Sat.Jan 18, 2025 - Fri.Jan 24, 2025

article thumbnail

AI Mistakes Are Very Different from Human Mistakes

Schneier on Security

Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make.

article thumbnail

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

DNS 356
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

You Can't Trust Hackers, and Other Data Breach Verification Tales

Troy Hunt

It's hard to find a good criminal these days. I mean a really trustworthy one you can be confident won't lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive electronics retailer down under and they have my data! I mean by design because I've bought a bunch of stuff from them, so I was curious not just about my own data but because a breach of 12 million plus people would be massive in a coun

article thumbnail

GhostGPT: Uncensored Chatbot Used by Cyber Criminals for Malware Creation, Scams

Tech Republic Security

Researchers from Abnormal Security discovered an advert for the chatbot on a cybercrime forum and tested its capabilities by asking it to create a DocuSign phishing email.

Scams 205
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 202

Internet 144
article thumbnail

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

It had been another long day, and I’d let the non-stop barrage of tasks and notifications, each one demanding more bandwidth than I had to spare, get to me. As I sat in my kitchen, chatting to my daughter about the amount of pings each of us got, an uncomfortable thought surfaced. A few minutes earlier, Id been scrolling through LinkedIn when a video caught my attention.

More Trending

article thumbnail

Phishing Emails Targeting Australian Firms Rise by 30% in 2024

Tech Republic Security

The number of phishing emails received by Australians surged by 30% last year, according to new research by Abnormal Security.

Phishing 161
article thumbnail

AI tool GeoSpy analyzes images and identifies locations in seconds

Malwarebytes

It’s just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence (AI) supported tool that can derive a persons location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on one picture. Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement.

Media 144
article thumbnail

Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19

Adam Shostack

Emerging research on Cyber Public Health The importance of learning is a key theme of my work. Learning never ends, no matter how far we progress in our careers. In the spirit of learning, I'm happy to share the publication of a new research paper, Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19 Threat Modeling. If you've been following my work for some time, you may not be surprised by the analysis of public health and threat modeling.

article thumbnail

CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code

Penetration Testing

Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for a The post CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Create a Secure Username

Tech Republic Security

Discover how to create a unique and secure username for your online accounts, and find out why its just as important as having a strong password.

Passwords 162
article thumbnail

Your location or browsing habits could lead to price increases when buying online

Malwarebytes

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report looking into that practice. In July 2024, the FTC requested information from eight companies offering surveillance pricing products and services that incorporate data about consumers characteristics and behavi

article thumbnail

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Security Affairs

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a popular performance optimization tool designed to improve the speed and efficiency of WordPress websites.

article thumbnail

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

The Hacker News

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

Firmware 142
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security

Tech Republic Security

The phishing-as-a-service kit from Sneaky Log creates fake authentication pages to farm account information, including two-factor security codes.

Phishing 152
article thumbnail

Zero-Day Vulnerability in Windows Exploited: CVE-2024-49138 PoC Code Released

Penetration Testing

Security researcher MrAle_98 recently published a proof-of-concept (PoC) exploit for a zero-day vulnerability, CVE-2024-49138. This flaw, which affects The post Zero-Day Vulnerability in Windows Exploited: CVE-2024-49138 PoC Code Released appeared first on Cybersecurity News.

article thumbnail

J-magic malware campaign targets Juniper routers

Security Affairs

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a passive agent based on the cd00r variant (an open-source backdoor by fx ).

Malware 118
article thumbnail

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

The Hacker News

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.

Internet 143
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

WIRED Threat Level

Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars location historiesand Subaru employees still can.

Hacking 140
article thumbnail

Texas scrutinizes four more car manufacturers on privacy issues

Malwarebytes

The Texas Attorney Generals Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We’ve addressed cars and privacy at some length on Malwarebytes Labs and came to the conclusionwith the help of many experts in the fieldthat modern cars simply aren’t very good at it.

article thumbnail

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US governments cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers exploited four Ivanti flaws ( CVE-2024-8963 , CVE-2024-9379 , CVE-2024-8190 , CVE-2024-9380 ) to achieve remote cod

Hacking 114
article thumbnail

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device

The Hacker News

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia.

DDOS 140
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Future-Proof Your WordPress Site: Essential Plugins for 2025

IT Security Guru

The digital landscape is constantly growing and evolving. As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. For any digital professional, remaining dedicated to top-quality practice that stands the test of time is just the start. This means staying ahead of the curve and leveraging the best tools available. When it comes to WordPress, that often means choosing the right plugins at the right time.

article thumbnail

How to set up God Mode in Windows 11 - and the wonders you can do with it

Zero Day

God Mode provides easy access to an array of Windows settings from one single window. Here's how it works.

138
138
article thumbnail

TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks

Penetration Testing

Security researcher Joward has published an in-depth analysis and Proof of Concept (PoC) exploit for a critical vulnerability, The post TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks appeared first on Cybersecurity News.

Risk 145
article thumbnail

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

The Hacker News

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.

135
135
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published research findings on the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, specifically focusing on the Mercedes-Benz Head Unit. The researchers started from the results of another study conducted by KeenLab on the MBUX internals.

Software 129
article thumbnail

The top 10 brands exploited in phishing attacks - and how to protect yourself

Zero Day

Impersonating a well-known brand is an easy way for scammers to get people to click their malicious links. Here's what to watch for.

Phishing 134
article thumbnail

AI-Powered Phishing: Defending Against New Browser-Based Attacks

SecureWorld News

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. These sophisticated threats are pushing organizations to reevaluate their defense strategies, particularly in the realm of browser security. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before.

Phishing 105
article thumbnail

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

The Hacker News

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!