Sat.Dec 07, 2024 - Fri.Dec 13, 2024

article thumbnail

Cybersecurity News Round-Up 2024: 10 Biggest Stories That Dominated the Year

Tech Republic Security

TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.

CISO 180
article thumbnail

Jailbreaking LLM-Controlled Robots

Schneier on Security

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Full-Face Masks to Frustrate Identification

Schneier on Security

This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.

284
284
article thumbnail

Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published

Penetration Testing

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. This vulnerability, with a CVSS score of 7.8, poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Patch Tuesday, December 2024 Edition

Krebs on Security

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138 , a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.

article thumbnail

Weekly Update 429

Troy Hunt

A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by:  Cyberattacks are guaranteed.

InfoSec 221

More Trending

article thumbnail

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

Tech Republic Security

December marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft.

Software 155
article thumbnail

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Malwarebytes

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted for the murder of Dutch journalist Peter R. de Vries in 2021.

article thumbnail

Quantum Threats and How to Protect Your Data

SecureWorld News

Quantum computing brings both opportunities for advancement and significant security challenges. Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. Despite media hype suggesting potential for "cracking military-grade encryption," experts clarify that these achievements neither target nor compromise robust methods like AES, TLS, or other military-grade algorithms.

article thumbnail

CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution

Penetration Testing

A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as CVE-2024-53247... The post CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Google Launches Gemini 2.0 with Autonomous Tool Linking

Tech Republic Security

Gemini 2.0 Flash is available now, with other model sizes coming in January. It adds multilingual voice output, image output, and some trendy agentic capabilities.

article thumbnail

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare facility located in Newburyport, Massachusetts.

article thumbnail

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

The Hacker News

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.

135
135
article thumbnail

CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution

Penetration Testing

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to... The post CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats

Tech Republic Security

Australian IT pros are urged to strengthen defenses as Chinese cyber threats target critical infrastructure and sensitive data.

article thumbnail

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.), Croatia’s largest dry cargo concessionaire, provides maritime traffic services, port operations, and cargo storage.

article thumbnail

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

The Hacker News

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account.

article thumbnail

OpenAI rolls out Canvas to all ChatGPT users - and it's a powerful productivity tool

Zero Day

For 12 days, the OpenAI daily live stream is unveiling 'new things, big and small.' Here's what's new today.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Prepare for 2025 with This CompTIA Training Bundle for $50

Tech Republic Security

Learn at your own pace from your own space with lifetime Access to 310+ hours of learning from IT experts.

145
145
article thumbnail

Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382

Penetration Testing

Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

article thumbnail

Quantum Computing: An Impending Threat to the Current PKI Systems

Security Boulevard

By proactively assessing vulnerabilities and planning for the integration of quantum-resistant cryptographic solutions, enterprises can safeguard their digital assets against future threats. The post Quantum Computing: An Impending Threat to the Current PKI Systems appeared first on Security Boulevard.

article thumbnail

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

The Hacker News

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.

Mobile 131
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack

Tech Republic Security

Chinese cybersecurity firm Sichuan Silence has been sanctioned for exploiting a vulnerability in Sophos firewalls used at critical infrastructure organizations in the U.S.

article thumbnail

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

When most people think of Krispy Kreme, they picture warm, glazed doughnuts and coffee, not cyberattacks. Yet, the recent cybersecurity breach at the beloved doughnut chain highlights critical lessons for organizations of all sizes and industries. The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised.

article thumbnail

Romanian energy supplier Electrica Group is facing a ransomware attack

Security Affairs

Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. Romanian energy supplier Electrica Group suffered a cyber attack that is impacting its operations. The company assured investors that the attack hadn’t affected its critical systems, but temporary disruptions in customer services might occur due to enhanced security protocols.

article thumbnail

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

The Hacker News

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News.

Malware 128
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value?

Tech Republic Security

Compare CrowdStrike and Wiz on cloud security, features, pricing, and performance to find the best cybersecurity solution for your business needs.

article thumbnail

AMD Chip VM Memory Protections Broken by BadRAM

Security Boulevard

Researchers in Europe unveil a vulnerability dubbed "BadRAM" that hackers can easily exploit using $10 hardware to bypass protections in AMD's Eypc server processors used in cloud environments and expose sensitive data stored in memory. The post AMD Chip VM Memory Protections Broken by BadRAM appeared first on Security Boulevard.

article thumbnail

The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come

WIRED Threat Level

The design of the gun police say they found on the alleged United Healthcare CEO's killerthe FMDA or Free Men Dont Askwas released by a libertarian group.

article thumbnail

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

The Hacker News

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.

DNS 127
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!