Sat.Jun 22, 2024 - Fri.Jun 28, 2024

article thumbnail

The State of Data Breaches

Troy Hunt

I've been harbouring some thoughts about the state of data breaches over recent months, and I feel they've finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on behalf of those executing data breaches but also very likely on behalf of some organisations handling them.

article thumbnail

Breaking the M-209

Schneier on Security

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works.

263
263
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Navigating the CISO Role: Common Pitfalls for New Leaders

Lohrman on Security

What are the top mistakes that I see new security leaders continue to make in 2024 as they start their CISO careers or take on new roles? How can these challenges be addressed?

CISO 219
article thumbnail

Ransomware Cheat Sheet: Everything You Need To Know In 2024

Tech Republic Security

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Weekly Update 405

Troy Hunt

Ah, sunshine! As much as I love being back in Norway, the word "summer" is used very loosely there. Not as much in Greece, however, which is just spectacular: Finally escaped the bitterly cold Norwegian summer for something… warmer 🇬🇷 pic.twitter.com/jk9knZvJar — Troy Hunt (@troyhunt) June 17, 2024 3 nights in Mykonos, 2 in Santorini and I'm pushing this post out just before our second night in Athens before embarking on the long journey home.

article thumbnail

Security Analysis of the EU’s Digital Wallet

Schneier on Security

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet.

251
251

LifeWorks

More Trending

article thumbnail

Bitdefender VPN vs NordVPN (2024): Which VPN Is the Best?

Tech Republic Security

Which is better, Bitdefender VPN or NordVPN? Use our guide to help you compare pricing, features and more.

VPN 178
article thumbnail

PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088)

Penetration Testing

A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2024-30088) in Microsoft Windows. This critical flaw holds a risk severity score of 7.0 and impacts systems across the... The post PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088) appeared first on Cybersecurity News.

Risk 145
article thumbnail

James Bamford on Section 702 Extension

Schneier on Security

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

article thumbnail

LockBit claims the hack of the US Federal Reserve

Security Affairs

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27

Hacking 145
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

AI Is Changing the Way Enterprises Look at Trust: Deloitte & SAP Weigh In

Tech Republic Security

Generative AI for enterprises can help or hurt. Here’s how to maintain trust in the age of AI.

article thumbnail

TeamViewer's corporate network was breached in alleged APT hack

Bleeping Computer

The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. [.

Hacking 144
article thumbnail

Paul Nakasone Joins OpenAI’s Board of Directors

Schneier on Security

Former NSA Director Paul Nakasone has joined the board of OpenAI.

article thumbnail

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

Trend Micro

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Experts found a bug in the Linux version of RansomHub ransomware

Security Affairs

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Although RansomHub only emerged in February 2024, it has rapidly grown and has become the fourth most prolific ransomware operator over the past three months based on the number of publicly claimed attacks.

article thumbnail

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

The Hacker News

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 140
article thumbnail

Security Budgets Grow, but Inefficiencies Persist

Security Boulevard

Most organizations are uncertain about the effectiveness of their cybersecurity investments, despite increasing budgets and rampant cyber incidents, according to Optiv’s 2024 Threat and Risk Management Report. The post Security Budgets Grow, but Inefficiencies Persist appeared first on Security Boulevard.

Risk 139
article thumbnail

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

Trend Micro

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

Scams 140
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Opening the Black Box of Risk-Based Authentication

Duo's Security Blog

As MFA fatigue attacks continue to wreak havoc on organizations of all sizes, security teams are left with difficult choices about how best to secure their workforces. More stringent security requirements often come with a large user experience cost, which can frustrate employees and reduce productivity. Duo’s Risk-Based Authentication (RBA) helps solve this by adapting MFA requirements based on the level of risk an individual login attempt poses to an organization.

article thumbnail

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

The Hacker News

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report.

Scams 139
article thumbnail

Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive

Security Boulevard

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine. The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

article thumbnail

Graham Cluley - Untitled Article

Graham Cluley

There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

Security Affairs

A cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) on Wednesday night, reported the Croatian Radiotelevision. A cyber attack began targeting the University Hospital Centre Zagreb (KBC Zagreb), the largest Croatian hospital, on Wednesday night, according to a report by Croatian Radiotelevision. The hospital has shut down its IT infrastructure in response to the cyber attack.

article thumbnail

TeamViewer Detects Security Breach in Corporate IT Environment

The Hacker News

TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement.

137
137
article thumbnail

Temu is Malware — It Sells Your Info, Accuses Ark. AG

Security Boulevard

Chinese fast-fashion-cum-junk retailer “is a data-theft business.” The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Malware 137
article thumbnail

‘Poseidon’ Mac stealer distributed via Google ads

Malwarebytes

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows RAT , also via Google ads. The macOS stealer being dropped in this latest campaign is actively being developed as an Atomic Stealer competitor, with a large part of its code base being the same as its pr

VPN 133
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA confirmed that its CSAT environment was breached in January.

Security Affairs

CISA warned chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was compromised in January. CISA warns chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was breached in January. In March, the Recorded Future News first reported that the US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February.

Hacking 134
article thumbnail

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

The Hacker News

Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz.

article thumbnail

Russian hackers read the emails you sent us, Microsoft warns more customers

Graham Cluley

More of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. Read more in my article on the Hot for Security blog.

article thumbnail

WordPress Plugin Supply Chain Attack Gets Worse

Security Boulevard

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

Risk 131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!