Sat.Oct 28, 2023 - Fri.Nov 03, 2023

article thumbnail

The Future of Drone Warfare

Schneier on Security

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million. […] A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating

Wireless 289
article thumbnail

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

The Last Watchdog

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transitio

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service , which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

article thumbnail

Weekly Update 372

Troy Hunt

Yes, the Lenovo is Chinese. No, I'm not worried about Superfish. Yes, I'm running windows. No, I don't want a Framework laptop. Seemed to be a lot of time this week gone on talking all things laptops, and there are clearly some very differing views on the topic. Some good suggestions, some neat alternatives and some ideas that, well, just seem a little crazy.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New York Increases Cybersecurity Rules for Financial Companies

Schneier on Security

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security program has “sufficient resources” to function.

article thumbnail

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Tech Republic Security

Google's Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.

More Trending

article thumbnail

Vital U.S. Partnerships With Canada on All Things Cyber

Lohrman on Security

At the InCyber Forum North America, held this past week in Montréal, Canada, the importance of maintaining meaningful global partners in cybersecurity was never more evident.

article thumbnail

Spyware in India

Schneier on Security

Apple has warned leaders of the opposition government in India that their phones are being spied on: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….” AccessNow puts this in context : For India to uphold fundamental rights, authorities must initiate an immedi

Spyware 261
article thumbnail

Artificial Intelligence: The Biggest Dangers Aren’t The Ones We Are Discussing (Part 1)

Joseph Steinberg

While many people seem to be discussing the dangers of Artificial Intelligence (AI) – many of these discussions seem to focus on, what I believe, are the wrong issues. I began my formal work with AI while a graduate student at NYU in the mid-1990s; the world of AI has obviously advanced quite a bit since that time period, but, many of the fundamental issues that those of us in the field began recognizing almost 3 decades ago not only remain un-addressed, but continue to pose increasingly l

article thumbnail

Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow

Tech Republic Security

The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe's stringent data laws.

Big data 165
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Frameworks for DE-Friendly CTI (Part 5)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (

article thumbnail

Hacking Scandinavian Alcohol Tax

Schneier on Security

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the notoriously high alcohol taxes: Åland is a member of the EU and its currency is the euro, but Åland’s relationship with the EU is regulated by way of a special protocol.

Hacking 252
article thumbnail

Unmasking the Cracks of Today’s Cyber Defence

Jane Frankland

C-suites across all industries, from traditional finance to the latest “unicorns” emerging in the fintech industry, are facing a formidable challenge: how to protect their business and customer data against growing cyber threats. However, new research from e2e-assure has revealed that few organisations are taking full advantage of security technologies available today.

CISO 147
article thumbnail

Australian CEOs Struggling to Face Cyber Risk Realities

Tech Republic Security

Research has found 91% of CEOs view IT security as a technical function that's the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to become an ethical hacker: A step-by-step guide

Hack the Box

Our Head of Security, Ben Rollin, calls on more than a decade of experience in cybersecurity to break down the practical steps to a career in ethical hacking.

Hacking 145
article thumbnail

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

The Hacker News

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.

Firmware 143
article thumbnail

Thales Wins Big in 2023

Thales Cloud Protection & Licensing

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. Protecting our customers from cybersecurity threats brings us immense satisfaction, and being recognized for our efforts is both humbling and validating. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes.

Marketing 143
article thumbnail

G7 Countries Establish Voluntary AI Code of Conduct

Tech Republic Security

The code of conduct provides guidelines for AI regulation across G7 countries and includes cybersecurity considerations and international standards.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Security Affairs

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel ( @vcslab ) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed to the vendors, the ZDI gives them 90 days to address these flaws.

Hacking 143
article thumbnail

CanesSpy Spyware Discovered in Modified WhatsApp Versions

The Hacker News

Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy. These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts 2 million users.

Spyware 142
article thumbnail

Boeing Confirms Cyberattack, System Compromise

Dark Reading

The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.

142
142
article thumbnail

Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

Tech Republic Security

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. Protect your company from Octo Tempest with these tips.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

Security Affairs

The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets. The Russian intelligence agency Federal Security Service (FSB) arrested two individuals who are suspected of supporting Ukrainian entities to carry out cyberattacks to disrupt Russian critical infrastructure.

Media 142
article thumbnail

Abusing Entra ID Misconfigurations to Bypass MFA

NetSpi Technical

On a recent external assessment, I stumbled upon a method to bypass a client’s MFA requirement: access a single-sign on (SSO) token and leverage that token to access internal applications that—by policy—should have been locked behind an MFA prompt, all without triggering an MFA alert on the end-user’s mobile device. This was possible due to a misconfiguration in the client’s Entra ID Conditional Access Policy for third-party MFA and a first-party integration with the myaccount.microsoft.co

article thumbnail

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

The Hacker News

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score: 8.

141
141
article thumbnail

UK AI Safety Summit: Global Powers Make ‘Landmark’ Pledge to AI Safety

Tech Republic Security

Global leaders from 28 nations have gathered in the U.K. for an influential summit dedicated to AI regulation and safety. Here’s what you need to know.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Okta customer support system breach impacted 134 customers

Security Affairs

Threat actors who breached the Okta customer support system also gained access to files belonging to 134 customers. Threat actors who breached the Okta customer support system in October gained access to files belonging to 134 customers, the company revealed. Some of the files accessed by the attackers are HAR files that contained session tokens. According to the company, the threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers.

article thumbnail

Should you allow your browser to remember your passwords?

Malwarebytes

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started. Once you’ve stored your tens or even hundreds of passwords, a password manager is relatively convenient to use and keep updated.

Passwords 138
article thumbnail

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

The Hacker News

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.

Software 140
article thumbnail

What Is a VPN? Definition, How It Works, and More

Tech Republic Security

A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.

VPN 153
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!