Schneier on Security

AUGUST 29, 2024

The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia

Engineering 349

Engineering Internet Internet 349

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Internet 340

Internet Internet Technology Engineering 340

Troy Hunt

AUGUST 29, 2024

It was 2019 that I was last in North America, spending time in San Francisco, Los Angeles, Vegas, Denver, Minnesota, New York and Seattle. The year before, it was Montreal and Vancouver and since then, well, things got a bit weird for a while. It's a shame it's been this long because North America is such an important part of the world for so many of the things we (including Charlotte in this too) do; it's the lion's share of the audience for my content, the companies whose s

Government 310

Government Cybersecurity 310

Lohrman on Security

AUGUST 25, 2024

The FBI launched a new nationwide campaign this past week to raise awareness of the surge in online fraud and scams impacting the public and to encourage reporting to law enforcement.

Scams 288

Scams 288

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

AUGUST 26, 2024

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted.

Data privacy 339

Data privacy 339

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.

Phishing 314

Phishing Scams Mobile Advertising 314

Tech Republic Security

AUGUST 27, 2024

The number of organisations that experienced a SaaS data breach in the last 12 months is 5% higher than the previous year according to AppOmni.

Data breaches 203

Data breaches CISO 203

Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 334

Encryption 334

Penetration Testing

AUGUST 28, 2024

A critical vulnerability (CVE-2024-43425) has been identified in Moodle, a widely-used Learning Management System. This flaw could enable attackers to execute malicious code on affected servers, potentially compromising sensitive student... The post CVE-2024-43425: Moodle Remote Code Execution Vulnerability, PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

We Live Security

AUGUST 28, 2024

ESET research uncovers a vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by South Korea-aligned cyberespionage group APT-C-60 to target East Asian countries. Analysis of the vendor’s silently released patch led to the discovery of another vulnerability CVE-2024-7263).

145

145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

AUGUST 29, 2024

Threat actors are abusing Microsoft Sway to host QR Code phishing campaigns.

Phishing 195

Phishing 195

Schneier on Security

AUGUST 27, 2024

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.

Surveillance 326

Surveillance 326

Penetration Testing

AUGUST 26, 2024

In a significant development for cybersecurity professionals, security researcher Ynwarcs has published an in-depth analysis and proof-of-concept (PoC) exploit code for a critical zero-click CVE-2024-38063 vulnerability in Windows TCP/IP. This... The post Zero-Click Windows RCE Threat: Researcher Publishes PoC Exploit for CVE-2024-38063 appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

AUGUST 24, 2024

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation.

143

143

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

AUGUST 26, 2024

While CyberGhost VPN’s optimized servers bring a lot of value, NordVPN’s more consistent speed performance and extensive feature inclusions give it the slight edge.

VPN 192

VPN 192

Security Affairs

AUGUST 24, 2024

Recently, researchers warned vacuum and lawn mower robots made by Ecovacs could be hacked to spy on their owners, the company will fix it. During the recent Def Con hacking conference, security researchers Dennis Giese and Braelynn explained that attackers can exploit flaws in vacuum and lawn mower robots made by Ecovacs to spy on their owners. The researchers analyzed the following devices: Ecovacs Deebot 900 Series, Ecovacs Deebot N8/T8, Ecovacs Deebot N9/T9, Ecovacs Deebot N10/T10, Ecovacs De

Hacking 142

Hacking Authentication Accountability Information Security 142

Penetration Testing

AUGUST 26, 2024

A severe security flaw (CVE-2024-6386, CVSS 9.9) has been discovered in the widely-used WPML plugin for WordPress, potentially exposing over one million websites to the risk of complete takeover. The... The post CVE-2024-6386 (CVSS 9.9) in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks appeared first on Cybersecurity News.

Risk 144

Risk Cybersecurity 144

Malwarebytes

AUGUST 27, 2024

In April 2024, the FBI warned about a new type of smishing scam. Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees. The scammers send a text claiming that the recipient owes money for unpaid tolls. Redacted example of toll smishing text “PA Turnpike Toll Services: We’ve noticed an outstanding toll amount of $12.51 on your record.

Scams 139

Scams Identity Theft Mobile Phishing 139

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

AUGUST 29, 2024

There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability.

184

184

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts pointed out that the persistence method employed by this malware is currently undocumented by MITRE ATT&CK.

Malware 141

Malware Hacking Ransomware Cybercrime 141

The Hacker News

AUGUST 26, 2024

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.

Engineering 139

Engineering 139

Penetration Testing

AUGUST 29, 2024

A critical vulnerability has been found in TP-Link RE365 V1_180213 series routers, leaving them susceptible to remote exploitation and potential takeover. Identified as CVE-2024-42815 and carrying a near-perfect CVSS score... The post CVE-2024-42815 (CVSS 9.8): Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE appeared first on Cybersecurity News.

Cybersecurity 138

Cybersecurity 138

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

AUGUST 27, 2024

Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this in-depth guide.

175

175

SecureList

AUGUST 27, 2024

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server.

Malware 137

Malware Wireless Encryption Password Management 137

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527 (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote attackers to execute arbitrary code on vulnerable Confluence installs.

Cryptocurrency 136

Cryptocurrency Risk Hacking Cybercrime 136

The Hacker News

AUGUST 25, 2024

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia.

Malware 135

Malware Banking Cybersecurity 135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

AUGUST 29, 2024

While Proton VPN’s strong focus on privacy is enticing, NordVPN’s fast-performing and all-around VPN service is the better overall package between the two.

VPN 173

VPN 173

We Live Security

AUGUST 27, 2024

Out-of-date Internet of Things (IoT) devices can easily become exploited by bad actors looking to use them for their own agenda.

IoT 133

IoT Risk Internet Internet 133

Security Affairs

AUGUST 25, 2024

French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity. Pavel Durov, the founder and CEO of Telegram , was arrested at Bourget airport near Paris on Saturday evening. According to the media, the arrest is linked to an investigation in France concerning the lack of content moderators on Telegram, which authorities believe advantaged criminal activity. “Durov was travelling aboard his private jet, T

Media 136

Media Encryption Hacking Cybercrime 136

The Hacker News

AUGUST 28, 2024

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections.

Ransomware 131

Ransomware 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!