Schneier on Security

JULY 26, 2024

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Firmware 199

Firmware Encryption Manufacturing Passwords 199

Bleeping Computer

JULY 26, 2024

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [.

131

131

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing 125

Phishing Hacking Data breaches Cybersecurity 125

The Hacker News

JULY 26, 2024

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.

Ransomware 119

Ransomware Healthcare Government Technology 119

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Penetration Testing

JULY 26, 2024

Cybercriminals have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT service providers for the U.S. government, Bloomberg reports. According to a source familiar with the situation, Leidos recently became... The post Hackers Leak Sensitive Documents from Major Pentagon IT Contractor, Leidos appeared first on Cybersecurity News.

Government 111

Government Cybersecurity 111

Security Boulevard

JULY 26, 2024

Organizations can keep their deepfake response plans current by continuously monitoring industry trends and integrating new technologies. The post Deepfake Attacks Prompt Change in Security Strategy appeared first on Security Boulevard.

Technology 107

Technology Social Engineering Engineering Security Awareness 107

Bleeping Computer

JULY 26, 2024

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. [.

Accountability 102

Accountability Ransomware Cryptocurrency 102

Security Boulevard

JULY 26, 2024

North Korea's APT45 threat group is using ransomware attacks on U.S. health care firms to fund an ongoing cyberespionage campaign to steal military and defense secrets that are fed back into the country's banned nuclear weapons program. A North Korean operative was indicted by the DOJ. The post Suspect Indicted in North Korea Group’s Expansive Spying Operation appeared first on Security Boulevard.

Ransomware 85

Ransomware Malware Cybersecurity Hacking 85

Bleeping Computer

JULY 26, 2024

Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [.

Data breaches 84

Data breaches 84

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 84

Cybercrime Phishing Malware Cybersecurity 84

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.

DNS 83

DNS Software Internet Internet 83

The Hacker News

JULY 26, 2024

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can.

Cybersecurity 86

Cybersecurity Internet Internet 86

Security Boulevard

JULY 26, 2024

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private. The post PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’ appeared first on Security Boulevard.

Social Engineering 80

Social Engineering Firmware Data privacy Engineering 80

CompTIA on Cybersecurity

JULY 26, 2024

How will the CrowdStrike outage impact businesses and consumers in the near future? Learn more about the need for oversight and preparation for companies and individuals alike as we explore the outage. Plus, hear insights from CompTIA’s VP of Industry Research, Seth Robinson.

79

79

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 26, 2024

Outdated software components often contain vulnerabilities that have been discovered and are well-understood by threat actors. The post Networking Equipment Riddled With Software Supply Chain Risks appeared first on Security Boulevard.

Software 77

Software Risk Security Awareness Cybersecurity 77

Bleeping Computer

JULY 26, 2024

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours.

Password Management 89

Password Management Passwords Software 89

Penetration Testing

JULY 26, 2024

The popular decentralized cryptocurrency exchange platform MonoSwap recently suffered a cyberattack. The platform’s administration urges users not to add liquidity or participate in farming pools until further notice. Moreover, users with open positions on... The post MonoSwap Hacked: Urgent Withdrawal Alert appeared first on Cybersecurity News.

Hacking 73

Hacking Cryptocurrency Cybersecurity 73

Bleeping Computer

JULY 26, 2024

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [.

Data breaches 71

Data breaches Cryptocurrency 71

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

JULY 26, 2024

In a recent and alarming discovery, cybersecurity specialists from Binarly have identified a critical flaw affecting hundreds of UEFI products from 10 prominent suppliers. The vulnerability, dubbed “PKfail,” poses a severe threat as it... The post PKfail Vulnerability: A New Threat to UEFI Security Unveiled by Binarly Research Team appeared first on Cybersecurity News.

Cybersecurity 73

Cybersecurity 73

The Hacker News

JULY 26, 2024

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months.

70

70

Penetration Testing

JULY 26, 2024

X, the social media platform previously known as Twitter, has sparked privacy concerns by enabling a data-sharing feature by default. This feature allows X to share user data, including posts and interactions with the... The post X (Formerly Twitter) Silently Trains AI on User Data, Sparks Privacy Concerns appeared first on Cybersecurity News.

Media 67

Media Cybersecurity Technology 67

Malwarebytes

JULY 26, 2024

Meta announced the take-down of 63,000 sextortion-related Instagram accounts in Nigeria alone. The action was directed against a group known as Yahoo Boys, a loosely organized set of cybercriminals that largely operate out of Nigeria and specialize in different types of scams. Meta took down a host of accounts, including some 2,500 that belonged to a coordinated group of around 20 criminals which primarily targeted adult men in the US.

Accountability 67

Accountability Scams Media Internet 67

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JULY 26, 2024

A large-scale operation to remove the PlugX trojan from infected devices has commenced in six countries. This campaign was organized by the French police with the support of Europol and the French cybersecurity company... The post France Leads International Effort to Eradicate PlugX Trojan from 3,000 Systems appeared first on Cybersecurity News.

Cybersecurity 67

Cybersecurity Malware 67

Security Boulevard

JULY 26, 2024

As per recent reports, a Veeam vulnerability, that is now patched, is being exploited by an emerging threat actor group named EstateRansomware. The Veeam security flaw is present in its Backup & Replication software and can lead to severe consequences if exploited. In this article, we’ll dive into the vulnerability and focus on how it […] The post Veeam Backup Software Being Exploited By New Ransomware Group appeared first on TuxCare.

Backups 67

Backups Software Ransomware Cybersecurity 67

Penetration Testing

JULY 26, 2024

Cybersecurity researchers have uncovered a privilege escalation vulnerability in the Cloud Functions service on the Google Cloud Platform. This vulnerability, dubbed ConfusedFunction, could allow an attacker to gain unauthorized access to other services and... The post “ConfusedFunction” Flaw Opens Google Cloud Platform to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity 67

Cybersecurity Accountability 67

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and autofill their passwords.

Password Management 66

Password Management Passwords Engineering Hacking 66

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

WIRED Threat Level

JULY 26, 2024

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds.

66

66

Penetration Testing

JULY 26, 2024

Recently, TechCrunch‘s technical specialists uncovered a rather intriguing incident in the IT world. A small Minnesota-based company, Spytech, specializing in spyware production, fell victim to a cyber attack. As a result of the data... The post Spytech Hacked: Thousands of Devices Exposed in Spyware Maker Breach appeared first on Cybersecurity News.

Spyware 64

Spyware Hacking Cyber Attacks Cybersecurity 64

The Hacker News

JULY 26, 2024

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024.

62

62

Penetration Testing

JULY 26, 2024

Check Point has uncovered a network of 3,000 fake accounts on GitHub, actively disseminating malicious programs and phishing links. The activities began at least as early as May of the previous year. The most... The post Inside the Operations of Stargazer Goblin: Unveiling the Malicious Repositories appeared first on Cybersecurity News.

Phishing 64

Phishing Accountability Cybersecurity 64

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity