Tech Republic Security
DECEMBER 23, 2024
A look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025.
Tech Republic Security
DECEMBER 23, 2024
Patch management software ensures that known vulnerabilities are patched efficiently to prevent breaches while streamlining IT workflows. Find the best patch management solution for your business.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 26, 2024
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.
Zero Day
DECEMBER 24, 2024
In just two years, AI has gone from hype to essential skill, offering massive productivity gains and increasing creativity among teams who use it. Here's how.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
DECEMBER 24, 2024
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Joseph Steinberg
DECEMBER 21, 2024
Australia recently enacted legislation to ban children under 16 from using social media a policy that the Australian government plans to enforce through the use of untested age-verification technology. While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureList
DECEMBER 23, 2024
Introduction Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We’re shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code.
Lohrman on Security
DECEMBER 27, 2024
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions, forecasts, trends and outlook reports from the top security industry vendors, technology magazines, expert thought leaders and more.
Penetration Testing
DECEMBER 22, 2024
The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range... The post CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability appeared first on Cybersecurity News.
Security Affairs
DECEMBER 21, 2024
Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones. Bitsight researchers uncovered new BADBOX infrastructure, company’s telemetry shows that over192,000 devices were infected with the BADBOX bot. The botnet includes 160,000 previously unseen devices, notably Yandex 4K QLED Smart TVs and T963 Hisense Smartphones.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
DECEMBER 27, 2024
A popular saying is: To err is human, but to really foul things up you need a computer. Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI). And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then its that when humans and AI cooperate, amazing things can happen.
SecureWorld News
DECEMBER 23, 2024
IT support is a fundamental requirement for operational productivity and system uptime for any industry. Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.
Penetration Testing
DECEMBER 22, 2024
The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to... The post NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager appeared first on Cybersecurity News.
Security Affairs
DECEMBER 25, 2024
Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to North Korean cyber actors. Japanese and U.S. authorities linked the $308 million cyber heist targeting cryptocurrency company DMM Bitcoin to North Korea-linked threat actors. On June 1st, the Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
DECEMBER 22, 2024
Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period. Understanding these threats is crucial for effective defense.
Doctor Chaos
DECEMBER 26, 2024
Enabling Remote Desktop Protocol (RDP) on Kali Linux allows you to access the system remotely with a graphical interface. Below is a step-by-step guide to setting up and enabling RDP on Kali Linux, ensuring you understand each step fully and avoid potential pitfalls.
Penetration Testing
DECEMBER 24, 2024
Researchers Jonathan Beierle and Logan Goins have uncovered a novel offensive tactic leveraging Microsofts Windows Defender Application Control (WDAC). Their research highlights how adversaries can weaponize WDAC to disable Endpoint... The post Weaponizing Windows Defender: New Attack Bypasses EDR appeared first on Cybersecurity News.
Security Affairs
DECEMBER 23, 2024
A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
DECEMBER 27, 2024
Shouldve used MFA: $T loses yet more customer datathis time, from almost all of them. The post Best of 2024: AT&T Says 110M Customers Data Leaked Yep, its Snowflake Again appeared first on Security Boulevard.
Schneier on Security
DECEMBER 27, 2024
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.
Penetration Testing
DECEMBER 24, 2024
Renowned for cyber espionage activities targeting critical sectors in the Middle East, OilRig, also known as APT34 or Helix Kitten operates with precision, exploiting vulnerabilities and employing advanced techniques to... The post CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability appeared first on Cybersecurity News.
Security Affairs
DECEMBER 26, 2024
A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19. Pittsburgh Regional Transit (PRT) is the public transportation agency that serves the Pittsburgh metropolitan area in Pennsylvania, USA.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
DECEMBER 23, 2024
A hack of health care services provider ConnectOnCall exposed the sensitive data of more than 914,000 users, the latest proof point of the growing interest threat actors have in targeting hospitals and other health care organizations. The post Health Care Data of Almost 1 Million ConnectOnCall User Exposed appeared first on Security Boulevard.
Schneier on Security
DECEMBER 23, 2024
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Penetration Testing
DECEMBER 24, 2024
Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. The backdoor was uncovered during a forensic investigation into a compromised Palo Alto Networks device. Attackers... The post CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices appeared first on Cybersecurity News.
Security Affairs
DECEMBER 26, 2024
A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday. A cyber attack hit Japan Airlines (JAL) on Thursday, the offensive began at 7:24 a.m. and impacted internal and external systems. The Associated Press reported that the attack disabled a router, causing system malfunctions and suspending ticket sales for Thursday departures.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 26, 2024
What is a SIEM? SIEM solutions enable enterprises to monitor and analyze security-related data from a variety of sources, such as firewalls, intrusion detection systems (IDS), and endpoint security devices. By collecting and analysing this data, companies can spot patterns that may signal a security breach, allowing them to take quick and appropriate action to [] The post The Best SIEM Tools To Consider in 2024 appeared first on Centraleyes.
SecureList
DECEMBER 27, 2024
Statistics across all threats In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp to 22% when compared to the previous quarter. Percentage of ICS computers on which malicious objects were blocked, by quarter, 20222024 Compared to the third quarter of 2023, the percentage decreased by 1.7 pp.
Penetration Testing
DECEMBER 24, 2024
A critical-severity security flaw has been uncovered in Apache Traffic Control, a popular open-source platform used to build large-scale content delivery networks (CDNs). This vulnerability, identified as CVE-2024-45387 and assigned... The post CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control appeared first on Cybersecurity News.
Security Affairs
DECEMBER 27, 2024
Palo Alto Networks addressed a high-severity PAN-OS flaw that could trigger denial-of-service (DoS) on vulnerable devices. Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. An unauthenticated attacker can exploit this vulnerability to reboot the firewall by sending a malicious packet through its data plane.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
205 
Let's personalize your content