Sat.Nov 23, 2024 - Fri.Nov 29, 2024

article thumbnail

Video: Cybersecurity Tips for Small Businesses

eSecurity Planet

Are you doing enough to protect your small business from hackers? In this video, our expert explores common cyber threats and shares actionable cybersecurity tips to safeguard your small business, from securing your network to keeping your software up to date. Read more: Complete Guide to Cybersecurity for Small Businesses The post Video: Cybersecurity Tips for Small Businesses appeared first on eSecurity Planet.

article thumbnail

Is Your Phone Spying On You? How to Check and What to Do

Lohrman on Security

Has your smartphone become a listening device? Are your apps gleaning information from your conversations? How can you check and what can you do to regain more privacy? Let’s explore.

272
272
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Graykey Can and Can’t Unlock

Schneier on Security

This is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media.

Media 283
article thumbnail

Australia Passes Groundbreaking Cyber Security Law to Boost Resilience

Tech Republic Security

Australia's landmark Cyber Security Act has been passed, setting new standards for incident reporting, ransomware payments, and critical infrastructure protection.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

The Hacker News

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.

144
144
article thumbnail

macOS Vulnerability (CVE-2023-32428) Grants Root Access, PoC Published

Penetration Testing

Security researcher Gergely Kalman has detailed a high-severity vulnerability in Apple’s MallocStackLogging framework that could allow attackers to gain local privilege escalation (LPE) on macOS systems. The flaw, designated CVE-2023-32428... The post macOS Vulnerability (CVE-2023-32428) Grants Root Access, PoC Published appeared first on Cybersecurity News.

LifeWorks

More Trending

article thumbnail

The source code of Banshee Stealer leaked online

Security Affairs

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. BANSHEE Stealer supports basic evasion techniques, relies on the sysctl API to detect debugging and checks for virtualization by running a command to see if “Virtual” appears in the hardware model identifier

Malware 144
article thumbnail

Medical testing company LifeLabs failed to protect customer data, report finds

Malwarebytes

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation.

article thumbnail

CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!

Penetration Testing

A high-severity vulnerability (CVE-2024-11477) has been discovered in the popular file archiver 7-Zip, potentially allowing attackers to execute malicious code on vulnerable systems. The flaw, identified by Nicholas Zubrisky of... The post CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! appeared first on Cybersecurity News.

article thumbnail

APT trends report Q3 2024

SecureList

Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about.

Malware 117
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

The U.S. seized the stolen credit card marketplace PopeyeTools and charged its operators, this is a major success against cybercrime. The US Department of Justice announced the seizure of PopeyeTools, an illegal carding platform, and charges against three administrators (Abdul Ghaffar (25), of Pakistan; Abdul Sami (35) of Pakistan; and Javed Mirza (37), of Afghanistan).

article thumbnail

The Funnel of Justice: Why U.K. Cybercrime Victims Are Left Behind

SecureWorld News

New Insights from The Cyber Helpline reveal a shocking gap in the justice system for cybercrime victims in the U.K. The report-- The Funnel of Justice: Understanding Reporting Gaps, Judicial Outcomes and Taxonomic Concerns in Cybercrime and Online Harm Victimisation --is an in-depth investigation highlighting the stark realities that cybercrime victims face.

article thumbnail

Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921)

Penetration Testing

Palo Alto Networks has issued a security advisory warning of a vulnerability in its GlobalProtect app that could allow attackers to install malicious software on endpoints. The vulnerability, identified as... The post Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921) appeared first on Cybersecurity News.

Software 136
article thumbnail

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q3 2024: Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources.

Mobile 105
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Security Affairs

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries and dismantled 134,089 malicious networks. A joint law enforcement operation by INTERPOL and AFRIPOL across 19 African countries, dubbed Operation Serengeti, led to the arrest of 1,006 suspects. The authorities dismantled 134,089 malicious infrastructures and networks. “Operation Serengeti (2 September – 31 October) targeted criminals behind ransomware, business email compromise (BEC), digital extortion and

Scams 120
article thumbnail

10 Benefits of Leading a Cybersecurity Management Review

SecureWorld News

I just wrapped up a management review for our cybersecurity program (which is called an Information Security Management System (ISMS) in ISO 27001), and it got me thinking about how valuable these reviews are—not just for meeting compliance requirements like ISO 27001, but for driving real improvements in how we approach cybersecurity. If you’re not familiar, a management review is a formal meeting where you evaluate the performance of your cybersecurity program.

article thumbnail

CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover

Penetration Testing

A critical-severity vulnerability has been discovered in FluentSMTP, a widely used WordPress plugin designed to optimize email deliverability. Tracked as CVE-2024-9511 and assigned a CVSS v3.1 score of 9.8, the... The post CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover appeared first on Cybersecurity News.

article thumbnail

IT threat evolution Q3 2024

SecureList

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

Thai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they used fake cell towers to send thousands of malicious SMS messages to nearby phones. Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. The crooks were driving through Bangkok’s streets while sending hundreds of thousands of malicious SMS text messages to nearby cell phones. “One of these gangs had disguised themselves as a legitim

Mobile 125
article thumbnail

Better Prioritization and Network Clarity Can Close the Gap Between Application Security and Speed

Security Boulevard

A strategic approach to achieving speed without sacrificing protection requires a deliberate focus on application connectivity. The post Better Prioritization and Network Clarity Can Close the Gap Between Application Security and Speed appeared first on Security Boulevard.

article thumbnail

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Responsible Cyber

The Digital Operational Resilience Act (DORA) is a regulatory framework established by the European Union to enhance the digital operational resilience of financial entities. Effective from January 2025, DORA mandates that financial institutions implement robust measures to manage Information and Communication Technology (ICT) risks, with a significant emphasis on Third-Party Risk Management (TPRM).

Risk 105
article thumbnail

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

Penetration Testing

Aqua Nautilus researchers have uncovered a major Distributed Denial-of-Service (DDoS) campaign led by a threat actor operating under the name Matrix. This operation, detected through honeypot activities, showcases a concerning... The post 35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat appeared first on Cybersecurity News.

DDOS 119
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks.

Phishing 114
article thumbnail

The Cyberthreats from China are Ongoing: U.S. Officials

Security Boulevard

U.S. officials are pushing back at the ongoing threats posted by Chinese state-sponsored hackers like Volt Typhoon and Salt Typhoon, which have infiltrated critical infrastructure organizations to steal information and preposition themselves in case of a conflict breaking out between the two countries. The post The Cyberthreats from China are Ongoing: U.S.

article thumbnail

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Malwarebytes

Spotify and Amazon services have been flooded with bogus listings that push dubious “forex trading” sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and links into playlist names to make their entries rank high in Google search results.

Scams 118
article thumbnail

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed

Penetration Testing

Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI repository. The malicious package, named aiocpa, posed as a legitimate crypto client tool,... The post Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. Russian authorities arrested a ransomware affiliate, Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin), and charged him for developing malware and his role in several hacking groups.

article thumbnail

Huge Leak of Customer Data Includes Military Personnel Info

Security Boulevard

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The company, based in California, also has links to China, Cybernews researchers wrote. The post Huge Leak of Customer Data Includes Military Personnel Info appeared first on Security Boulevard.

article thumbnail

Travel Safe: Cybersecurity Tips for Your Next Vacation

SecureWorld News

Even if you leave your desktop computer at home, you'll probably stay connected when you're vacationing—you can check your phone on the beach or on a mountaintop. Travelers often rely on technology to enhance vacations, like by sharing photos online or finding lodging on an app. As you embark upon your next adventure, remain cyber safe following some simple practices to keep your vacation plans free from cybercriminal meddling.

article thumbnail

Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC

Penetration Testing

Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version 1 certificate templates, allowing attackers... The post Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!