Sat.May 11, 2024 - Fri.May 17, 2024

article thumbnail

Another Chrome Vulnerability

Schneier on Security

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

256
256
article thumbnail

RSA 2024: AI’s Growing Influence Amplifies Global Cyber Impact

Lohrman on Security

As another RSA Conference in San Francisco ended on May 10, 2024, the global impact that cybersecurity and artificial intelligence bring to every area of life has become much more apparent.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

article thumbnail

Weekly Update 399

Troy Hunt

The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on this incident, the lists are what whoever defaced the site said TPM had and they certainly posted that data in the defacement message, but we're yet to hear a statement from the company itself.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Zero-Trust DNS

Schneier on Security

Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis.

DNS 246
article thumbnail

Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics

Tech Republic Security

AI PCs could soon see organisations invest in whole fleets of new managed devices, but Absolute Security data shows they are failing to maintain endpoint protection and patching the devices they have.

Big data 162

More Trending

article thumbnail

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media.

article thumbnail

LLMs’ Data-Control Path Insecurity

Schneier on Security

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls. There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment.

Risk 245
article thumbnail

Cisco’s Splunk Acquisition Should Help Security Pros See Threats Sooner in Australia and New Zealand

Tech Republic Security

Cisco’s Splunk acquisition was finalised in March 2024. Splunk’s Craig Bates says the combined offering could enhance observability and put data to work for security professionals in an age of AI threat defence.

Big data 141
article thumbnail

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Penetration Testing

German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day. The most significant new... The post CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover appeared first on Penetration Testing.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

VMware makes Workstation Pro and Fusion Pro free for personal use

Bleeping Computer

VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [.

Software 143
article thumbnail

FBI Seizes BreachForums Website

Schneier on Security

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.

Hacking 234
article thumbnail

Black Basta Ransomware Struck More Than 500 Organizations Worldwide

Tech Republic Security

Read about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.

article thumbnail

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

The Hacker News

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic.

Wireless 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Hackers use DNS tunneling for network scanning, tracking victims

Bleeping Computer

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [.

DNS 142
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.

193
193
article thumbnail

How to Set Up & Use a VPN on Android (A Step-by-Step Guide)

Tech Republic Security

Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.

VPN 161
article thumbnail

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

The Hacker News

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Norway recommends replacing SSL VPN to prevent breaches

Bleeping Computer

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. [.

VPN 135
article thumbnail

Dell Hell Redux — More Personal Info Stolen by ‘Menelik’

Security Boulevard

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense. The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Phishing 134
article thumbnail

Restore Damaged Files & Save Your Business for Only $50

Tech Republic Security

Regardless of how badly your files, or their formats, are damaged, EaseUS Fixo can restore your office files, videos and photos, even in batches. Get a lifetime subscription for $49.99 at TechRepublic Academy.

117
117
article thumbnail

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

The Hacker News

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

Bleeping Computer

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. [.

133
133
article thumbnail

Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace

Security Boulevard

One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet? The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.

Risk 132
article thumbnail

Google Cloud Mishap: Accidental Deletion of $125 Billion Pension Fund’s Account Raises Concerns

Penetration Testing

In a shocking incident that has raised serious questions about the reliability of public cloud services, Google Cloud accidentally deleted the entire online account of UniSuper. This unprecedented misconfiguration left over half a million... The post Google Cloud Mishap: Accidental Deletion of $125 Billion Pension Fund’s Account Raises Concerns appeared first on Penetration Testing.

article thumbnail

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

The Hacker News

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.

134
134
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

Bleeping Computer

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [.

Hacking 130
article thumbnail

Get on Cybersecurity Certification Track With $145 Off These Courses

Tech Republic Security

This $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.

article thumbnail

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data exfiltration, and maintaining control over compromised systems.

Phishing 129
article thumbnail

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

The Hacker News

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.