Sat.Oct 12, 2024 - Fri.Oct 18, 2024

article thumbnail

Generative AI in Security: Risks and Mitigation Strategies

Tech Republic Security

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk 171
article thumbnail

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

Tech Republic Security

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Misinformation, Online Scams Surging Following Historic Hurricanes

Lohrman on Security

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 265
article thumbnail

NIS 2 Compliance Deadline Arrives: What You Need to Know

Tech Republic Security

The NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple Enrages IT — 45-Day Cert Expiration Fury

Security Boulevard

CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators. The post Apple Enrages IT — 45-Day Cert Expiration Fury appeared first on Security Boulevard.

article thumbnail

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Schneier on Security

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand.

Marketing 264

More Trending

article thumbnail

Weekly Update 421

Troy Hunt

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any att

article thumbnail

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Tech Republic Security

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT 171
article thumbnail

Perfectl Malware

Schneier on Security

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on ma

Malware 226
article thumbnail

CISOs Concerned Over Growing Demands of Role

Security Boulevard

There are growing concerns among chief information security officers (CISOs) about the evolving demands of their role, with 84% advocating for a split into separate technical and business-focused positions. The Trellix and Vanson Bourne survey of 5,000 CISOs and IT security leaders found that as cybersecurity threats grow more complex and regulatory frameworks expand, there.

CISO 134
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 133
article thumbnail

Engaging Executives: How to Present Cybersecurity in a Way That Resonates

Tech Republic Security

Getting buy-in can be difficult. Safe-U founder and CEO Jorge Litvin explains how to create a common language between the CISO and the rest of the C-suite.

CISO 146
article thumbnail

Justice Department Indicts Tech CEO for Falsifying Security Certifications

Schneier on Security

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.

article thumbnail

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

The Hacker News

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

“Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them

Malwarebytes

Millions of people are turning normal pictures into nude images, and it can be done in minutes. Journalists at Wired found at least 50 “nudify” bots on Telegram that claim to create explicit photos or videos of people with only a couple of clicks. Combined, these bots have millions of monthly users. Although there is no sure way to find out how many unique users that are, it’s appalling, and highly likely there are much more than those they found.

Media 135
article thumbnail

Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

Tech Republic Security

This indicates that the most prominent ransomware groups are succumbing to law enforcement takedowns, according to researchers from Cyberint.

article thumbnail

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

article thumbnail

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Hacker News

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.

134
134
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Trend Micro

Trend Micro's Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity.

article thumbnail

99% of UK Businesses Faced Cyber Attacks in the Last Year

Tech Republic Security

Almost all businesses in the U.K. were breached by cyber attackers in the last 12 months, a report has found.

article thumbnail

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers. According to research by IBM Corp. and the Ponemon Institute, the average security breach cost reached $4.88 million in 2024 — 10% more than the previous year and the highest averag

article thumbnail

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

The Hacker News

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133.

127
127
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid. And none of that has to do with who wins. According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.

Scams 125
article thumbnail

SentinelOne CISO Identifies ‘Most Pressing Concern’ for Cyber Professionals

Tech Republic Security

SentinelOne’s Alex Stamos sees a future where defenders have the advantage when it comes to generative AI. At least until it can write exploit code.

CISO 138
article thumbnail

IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals

Security Boulevard

A report finds a third (33%) of the cloud security incidents investigated by IBM Security X-Force researchers, involved phishing attacks to steal credentials, followed closely by 28% of incidents that involved attacks where cybercriminals had already obtained some type of valid credential. The post IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals appeared first on Security Boulevard.

Phishing 126
article thumbnail

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

The Hacker News

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

WIRED Threat Level

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

article thumbnail

Urban VPN Review (2024): Is it a Safe & Reliable VPN to Use?

Tech Republic Security

With its questionable privacy policy, slow VPN performance, and lack of independent audits, Urban VPN fails to offer a secure and quality VPN experience.

VPN 134
article thumbnail

Gmail Scam Alert: Hackers Spoof Google to Steal Credentials

Penetration Testing

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for... The post Gmail Scam Alert: Hackers Spoof Google to Steal Credentials appeared first on Cybersecurity News.

Scams 124
article thumbnail

Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems

The Hacker News

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.

Software 128
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.