Products & Services
Products & Services
Wing Disrupts the Market by Introducing Affordable SaaS Security
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-window
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracke
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries. The post appeared first on .
Apple’s Face ID Cheat Sheet: What It Is and How to Use It
Apple's Face ID is a secure and convenient facial recognition feature that utilizes a TrueDepth camera system for fast, reliable and secure access.
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges. The post appeared first on .
Google, Yahoo Boosting Email Spam Protections
Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections. The post appeared first on .
Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware
Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. The post appeared first on .
This Top-Rated Ad Blocker is Just $25 Through October 15th
AdGuard gets rid of ads and provides an extra layer of protection on multiple devices. Through October 15th only, it's just $25 for life.
Qualcomm Patches 3 Zero-Days Reported by Google
Qualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors. The post appeared first on .
Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is r
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webp
Synqly Joins Race to Fix Security, Infrastructure Product Integrations
Silicon Valley startup lands $4 million in seed funding from SYN Ventures, Okta Ventures and Secure Octane. The post appeared first on .
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024. The post appeared first on .
API Security Trends 2023 – Have Organizations Improved their Security Posture?
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interac
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security co
Quick Glossary: Cybersecurity Attacks
It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks and systems will be attacked by someone with criminal intent. Cybersecurity attacks, in all their var
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies. The post appeared first on .
Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks. The post appeared first on .
Actor Tom Hanks Warns of Ad With AI Imposter
Actor Tom Hanks and talk show co-host Gayle King were warning fans about ads featuring imposters generated by artificial intelligence. The post appeared first on .
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver:
Browse Safer and Faster Around the World with JellyVPN — Now Just $34.99
This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.
Playing your part in building a safer digital world: Why cybersecurity matters
In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-being
Common Errors When Connecting Multiple iPhones to One Apple ID
Surprises often arise when connecting two iPhones to the same Apple ID. Addressing several key settings helps avoid common mistakes.
Cyberghost VPN Review (2023): Features, Pricing, and Security
In this comprehensive review of Cyberghost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Propert
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitat
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the n
GDPR Data Breach Notification Letter
In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of
Security Awareness and Training Policy
A security policy is only as valuable as the knowledge and efforts of those who adhere to it, whether IT staff or regular users. Understanding the importance of computer and network security, and building accountability for these concepts, is critical to
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a seco
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is through impersonating legitimate Peruvian Android applications a
This Complete Ethical Hacking Bundle is Less Than $50
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $45.99 now.
TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Research for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, re
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2
Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading p
Bankrupt IronNet Shuts Down Operations
Bankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection. The post appeared first on .
Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack
Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted
Post-Quantum Cryptography: Finally Real in Consumer Apps?
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their
AWS Using MadPot Decoy System to Disrupt APTs, Botnets
AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post appeared first on .
Generative AI Startup Nexusflow Raises $10.6 Million
Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post appeared first on .
In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. The post appeared first on .
Researchers Extract Sounds From Still Images on Smartphone Cameras
A group of academic researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures. The post appeared first on .
Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visit
ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
National Security Agency is Starting an Artificial Intelligence Security Center
The NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems. The post appeared first on .
How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe
During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan
CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post appeared first on .
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. The post appeared first on .
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10
Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post appeared first on .
A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program. The post appeare
Protect Your Passwords for Life for Just $30
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.
Best SIEM Tools and Software for 2023
Looking for the best SIEM tool? Check out our list and find the security information and event management solution that fits your business needs.
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two co
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate a
How To Implement Zero Trust: Best Practices and Guidelines
Implement a Zero Trust security model with confidence with these best practices and tool suggestions to secure your organization.
NordVPN Review (2023): Pricing, Security & Performance
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian gover
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx,
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all mode
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On
Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive. Data breaches
Atlas VPN Review (2023): Features, Pricing, Alternatives
Atlas VPN is a budget-friendly VPN that offers a unique IP address swapping feature perfect for privacy enthusiasts.
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign w
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum
Upgrade Your Cybersecurity With This VPN That’s Only $89 for Three Years
Windscribe VPN gives you tools to block ads, create a safe hotspot, spoof your location, and more for the 3 years for the best price online.
5 of the top programming languages for cybersecurity
While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles
Microsoft is Rolling out Support for Passkeys in Windows 11
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, inst
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with
Essential Guide to Cybersecurity Compliance
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice v
Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network
Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network
Quick Glossary: Malware
Malware is an insidious infection that will steal productivity from your enterprise and potentially wreak havoc on your network. To prevent and counteract malware, it’s important to know the terminology surrounding it. This list of terms from TechRepubli
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the
UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East. The post appeared first on .
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data. The post appeared first on .
The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. The post appeared first on .
Xenomorph Android Banking Trojan Targeting Users in US, Canada
The Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets. The post appeared first on .
$200 Million in Cryptocurrency Stolen in Mixin Network Hack
Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database. The post appeared first on .
Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2
Can open-source software be secure?
Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?
How to Create and Copy SSH Keys with 2 Simple Commands
Learn how to create and copy SSH keys using just two simple commands. SSH keys provide a secure and convenient way to authenticate remote servers.
How to Compare the Contents of Local & Remote Files with the Help of SSH
This is a step-by-step guide on how to compare the contents of local and remote files with the help of SSH. Watch our video tutorial to help you learn.
How to Compare the Contents of Local & Remote Files With the Help of SSH
This is a step-by-step guide on how to compare the contents of local and remote files with the help of SSH. Watch the companion video tutorial by Jack Wallen.
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool
LogRhythm vs. SolarWinds (2023): SIEM Tool Comparison
This is an in-depth LogRhythm vs. SolarWinds SIEM tool comparison, covering their key features, pricing, and more. Use this guide to find your best fit.
Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand. On the othe
source : hackernews, securityweek, techrepublicsecurity, welivesecurity