Sat.Sep 14, 2024 - Fri.Sep 20, 2024

article thumbnail

Remotely Exploding Pagers

Schneier on Security

Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Supply chain attack? Malicious code update, or natural vulnerability? I have no idea, but I expect we will all learn over the next few days. EDITED TO ADD: I’m reading nine killed and 2,800 injured.

198
198
article thumbnail

Weekly Update 417

Troy Hunt

Today was all about this whole idea of how we index and track data breaches. Not as HIBP, but rather as an industry; we simply don't have a canonical reference of breaches and their associated attributes. When they happened, how many people were impacted, any press on the incident, the official disclosure messaging and so on and so forth. As someone in the video today said, "what about the Airtel data breach?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Where Are Governments in Their Zero-Trust Journey?

Lohrman on Security

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

article thumbnail

LastPass Review 2024: Is it Still Safe and Reliable?

Tech Republic Security

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 197
article thumbnail

From Dreams to Reality: The Magic of 3D Printing, with Elle Hunt

Troy Hunt

I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn't really the right word, as, frankly, it was nerve-racking. This, with my obvious bias as her father, makes it all the more remarkable that Elle was able to do it at NDC Oslo when she was just 11 years old.

More Trending

article thumbnail

DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity

Tech Republic Security

DuckDuckGo now has AI chat, emphasizing privacy and anonymity. Discover how this new offering aims to protect user data in conversations.

article thumbnail

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Internet 196
article thumbnail

The New Era of SOCs: Simplifying Cybersecurity for SMBs

Security Boulevard

A new wave of all-in-one SOC platforms is consolidating the market, bringing enterprise-grade security solutions within reach of SMBs. The post The New Era of SOCs: Simplifying Cybersecurity for SMBs appeared first on Security Boulevard.

article thumbnail

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions. “SolarWinds Access Rights Manager (ARM) was found

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Master IT Fundamentals With This CompTIA Certification Prep Bundle

Tech Republic Security

Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D.C. on September 25, 2024. I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA.

193
193
article thumbnail

Email Security Breaches Rampant Among Critical Infrastructure Organizations

Security Boulevard

A full 80% of organizations within the critical infrastructure vertical experienced email-related security breaches in the past year, according to an OPSWAT survey. The post Email Security Breaches Rampant Among Critical Infrastructure Organizations appeared first on Security Boulevard.

article thumbnail

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

The Hacker News

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.

Phishing 124
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Misconfigured ServiceNow Knowledge Bases Expose Confidential Information

Tech Republic Security

AppOmni researchers found over a thousand instances of misconfigured Knowledge Bases where articles could be compromised through Public Widgets.

113
113
article thumbnail

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2) to its Known Exploited Vulnerabilities (KEV) catalog.

Risk 116
article thumbnail

Alert: Head Mare Associated With WinRAR Vulnerability Attack

Security Boulevard

As per recent reports, a threat actor group known as Head Mare has been linked with cyberattacks that focus on exploiting a WinRAR Vulnerability. These attacks mainly target organizations located in Russia and Belarus. In this article, we’ll focus on details about Head Mare and the WinRAR vulnerability itself. Let’s begin! Head Mare Origins And […] The post Alert: Head Mare Associated With WinRAR Vulnerability Attack appeared first on TuxCare.

article thumbnail

How to Investigate ChatGPT activity in Google Workspace

The Hacker News

Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive.

104
104
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

NordPass Review (2024): Is it a Safe Password Manager?

Tech Republic Security

Nord Security fans will be happy to know that NordPass meets expectations as a high-quality password manager in its suite of security apps. Read more below.

article thumbnail

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog Ivanti Cloud Service Appliance flaw is being actively exploited in the wild GitLab fixed a critical flaw in GitLab CE and GitLab EE New Linux malwa

article thumbnail

Why Are So Many Public Sector Organizations Getting Attacked?

Security Boulevard

Public sector organizations such as schools, hospitals, manufacturing units, essential services and government offices have become a popular target for cybercriminals. The post Why Are So Many Public Sector Organizations Getting Attacked? appeared first on Security Boulevard.

article thumbnail

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

The Hacker News

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.

Malware 116
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Australian IT Spending to Surge in 2025: Cybersecurity & AI Focus

Tech Republic Security

Australia's IT spending is set to surge 8.7% in 2025, driven by cybersecurity needs, AI investments, and hardware upgrades as Windows 10 ends.

article thumbnail

AI and Cyber Security: Innovations & Challenges

eSecurity Planet

As cyber threats become increasingly sophisticated, integrating artificial intelligence (AI) into cybersecurity is more than a passing trend — it’s a groundbreaking shift in protecting our digital assets. As cyber-attacks grow increasingly complex, leveraging AI becomes crucial for staying ahead of emerging threats. Let’s dive into how AI and cybersecurity are transforming in today’s highly modern and complex times, explore their benefits and challenges, and see how they shape the fu

article thumbnail

Five Tools That Can Help Organizations Combat AI-powered Deception

Security Boulevard

As digital exploitation, fraud and deception move deeper into society, it is incumbent on organizations to educate their employees on digital literacy skills, make them aware of the risks posed by phishing and social engineering threats. The post Five Tools That Can Help Organizations Combat AI-powered Deception appeared first on Security Boulevard.

article thumbnail

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

The Hacker News

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The development was first reported by The Washington Post on Friday.

Spyware 107
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year

Tech Republic Security

Cyber attackers are using malicious emails to infiltrate critical national infrastructure, like utilities, transport, telecommunications, and now data centres.

article thumbnail

Ticketmaster boss who repeatedly hacked rival firm sentenced

Graham Cluley

A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information. Read more in my article on the Hot for Security blog.

Hacking 97
article thumbnail

Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO

Security Boulevard

Apple wants its three-year-old lawsuit against spyware maker NSO to be dismissed, citing the surveillance software maker's declining dominance of the expanding market and fears that its own threat intelligence could be exposed, which would harm its efforts to protect its users. The post Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO appeared first on Security Boulevard.

Spyware 102
article thumbnail

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

The Hacker News

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.