Sat.Mar 16, 2024 - Fri.Mar 22, 2024

article thumbnail

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

article thumbnail

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Media 245
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cheating Automatic Toll Booths by Obscuring License Plates

Schneier on Security

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

248
248
article thumbnail

Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security

Tech Republic Security

Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.

Phishing 157
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Weekly Update 391

Troy Hunt

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now.?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here.

231
231
article thumbnail

The Not-so-True People-Search Network from China

Krebs on Security

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Marketing 240

More Trending

article thumbnail

6 Best Multi-Factor Authentication (MFA) Solutions for 2024

Tech Republic Security

Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.

article thumbnail

Microsoft confirms Windows Server issue behind domain controller crashes

Bleeping Computer

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144
144
article thumbnail

PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable

Penetration Testing

Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. With a severity rating of 9.6 out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.

article thumbnail

Friday Squid Blogging: New Species of Squid Discovered

Schneier on Security

A new species of squid was discovered , along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

199
199
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Security Response Policy

Tech Republic Security

Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not at all). The purpose of this Security Response Policy, written by Scott.

139
139
article thumbnail

Microsoft releases emergency fix for Windows Server crashes

Bleeping Computer

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [.

138
138
article thumbnail

OFFAT: OFFensive Api Tester

Penetration Testing

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.

article thumbnail

The ‘AT&T breach’—what you need to know

Malwarebytes

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024

Tech Republic Security

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

article thumbnail

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Bleeping Computer

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [.

Hacking 138
article thumbnail

Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024

Penetration Testing

Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

article thumbnail

Store manager admits SIM swapping his customers

Malwarebytes

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker’s control. Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t).

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Keep Your Data Safe as You Become More Productive for Just $30 Through 3/24

Tech Republic Security

Upgrading to Microsoft Windows 10 Pro can make your work easier and your computer more secure. Get it now for just $29.97 through 3/24.

Firewall 144
article thumbnail

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

Bleeping Computer

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [.

Hacking 135
article thumbnail

Fujitsu Discloses Data Breach, Customer and Personal Information Compromised

Penetration Testing

Fujitsu, the Japanese multinational technology giant, has revealed a data breach resulting from a malware infection within its corporate network. The company disclosed that sensitive files containing both personal and customer information were exposed... The post Fujitsu Discloses Data Breach, Customer and Personal Information Compromised appeared first on Penetration Testing.

article thumbnail

Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

Security Boulevard

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads. The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

Security Affairs

Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum. More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

article thumbnail

Misconfigured Firebase instances leaked 19 million plaintext passwords

Bleeping Computer

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [.

Passwords 137
article thumbnail

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

Penetration Testing

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

article thumbnail

Application Security for Dummies: The Only Way Forward

Security Boulevard

To improve application security, we must make security so stupid that anyone can do it, and that applies up and down the stack. The post Application Security for Dummies: The Only Way Forward appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Security Affairs

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

Hacking 127
article thumbnail

CISA shares critical infrastructure defense tips against Chinese hackers

Bleeping Computer

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. [.

Hacking 127
article thumbnail

CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available

Penetration Testing

Security researchers have uncovered two serious “command injection” vulnerabilities in the widely used TRENDnet AC2600 MU-MIMO WiFi Router (model TEW-827DRU). These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

article thumbnail

EPA and White House Raise Alarm on Water Cybersecurity

Security Boulevard

Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” The post EPA and White House Raise Alarm on Water Cybersecurity appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.