Security

Updates

Details and Lessons Learned From the Ransomware Attack on the British Library
Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. The post appeared first on .
28-03-2024 10:00

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities
CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post appeared first on .
28-03-2024 09:43

Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post appeared first on .
27-03-2024 17:51

Protect Your Business With This Seamless Firewall — Now $150 Off
DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats.
27-03-2024 16:21

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own
Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post appeared first on .
27-03-2024 14:35

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working
Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post appeared first on .
27-03-2024 13:50

VPN Apps on Google Play Turn Android Devices Into Proxies
Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. The post appeared first on .
27-03-2024 13:19

Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters
Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. The post appeared first on .
27-03-2024 12:22

Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products 
In the past week Rockwell Automation addressed 10 vulnerabilities found in its FactoryTalk, PowerFlex and Arena Simulation products. The post appeared first on .
27-03-2024 12:12

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks
CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. The post appeared first on .
27-03-2024 09:49

Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post appeared first on .
26-03-2024 19:36

Researchers Discover 40,000-Strong EOL Router, IoT Botnet 
Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. The post appeared first on .
26-03-2024 17:53

UK Firm Think Cyber Raises $3.8 Million for Staff Security Nudging
Startup says simple awareness training is not sufficient – users need to practice ‘good’ behavior beyond simply acknowledging poor behavior and bad intent. The post appeared first on .
26-03-2024 16:32

Airbus to Buy German Cybersecurity Firm Infodas
Airbus Defence and Space is set to acquire Infodas, a Germany-based company that boasts €50 million revenue. The post appeared first on .
26-03-2024 16:08

Brute Force and Dictionary Attacks: A Guide for IT Leaders
It’s essential that cybersecurity professionals understand the risks associated with brute force attacks. Read this guide from TechRepublic Premium to find out what you need to know about this classic form of cybersecurity attack, how safe you may (or ma
26-03-2024 16:00

UK Court Says Assange Can’t be Extradited on Espionage Charges Until US Rules Out Death Penalty
UK Judges said the U.S. must guarantee that Assange, who is Australian, “is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed.” The post appeared first on .
26-03-2024 15:53

Webinar Today: How to Reduce Cloud Identity Risk
Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities. The post appeared first on .
26-03-2024 14:56

6 Best Authenticator Apps for 2024
Authenticator apps provide an extra layer of security. Learn about the best authenticator apps to secure your online accounts and protect your privacy.
26-03-2024 14:28

Microsoft: 87% of UK Businesses Are Unprepared for Cyberattacks
Microsoft has called on UK business leaders to "fight fire with fire" by adopting AI cybersecurity tools to defend themselves from cyberattacks.
26-03-2024 14:00

Suspicious NuGet Package Harvesting Information From Industrial Systems
A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon. The post appeared first on .
26-03-2024 13:55

ZenHammer Attack Targets DRAM on Systems With AMD CPUs
A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. The post appeared first on .
26-03-2024 13:40

Greylock Makes $10M Bet on Bedrock Security
Silicon Valley startup deposits $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI technologies. The post appeared first on .
26-03-2024 13:33

New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers
The GoFetch vulnerability, which affects Apple's M series of chips, allows an attacker to steal secret keys from the Mac under certain conditions. Read tips on mitigating the GoFetch security threat.
26-03-2024 13:00

Apple Patches Code Execution Vulnerability in iOS, macOS
Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. The post appeared first on .
26-03-2024 12:14

Borrower beware: Common loan scams and how to avoid them
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.
26-03-2024 10:30

US Treasury Slaps Sanctions on China-Linked APT31 Hackers
The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.” The post appeared first on .
25-03-2024 18:50

Leen Banks Early Stage Funding for Data Security Technology
Leen Security, a new startup building technology to help reduce chaos in the data security space, has banked a $2.8 million pre-seed funding. The post appeared first on .
25-03-2024 18:29

The OODA Loop: The Military Model That Speeds Up Cybersecurity Response
The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring, and threat hunting. The post appeared first on .
25-03-2024 18:12

What Are Mobile VPN Apps and Why You Should Be Using Them
When you think of virtual private networks, chances are pretty good your thoughts go to the tried and true VPNs of old, which made it possible for you to securely connect to your company network (from a remote location) such that your local computer beha
25-03-2024 16:00

Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks
More than 100 organizations in the US and EU have been targeted in recent StrelaStealer infostealer campaigns. The post appeared first on .
25-03-2024 13:19

Top Python Developers Hacked in Sophisticated Supply Chain Attack
Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. The post appeared first on .
25-03-2024 11:43

Cybersecurity starts at home: Help your children stay safe online with open conversations
Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.
25-03-2024 10:30

Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest. The post appeared first on .
25-03-2024 10:15

White House Nominates First Assistant Secretary of Defense for Cyber Policy
Michael Sulmeyer has been nominated by the White House as the first assistant secretary of defense for cyber policy at the Pentagon. The post appeared first on .
25-03-2024 10:00

Finite State Raises $20 Million to Grow Software Supply Chain Security Business
Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP). The post appeared first on .
23-03-2024 03:33

German Authorities Shut Down Online Marketplace for Drugs, Data and Cybercrime Services
German authorities took down the Nemesis Market, a major online marketplace for drugs, cybercrime services and stolen credit card data. The post appeared first on .
23-03-2024 02:29

JumpCloud vs Okta (2024): IAM Software Comparison
Read this feature comparison of JumpCloud and Okta, two leading IAM softwares solutions that can help secure your business.
22-03-2024 16:48

Russian APT29 Hackers Caught Targeting German Political Parties 
Russia’s APT29 hacking group is expanding targets to political parties in Germany using a new backdoor variant tracked as Wineloader. The post appeared first on .
22-03-2024 16:08

Duo vs Microsoft Authenticator (2024): Which Tool is Better?
Is Duo better than Microsoft Authenticator? Which one is safer to use? Read our guide to learn more about security, pros, cons and more.
22-03-2024 16:07

Top 6 Google Authenticator Alternatives in 2024
Looking for an alternative to Google Authenticator? Here's our comprehensive list covering the top competitors and alternatives to help you find your best fit.
22-03-2024 16:00

UN Adopts Resolution Backing Efforts to Ensure Artificial Intelligence is Safe
The resolution, sponsored by the United States and co-sponsored by 123 countries, including China, was adopted by consensus with a bang of the gavel and without a vote, meaning it has the support of all 193 U.N. member nations. The post appeared first o
22-03-2024 15:47

Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax
The Rhysida ransomware group has taken credit for the cyberattack on MarineMax and is offering to sell stolen data for 15 bitcoin. The post appeared first on .
22-03-2024 15:20

‘Brain Weasels’: Impostor Syndrome in Cybersecurity
There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome. The post appeared first
22-03-2024 14:35

8 Best Enterprise Password Managers
Explore the best enterprise password managers that provide security and centralized control for managing and protecting passwords across your organization.
22-03-2024 14:25

In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap 
Noteworthy stories that might have slipped under the radar: Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap. The post appeared first on .
22-03-2024 14:01

Auth0 vs Okta (2024): Which IAM Software Is Better?
Auth0 and Okta are identity and access management software solutions, but which one should you choose? Dive into the specifics with this IAM tools feature comparison guide.
22-03-2024 14:00

39,000 Websites Infected in ‘Sign1’ Malware Campaign
Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. The post appeared first on .
22-03-2024 13:00

US Government Issues New DDoS Mitigation Guidance
CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks. The post appeared first on .
22-03-2024 12:49

AceCryptor attacks surge in Europe – Week in security with Tony Anscombe
The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT
22-03-2024 12:21

BlueFlag Security Emerges From Stealth With $11.5M in Funding
BlueFlag Security emerges from stealth mode with $11.5 million in a seed funding round led by Maverick Ventures and Ten Eleven Ventures. The post appeared first on .
22-03-2024 11:12

New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio
Key provisions in the legislation would require AI developers to identify content created using their products with digital watermarks or metadata. The post appeared first on .
21-03-2024 19:33

Lost Crypto Wallet? New Firm Promises Ethical, Transparent and Inexpensive Recovery
Praefortis is a new company pushing ethical and transparent recovery of lost or forgotten crypto wallet passwords. The post appeared first on .
21-03-2024 19:20

Dymium Snags $7M to Build Data Security Platform with Secure AI Chat 
Two Bear Capital leads a venture capital bet on Dymium, a California startup building data protection technologies. The post appeared first on .
21-03-2024 15:36

House Passes Bill Barring Sale of Personal Information to Foreign Adversaries
H.R. 7520 prohibits data brokers from selling Americans’ data to foreign adversary countries or entities controlled by them. The post appeared first on .
21-03-2024 14:15

Tarsal Raises $6 Million for Security Data Movement Platform
Tarsal raises $6 million in a seed funding round led by Harpoon Ventures and Mango Capital and appoints new CTO. The post appeared first on .
21-03-2024 14:02

Risk and Regulation: Preparing for the Era of Cybersecurity Compliance
The next twelve months will see the implementation of several regulations designed to improve cybersecurity standards across various industries. The post appeared first on .
21-03-2024 13:38

Microsoft Patches Xbox Vulnerability Following Public Disclosure
Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post appeared first on .
21-03-2024 13:34

Vulnerability Allowed Takeover of AWS Apache Airflow Service
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.  The post appeared first on .
21-03-2024 13:00

Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.  The post appeared first on .
21-03-2024 13:00

Watch Now: Supply Chain & Third-Party Risk Summit 2024 
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now) The post appeared first on .
21-03-2024 12:48

Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM
Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution. The post appeared first on .
21-03-2024 12:21

6 Best Multi-Factor Authentication (MFA) Solutions for 2024
Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.
20-03-2024 17:19

Quick Glossary: Cybersecurity Countermeasures
Cybersecurity attacks are inevitable for modern businesses. Therefore, it is vital that businesses deploy countermeasures to mitigate the damage these attacks cause. This quick glossary, created by Mark W. Kaelin for TechRepublic Premium, explains the te
20-03-2024 16:00

Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security
Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.
20-03-2024 15:05

Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
20-03-2024 10:30

NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024
Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.
19-03-2024 23:05

Quick Glossary: Cybersecurity Attack Response and Mitigation
Your computer network is under constant attack. The hard reality is that one of those cyberattacks will succeed, and you had better be prepared. This quick glossary, created by Mark W. Kaelin for TechRepublic Premium, explains the terminology used by sec
19-03-2024 16:00

Security Response Policy
Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not
19-03-2024 16:00

A prescription for privacy protection: Exercise caution when using a mobile health app
Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data
19-03-2024 10:30

Keep Your Data Safe as You Become More Productive for Just $30 Through 3/24
Upgrading to Microsoft Windows 10 Pro can make your work easier and your computer more secure. Get it now for just $29.97 through 3/24.
19-03-2024 08:27

UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack
UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery. The post appeared first on .
19-03-2024 02:25

NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024
Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.
19-03-2024 01:40

Safeguarding Customer Information Policy
Data breaches can cost companies tens of thousands of dollars or more, and can pose a significant risk to company operations and reputation. Customer information is usually one of the favorite targets of hackers as it contains confidential details which
18-03-2024 16:00

Risk Management Policy
Risk management involves the practice of addressing and handling threats to the organization in the form of cybersecurity attacks and compromised or lost data. The process of establishing appropriate risk management guidelines is critical to ensure compa
18-03-2024 16:00

UK Government Releases Cloud SCADA Security Guidance
UK’s NCSC releases security guidance for OT organizations considering migrating their SCADA solutions to the cloud. The post appeared first on .
18-03-2024 14:33

Fujitsu Data Breach Impacts Personal, Customer Information
Fujitsu says hackers infected internal systems with malware, stole personal and customer information. The post appeared first on .
18-03-2024 14:10

Cisco Completes $28 Billion Acquisition of Splunk
The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. The post appeared first on .
18-03-2024 13:41

Pentagon Received Over 50,000 Vulnerability Reports Since 2016
Since 2016, the US DoD has received over 50,000 submissions through its vulnerability disclosure program. The post appeared first on .
18-03-2024 12:28

Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red
The desire to be a hacker is usually innate, and commonly emerges in early life. This did not happen with Snow: she was a married freelance special effects makeup artist when it all began. The post appeared first on .
18-03-2024 12:00

New Attack Shows Risks of Browsers Giving Websites Access to GPU 
Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards. The post appeared first on .
18-03-2024 11:52

Moldovan Operator of Credential Marketplace Sentenced to US Prison
Sandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials. The post appeared first on .
18-03-2024 10:15

PoC Published for Critical Fortra Code Execution Vulnerability
A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post appeared first on .
18-03-2024 10:00

IMF Emails Hacked
The International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked. The post appeared first on .
18-03-2024 08:28

Get on CompTIA Certification Track With These $30 Study Guides
Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.
18-03-2024 08:02

Remote Access Policy
Secure remote access to company systems and networks is now a way of life for most organizations. As corporate conglomerates, small businesses and brick-and-mortar shops fade away in favor of a distributed offsite workforce, companies and employees can p
17-03-2024 16:00

BeyondTrust vs. CyberArk (2024): IAM Solutions Comparison
In this comparison, we analyze CyberArk and BeyondTrust features, pros and cons to help you make an informed decision about your organization's IAM needs.
16-03-2024 02:46

5 Best VPNs for Travel in 2024 (Free & Paid VPNs)
What’s the best VPN to use when traveling? Our in-depth guide helps you understand what to look for in a VPN and find the best solution for your needs.
15-03-2024 21:56

Okta vs Duo (2024): Which IAM Tool Is Best for Your Business?
Okta and Duo provide solutions for maintaining data security. Compare the features of Okta and Duo to help you choose the best option for your identity and access management needs.
15-03-2024 17:51

Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations
Burnout and fatigue among cyber professionals are leading to flow-on consequences like more data breaches, employee apathy to cyber duties and turnover of cyber workforces during a skills crisis.
15-03-2024 15:47

MFA vs 2FA: Which Is Best for Your Business?
Learn the key differences between multi-factor authentication (MFA) and two-factor authentication (2FA) and find out which one is best for your business needs.
15-03-2024 15:17

6 Best VPNs for Gaming in 2024
Here are the top VPNs for gaming. They offer fast speeds, reliable connections and enhanced security to enhance your gaming experience.
15-03-2024 14:15

Codezero Raises $3.5 Million for DevOps Security Solution
Secure enterprise microservices development firm Codezero raises $3.5 million in seed funding. The post appeared first on .
15-03-2024 13:38

In Other News: CISA Hacked, Chinese Lock Backdoors, Exposed Secrets
Noteworthy stories that might have slipped under the radar: CISA hacked via Ivanti vulnerabilities, Chinese electronic lock backdoors, secrets exposed on GitHub. The post appeared first on .
15-03-2024 12:52

Discontinued Security Plugins Expose Many WordPress Sites to Takeover
Thousands of WordPress sites are at risk of takeover due to a critical privilege escalation vulnerability in two closed MiniOrange plugins. The post appeared first on .
15-03-2024 11:59

Tech Support Firms Agree to $26M FTC Settlement Over Fake Services
Restoro and Reimage agree to a $26 million settlement after selling fake antivirus and tech services to undercover FTC agents. The post appeared first on .
15-03-2024 11:30

Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
15-03-2024 11:20

43 Million Possibly Impacted by French Government Agency Data Breach 
Recent data breach at unemployment agency France Travail (Pôle Emploi) could impact 43 million people.  The post appeared first on .
15-03-2024 10:25

Threat Detection Report: Cloud Attacks Soar, Mac Threats and Malvertising Escalate
Red Canary’s 2024 Threat Detection Report is based on analysis of almost 60,000 threats across 216 petabytes of telemetry from over 1,000 customers’ endpoints. The post appeared first on .
15-03-2024 10:19

Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund
Venture capital firm Ballistic Ventures closed an oversubscribed $360 million fund that will be used to fund cybersecurity companies. The post appeared first on .
14-03-2024 16:28

Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection 
Chrome’s standard Safe Browsing protections now provide real-time malicious site detection and Password Checkup on iOS now flags weak passwords. The post appeared first on .
14-03-2024 16:01

source : hackernews, securityweek, techrepublicsecurity, welivesecurity


Ads