiful snowy weather, snowboarding, sledging and even curling, it's just an awesome time.
Join 29,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Latest Adblock update causes massive YouTube performance hit
Bleeping Computer
JANUARY 15, 2024
Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. [.
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack
Security Affairs
JANUARY 15, 2024
Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulner
The Importance of User Roles and Permissions in Cybersecurity Software
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Windows SmartScreen flaw exploited to drop Phemedrone malware
Bleeping Computer
JANUARY 15, 2024
A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [.
Critical flaw found in WordPress plugin used on over 300,000 websites
Graham Cluley
JANUARY 15, 2024
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. Read more in my article on the Tripwire State of Security blog.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
Stupid Human Tricks: Top 10 Cybercrime Cases of 2023
Security Boulevard
JANUARY 15, 2024
Mark Rasch examines 2023 cybercrime cases that appear to be the most impactful—not the most extensive or expensive—just the most “interesting.” The post Stupid Human Tricks: Top 10 Cybercrime Cases of 2023 appeared first on Security Boulevard.
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
Bleeping Computer
JANUARY 15, 2024
Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. [.
What is Identity Threat Detection and Response?
Security Boulevard
JANUARY 15, 2024
Identity Threat Detection and Response (ITDR) remains crucial for preventing unauthorized access and mitigating security breaches The security of digital identities has never been more paramount, and Identity Threat Detection and Response (ITDR) is a 2024 cybersecurity approach focusing on protecting and managing digital identities. Understanding Identity Threat Detection and Response ITDR refers to the.
Balada Injector continues to infect thousands of WordPress sites
Security Affairs
JANUARY 15, 2024
Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. In September, Sucuri researchers reported that more than 17,000 WordPress websites had been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023.
IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Windows Copilot autostart tests limited to 27" displays or larger
Bleeping Computer
JANUARY 15, 2024
Microsoft says that tests of a controversial new Windows 11 feature that automatically opens the AI-powered Copilot assistant after Windows starts are limited to systems with 27-inch displays. [.
Experts warn of a vulnerability affecting Bosch BCC100 Thermostat
Security Affairs
JANUARY 15, 2024
Researchers warn of high-severity vulnerability affecting Bosch BCC100 thermostats. Researchers from Bitdefender discovered a high-severity vulnerability affecting Bosch BCC100 thermostats. The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version.
New Jersey Privacy Act: What to Expect
Security Boulevard
JANUARY 15, 2024
The last couple of years have seen a wave of state privacy law proposals across the United States. As of 2018, only California had passed a comprehensive privacy law. By late 2022, the federal government and 29 states were playing the game, with even more getting in line. Among this deluge of legislation and bills […] The post New Jersey Privacy Act: What to Expect appeared first on Centraleyes.
Attackers target Apache Hadoop and Flink to deliver cryptominers
Security Affairs
JANUARY 15, 2024
Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners. Cybersecurity researchers from cyber security firm Aqua have uncovered a new attack targeting Apache Hadoop and Flink applications. The attacks exploit misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency cryptocurrency miners.
Cybersecurity Predictions for 2024
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Critical Linux Security Updates for Debian 12 and Debian 11
Security Boulevard
JANUARY 15, 2024
In the dynamic realm of cybersecurity, staying ahead of potential threats is crucial for maintaining a secure computing environment. For Debian GNU/Linux users, keeping the system updated with the latest security patches is an essential step towards fortifying your digital fortress. These updates address several security vulnerabilities to enhance the overall system security.
Phemedrone info stealer campaign exploits Windows smartScreen bypass
Security Affairs
JANUARY 15, 2024
Threat actors exploit a recent Windows SmartScreen bypass flaw CVE-2023-36025 to deliver the Phemedrone info stealer. Trend Micro researchers uncovered a malware campaign exploiting the vulnerability CVE-2023-36025 (CVSS score 8.8) to deploy a previously unknown strain of the malware dubbed Phemedrone Stealer. The vulnerability was addressed by Microsoft with the release of Patch Tuesday security updates for November 2023.
Fidelity National Financial acknowledges data breach affecting 1.3 million customers
Malwarebytes
JANUARY 15, 2024
In November 2023, real estate services company Fidelity National Financial (FNF) got its systems knocked offline for a week after a cyberincident. As is often the case these days, it turns out that the cyberincident was very likely a ransomware attack that included a data breach. Ransomware operators typically steal data from the compromised systems to use as extra leverage against the victim.
Ivanti Connect Secure zero-days now under mass exploitation
Bleeping Computer
JANUARY 15, 2024
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation. [.
Beware of Pixels & Trackers on U.S. Healthcare Websites
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
LinikatzV2: A tool to attack Active Directory on UNIX
Penetration Testing
JANUARY 15, 2024
LinikatzV2 LinikatzV2 is a bash script based on the Linikatz tool developed by a time machine. It allows post-exploitation tasks on UNIX computers joined to Active Directory, using various methods for credential mining. This... The post LinikatzV2: A tool to attack Active Directory on UNIX appeared first on Penetration Testing.
US court docs expose fake antivirus renewal phishing tactics
Bleeping Computer
JANUARY 15, 2024
In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. [.
Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems
Penetration Testing
JANUARY 15, 2024
A new security vulnerability was found in the GRUB boot manager, CVE-2023-4001. This vulnerability, rated at a concerning 5.6 on the Common Vulnerability Scoring System (CVSS), presents a unique challenge in the realm of... The post Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems appeared first on Penetration Testing.
Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else…
Graham Cluley
JANUARY 15, 2024
Hundreds of pet owners across the UK have reported that they have received blackmail threats from scammers who claim to have found their lost pooches and missing moggies. Read more in my article on the Hot for Security blog.
5 Key Findings From the 2023 FBI Internet Crime Report
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
apk2url: quickly extract IP and URL endpoints from APKs
Penetration Testing
JANUARY 15, 2024
apk2url apk2url easily extracts URL and IP endpoints from an APK file to a.txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints... The post apk2url: quickly extract IP and URL endpoints from APKs appeared first on Penetration Testing.
A week in security (January 8 – January 14)
Malwarebytes
JANUARY 15, 2024
Last week on Malwarebytes Labs: FCC wants cars to make life harder for stalkers Joomla! vulnerability is being actively exploited Act now! Ivanti vulnerabilities are being actively exploited Ransomware review: January 2024 Info-stealers can steal cookies for permanent access to your Google account Atomic Stealer rings in the new year with updated version Patch now!
Unmasking Sandworm: Forescout’s Analysis of Danish and Ukrainian Energy Cyberattacks
Penetration Testing
JANUARY 15, 2024
In the landscape of cybersecurity, the energy sector remains a critical area vulnerable to sophisticated cyberattacks. Forescout Vedere Labs’ recent threat briefing sheds light on two distinct cyberattacks targeting this sector in Denmark and... The post Unmasking Sandworm: Forescout’s Analysis of Danish and Ukrainian Energy Cyberattacks appeared first on Penetration Testing.
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
The Hacker News
JANUARY 15, 2024
Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system.
Software Composition Analysis: The New Armor for Your Cybersecurity
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Silent Threat: Unmasking Undetected macOS InfoStealers
Penetration Testing
JANUARY 15, 2024
In the realm of cybersecurity, the rise of sophisticated infostealers targeting macOS has emerged as a significant threat. These advanced malware variants, like KeySteal, Atomic InfoStealer, and CherryPie, are adept at evading detection and... The post The Silent Threat: Unmasking Undetected macOS InfoStealers appeared first on Penetration Testing.
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer
The Hacker News
JANUARY 15, 2024
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said.
Embedding Security Into Cloud Operations: 5 Key Considerations
Security Boulevard
JANUARY 15, 2024
Cloud operations involves more than technology; it's about a culture that values agility, flexibility and continuous improvement. The post Embedding Security Into Cloud Operations: 5 Key Considerations appeared first on Security Boulevard.
High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners
The Hacker News
JANUARY 15, 2024
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems.
From Complexity to Clarity: Strategies for Effective Compliance and Security Measures
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Let's personalize your content