Troy Hunt
FEBRUARY 8, 2024
Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year.
Schneier on Security
FEBRUARY 8, 2024
Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section 2 canvasses the different fields of law (warranty, negligence, products liability, and certification) that could provide a starting point for what would have to be legislative action establis
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
FEBRUARY 8, 2024
Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this was a purposeful attempt to trick users installing the fake app.
Bleeping Computer
FEBRUARY 8, 2024
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 8, 2024
Find out the difference between Atlas VPN's free and premium options and choose the best plan for your online security and privacy needs.
The Hacker News
FEBRUARY 8, 2024
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
FEBRUARY 8, 2024
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [.
Security Boulevard
FEBRUARY 8, 2024
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault. The post Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 8, 2024
A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting (XSS) attacks—both common techniques— to extract the sensitive information from the websites. The attacks primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam.
Security Boulevard
FEBRUARY 8, 2024
Hackers with the Chinese state-sponsored threat group Volt Typhoon continue to hide away in computers and networks of U.S. critical infrastructure entities, “pre-positioning” themselves to disrupt operations if conflicts between the United States and China arise, according to the top U.S. cybersecurity agency. In a stark warning this week, the Cybersecurity and Infrastructure Security Agency.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Last Watchdog
FEBRUARY 8, 2024
Kenilworth, NJ, Feb. 8, 2024 – Diversified , a leading global technology solutions provider, today announced a partnership and trio of solutions with GroCyber. Together, the companies are empowering AV and media companies to improve their cybersecurity stance by providing a “clean bill of health” for their digital media environments, ensuring hardware and software are current, and protecting media storage and devices against the threat of malware.
WIRED Threat Level
FEBRUARY 8, 2024
In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED show.
The Hacker News
FEBRUARY 8, 2024
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam.
Graham Cluley
FEBRUARY 8, 2024
New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023. Read more in my article on the Tripwire State of Security blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
FEBRUARY 8, 2024
Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?
Bleeping Computer
FEBRUARY 8, 2024
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [.
Penetration Testing
FEBRUARY 8, 2024
Honeyscanner – A vulnerability analyzer for Honeypots Honeyscanner is a vulnerability analyzer for honeypots designed to automatically attack a given honeypot, in order to determine if the honeypot is vulnerable to specific types of... The post Honeyscanner – A vulnerability analyzer for Honeypots appeared first on Penetration Testing.
Security Affairs
FEBRUARY 8, 2024
China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. US CISA, the NSA, the FBI, along with partner Five Eyes agencies, published a joint advisory to warn that China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. “the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and foothold
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
FEBRUARY 8, 2024
Two US insurance companies are warning that thousands of individuals' personal information may have been stolen after hackers compromised computer systems. Read more in my article on the Hot for Security blog.
Security Affairs
FEBRUARY 8, 2024
CISCO fixed two critical flaws in Expressway Series collaboration gateways exposing vulnerable devices to cross-site request forgery (CSRF) attacks. Cisco addressed several vulnerabilities in its Expressway Series collaboration gateways, two of which, tracked as CVE-2024-20252 and CVE-2024-20254, are critical flaws that can lead to cross-site request forgery (CSRF) attacks. “Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct c
Penetration Testing
FEBRUARY 8, 2024
Apache bRPC is an Industrial-grade RPC framework using C++ Language, which is often used in high-performance system such as Search, Storage, Machine learning, Advertisement, Recommendation, etc. However, this crucial infrastructure was recently found vulnerable... The post CVE-2024-23452: Apache bRPC HTTP Request Smuggling Vulnerability appeared first on Penetration Testing.
Security Affairs
FEBRUARY 8, 2024
U.S. Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. The US Department of State announced rewards up to $10,000,000 for information leading to the identification and/or location of the leaders of the Hive ransomware group. The US government also offers rewards up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country who participated or attempted to par
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 8, 2024
Although generative AI is driving a spike in attacks, it can also serve as another line of cybersecurity defense. The post 2024 Cyberthreat Forecast: AI Attacks, Passkey Solutions and SMBs in the Crosshairs appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 8, 2024
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [.
Security Affairs
FEBRUARY 8, 2024
Several media reported that three million electric toothbrushes were compromised and recruited into a DDoS botnet. Is it true? The Swiss newspaper Aargauer Zeitung first published the news of a DDoS attack, carried out on January 30, that involved three million compromised electric toothbrushes. The journalists reported that threat actors gained access to three million electric toothbrushes and installed a malware that joined them to the botnet.
Bleeping Computer
FEBRUARY 8, 2024
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
FEBRUARY 8, 2024
Known for doing business with far-right extremist websites, Epik has been acquired by a company that specializes in helping businesses keep their operations secret.
Bleeping Computer
FEBRUARY 8, 2024
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [.
Graham Cluley
FEBRUARY 8, 2024
After hundreds of media outlets worldwide repeated the false claim that a botnet of three million toothbrushes attacked a Swiss company, the cybersecurity firm at the centre of the story has now issued a statement.
Bleeping Computer
FEBRUARY 8, 2024
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
247 
Let's personalize your content