This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Apple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more.
Where next for cyber in 2024? Here’s part two of your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.
It's that time of the year again, time to head from the heat to the cold as we jump on the big plane(s) back to Europe. The next 4 weekly updates will all be from places of varying degrees colder than home, most of them done with Scott Helme too so they'll be a little different to usual. For now, here's a pretty casual Christmas edition, see you next week from the other side 🙂 References Sponsored by: Unpatched devices keeping you up at night?
KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Save on tech services or switch to a lucrative new tech career in 2024 by training at your own pace to develop high-demand cybersecurity skills. On sale from 12/26 through 1/1.
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.
Today, on December 27, 2023, we ( Boris Larin , Leonid Bezvershenko , and Georgy Kucherin ) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov , Valentin Pashkov , and Mikhail Vinogradov.
Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that don’t do justice to their true desires. Artificial intelligence has the potential to remove that limitation.
With cyberthreats and cyberattacks always on the rise, developing security and risk management skills could be one of the best moves for your business or career.
The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. [.
Wow : To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location.
The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on var
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [.
Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think they’ve found a better balance.
Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. However, now cybercriminals have AI to write their emails, which might well improve their phishing success rates.
Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.
OpenSSH, a critical component in secure networking, has recently faced a formidable challenge. A now-patched security vulnerability, with a CVSS score of 9.8, threatened the very core of its secure channel operations. Identified as... The post CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat appeared first on Penetration Testing.
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania. The telecom carrier disclosed the cyber attack with a post published on Facebook, the company also added that the cyber attack did not interrupt its services. “Today, we identi
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts. [.
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.
An often heard remark is that when your security solution notices a ransomware attack, it’s already too late. There’s a lot of truth in that, if you consider the encryption process to be the ransomware attack. However, these days encryption is just a part of many ransomware attacks. Some of the cybercriminals we conveniently call ransomware groups have even completely stopped using the encryption process because it’s too “noisy.
Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”). The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. [.
In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites through Google search results, providing a veneer of authenticity to their malicious intent.
A joint law enforcement operation led by Europol and the ENISA, along with private security firms, identified 443 online shops compromised with digital skimming. Europol, ENISA, and private security firms Group-IB and Sansec collaborated in a joint law enforcement operation, uncovering 443 online shops affected by digital skimming. The operation is part of EMPACT priority, a law enforcement activity targeting the criminals behind online fraud schemes.
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Input your email to sign up, or if you already have an account, log in here!
Enter your email address to reset your password. A temporary password will be e‑mailed to you.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
344 
Let's personalize your content