Sat.Dec 14, 2024 - Fri.Dec 20, 2024

article thumbnail

Unwrapping Cybersecurity: A Festive “Die Hard” Guide

Javvad Malik

It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than Bruce Willis can say, Yippee ki yay. In the festive spirit of Die Hard,” lets see how we can make our holidays less like Nakatomi Plaza and a bit more secure. Jingle Bells, Phishing Smells, Educate All the Way Phishing does not take a holiday.

article thumbnail

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

The Hacker News

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.

Wireless 122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Short-Lived Certificates Coming to Let’s Encrypt

Schneier on Security

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

article thumbnail

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Hacking 207
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hacking Digital License Plates

Schneier on Security

Not everything needs to be digital and “smart.” License plates, for example : Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to jailbreak digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.

Firmware 266
article thumbnail

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying.

More Trending

article thumbnail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

article thumbnail

Mailbox Insecurity

Schneier on Security

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.

266
266
article thumbnail

Weekly Update 430

Troy Hunt

I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowing and there's not a supercar in sight. Back on business, this week I'm talking about the challenge of loading breaches and managing costs. A breach load immediately takes us from a very high percentage cache hit ratio on Cloudflare to zero.

article thumbnail

LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Part four of our four-part series From cybersecurity skills shortages to the pressures of hybrid work, the challenges facing organizations are at an all-time high. Experts here explore the importance of fostering a resilient workforce, backed by AI-enhanced training and layered security strategies.

Risk 173
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

5 million payment card details stolen in painful reminder to monitor Christmas spending

Malwarebytes

Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more.

article thumbnail

New Advances in the Understanding of Prime Numbers

Schneier on Security

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.

261
261
article thumbnail

Ransomware to Cause ‘Bumpy’ Security Ride in 2025

Tech Republic Security

Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.

article thumbnail

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Penetration Testing

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

TP-Link faces US national security probe, potential ban on devices

Malwarebytes

The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company’s devices in the United States. The investigation comes amid heightened tension between the US and the Chinese government, and after a public letter from members of the US House of Representatives this summer that alleged that TP-Link was engaged in predatory pricing practices, driven by ulterior motives, and possibly sponsored by Ch

Marketing 119
article thumbnail

Upcoming Speaking Events

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM , in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom.

article thumbnail

CrowdStrike Survey Highlights Security Challenges in AI Adoption

Tech Republic Security

CrowdStrike's AI Survey reveals how generative AI is reshaping cybersecurity, uncovering trends and challenges faced by organizations today.

article thumbnail

CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws

Penetration Testing

Foxit has released a crucial security update for its widely used Foxit PDF Reader and Foxit PDF Editor. The update, version 2024.4, resolves multiple vulnerabilities that pose significant risks, including... The post CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws appeared first on Cybersecurity News.

Risk 139
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi.

Spyware 104
article thumbnail

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

The Hacker News

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.

Malware 133
article thumbnail

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

The U.S. government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). In a joint advisory released by the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) , organizations in the Water and Wastewater Systems sector are urged to secure HMIs, which provide critical access to industrial machines and control systems.

Internet 106
article thumbnail

Want to save your old computer? Try these 6 Linux distros

Zero Day

Here's how to save money, reduce e-waste, and extend the life of your old hardware at the same time.

130
130
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

ConnectOnCall data breach impacted over 900,000 individuals

Security Affairs

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.

article thumbnail

Astrill VPN Review: Features, Performance, and Insights

Tech Republic Security

Uncover the pros and cons of Astrill VPN. Explore its speed, security, and features to see if its the right choice for privacy and performance.

VPN 131
article thumbnail

MUT-1244 Campaign Steals Hundreds of Thousands of WordPress Credentials and More

SecureWorld News

Researchers at Datadog Security Labs have uncovered a year-long, large-scale cybercrime campaign by a threat actor tracked as MUT-1244. This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. Additionally, sensitive SSH private keys and AWS access keys were exfiltrated from compromised systems, implicating a diverse victim pool of red teamers, penetration testers, security researchers, and other malicious a

Phishing 107
article thumbnail

7 Android widgets to make your phone or tablet more useful

Zero Day

If you like your Android home screen to give you quick access to information, services, and apps, you should consider adding a small collection of widgets.

130
130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

The Hacker News

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

article thumbnail

The Mask APT is back after 10 years of silence

Security Affairs

Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used its WorldClient webmail component to maintain persistence within the compromised organization. “The persistence method used by the threat actor was based on

article thumbnail

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. To keep up, organizations must stay ahead of these developments. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. For cybersecurity leaders and organizations, staying ahead of cybersecurity industry trends is crucial for safeguarding assets and maintaining trust.

article thumbnail

No one wants another chatbot. This is the AI we actually need

Zero Day

Fundamental advancements are still needed to turn today's chatbots into something more -- something that can sense when we're stressed or overwhelmed, not just when we need another PDF summarized.

130
130
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!