Tech Republic Security

JANUARY 11, 2024

Looking for the best anonymous (no-log) VPN? Check out our comprehensive list to find the top VPN services that prioritize anonymity and security.

VPN 169

VPN 169

Schneier on Security

JANUARY 10, 2024

In 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks in,” a vaguely robotic voice says as images of cheeseburgers glitch in and out over fake computer code. “BK presents Hangover Whopper, a technology that

Marketing 319

Marketing Technology 319

Joseph Steinberg

JANUARY 10, 2024

Cybersecurity For Dummies , the best-selling cybersecurity book written for general audiences by Joseph Steinberg , is now available in Portuguese. Like its English, French, Dutch, and German counterparts, the Portuguese edition, entitled Cibersegurança Para Leigos , and published in Brazil, helps people stay cyber-secure regardless of their technical skillsets.

Cybersecurity 286

Cybersecurity Artificial Intelligence Data breaches Malware 286

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

Cryptocurrency 275

Cryptocurrency Government Cybercrime Accountability 275

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

JANUARY 7, 2024

It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent

Data breaches 241

Data breaches Accountability 241

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

IoT 313

IoT Software Manufacturing Internet 313

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

Cybercrime 210

Cybercrime Banking Computers and Electronics DDOS 210

Tech Republic Security

JANUARY 12, 2024

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 172

VPN Cybersecurity Network Security 172

Schneier on Security

JANUARY 9, 2024

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

Malware 311

Malware Banking Authentication Passwords 311

Trend Micro

JANUARY 11, 2024

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

Malware 145

Malware 145

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

Malwarebytes

JANUARY 11, 2024

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue.

Accountability 145

Accountability Authentication Passwords Malware 145

Tech Republic Security

JANUARY 9, 2024

ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.

Antivirus 178

Antivirus Malware Spyware Ransomware 178

Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

Technology 289

Technology 289

Bleeping Computer

JANUARY 12, 2024

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

142

142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JANUARY 10, 2024

AirDrop hashing is weaksauce: Chinese citizens using peer-to-peer wireless comms “must be identified.” The post China Cracks Apple Private Protocol — AirDrop Pwned appeared first on Security Boulevard.

Wireless 135

Wireless Social Engineering Firewall Data privacy 135

Tech Republic Security

JANUARY 10, 2024

While its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.

VPN 155

VPN Marketing 155

Schneier on Security

JANUARY 11, 2024

Add pharmacies to the list of industries that are giving private data to the police without a warrant.

Healthcare 317

Healthcare Data privacy 317

Bleeping Computer

JANUARY 12, 2024

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [.

Firewall 140

Firewall 140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Trend Micro

JANUARY 8, 2024

Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.

Malware 143

Malware Phishing 143

Tech Republic Security

JANUARY 7, 2024

A web browser is an indispensable feature of every computer and, in some cases, the only truly essential feature (such as with Google Chromebooks). The purpose of this policy from TechRepublic Premium is to provide guidelines for the secure configuration and use of web browsers on company systems. It also includes steps for remediation and.

Software 132

Software 132

Security Affairs

JANUARY 7, 2024

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements.

Cryptocurrency 133

Cryptocurrency Marketing Hacking Data breaches 133

Bleeping Computer

JANUARY 10, 2024

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [.

136

136

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

JANUARY 8, 2024

A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world.

Malware 128

Malware 128

Security Boulevard

JANUARY 8, 2024

As the SEC gets tough on businesses' cybersecurity posture, IT security leaders will need to beef up incident response plans. The post SEC Cyber Incident Reporting Rules Pressure IT Security Leaders appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity Data breaches CISO Risk 128

Security Affairs

JANUARY 6, 2024

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family. Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444 ).

Malware 131

Malware Phishing Hacking Information Security 131

Bleeping Computer

JANUARY 11, 2024

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. [.

Risk 133

Risk Authentication 133

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 126

Passwords Firewall Marketing Authentication 126

Security Boulevard

JANUARY 11, 2024

A Netskope report revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023. The post Netskope Report Surfaces Raft of Cybersecurity Challenges appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Phishing Social Engineering Engineering 126

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

Authentication 131

Authentication Software Passwords Hacking 131

Bleeping Computer

JANUARY 11, 2024

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. [.

Encryption 127

Encryption 127

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity