Sat.Jan 06, 2024 - Fri.Jan 12, 2024

article thumbnail

6 Best Anonymous (No-Log) VPNs for 2024

Tech Republic Security

Looking for the best anonymous (no-log) VPN? Check out our comprehensive list to find the top VPN services that prioritize anonymity and security.

VPN 167
article thumbnail

Cibersegurança Para Leigos: Best-Selling “Cybersecurity For Dummies” Book Now Available In Portuguese

Joseph Steinberg

Cybersecurity For Dummies , the best-selling cybersecurity book written for general audiences by Joseph Steinberg , is now available in Portuguese. Like its English, French, Dutch, and German counterparts, the Portuguese edition, entitled Cibersegurança Para Leigos , and published in Brazil, helps people stay cyber-secure regardless of their technical skillsets.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facial Scanning by Burger King in Brazil

Schneier on Security

In 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks in,” a vaguely robotic voice says as images of cheeseburgers glitch in and out over fake computer code. “BK presents Hangover Whopper, a technology that

Marketing 280
article thumbnail

Here’s Some Bitcoin: Oh, and You’ve Been Served!

Krebs on Security

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Weekly Update 381

Troy Hunt

It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent

article thumbnail

Newly Discovered Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems

Tech Republic Security

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 170

More Trending

article thumbnail

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

article thumbnail

Info-stealers can steal cookies for permanent access to your Google account

Malwarebytes

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue.

article thumbnail

Award Winning Antivirus, On Sale for $25, Offers Elite Protection from Malware

Tech Republic Security

ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.

Antivirus 176
article thumbnail

PIN-Stealing Android Malware

Schneier on Security

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

Malware 271
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

CISA: Critical Microsoft SharePoint bug now actively exploited

Bleeping Computer

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

142
142
article thumbnail

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trend Micro

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

Malware 139
article thumbnail

Mullvad VPN Review (2023): Features, Pricing, Security & Speed

Tech Republic Security

While its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.

VPN 153
article thumbnail

Second Interdisciplinary Workshop on Reimagining Democracy

Schneier on Security

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Juniper warns of critical RCE bug in its firewalls and switches

Bleeping Computer

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [.

Firewall 140
article thumbnail

Joomla! vulnerability is being actively exploited

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 134
article thumbnail

Secure Browser Usage Policy

Tech Republic Security

A web browser is an indispensable feature of every computer and, in some cases, the only truly essential feature (such as with Google Chromebooks). The purpose of this policy from TechRepublic Premium is to provide guidelines for the secure configuration and use of web browsers on company systems. It also includes steps for remediation and.

Software 131
article thumbnail

Pharmacies Giving Patient Records to Police without Warrants

Schneier on Security

Add pharmacies to the list of industries that are giving private data to the police without a warrant.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Windows 10 KB5034441 security update fails with 0x80070643 errors

Bleeping Computer

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [.

137
137
article thumbnail

China Cracks Apple Private Protocol — AirDrop Pwned

Security Boulevard

AirDrop hashing is weaksauce: Chinese citizens using peer-to-peer wireless comms “must be identified.” The post China Cracks Apple Private Protocol — AirDrop Pwned appeared first on Security Boulevard.

Wireless 135
article thumbnail

Stuxnet: The malware that cost a billion dollars to develop?

Graham Cluley

A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world.

Malware 129
article thumbnail

Iranian crypto exchange Bit24.cash leaks user passports and IDs

Security Affairs

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Over 150k WordPress sites at takeover risk via vulnerable plugin

Bleeping Computer

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. [.

Risk 133
article thumbnail

SEC Cyber Incident Reporting Rules Pressure IT Security Leaders

Security Boulevard

As the SEC gets tough on businesses' cybersecurity posture, IT security leaders will need to beef up incident response plans. The post SEC Cyber Incident Reporting Rules Pressure IT Security Leaders appeared first on Security Boulevard.

article thumbnail

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

When remote workers connect bring-your-own-device (BYOD) laptops, desktops, tablets, and phones to corporate assets, risk dramatically increases. These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics.

article thumbnail

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes

Bleeping Computer

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. [.

article thumbnail

Netskope Report Surfaces Raft of Cybersecurity Challenges

Security Boulevard

A Netskope report revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023. The post Netskope Report Surfaces Raft of Cybersecurity Challenges appeared first on Security Boulevard.

article thumbnail

Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign

Trend Micro

Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.

Malware 127
article thumbnail

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Security Affairs

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family. Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444 ).

Malware 124
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.