Security

Updates

FTC Accuses Avast of Selling Customer Browsing Data to Advertisers
European security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.” The post appeared first on .
22-02-2024 19:49

6 Best Open Source IAM Tools in 2024
Explore the top open source IAM (Identity and Access Management) tools, their features and how they can enhance your organization's security and access control.
22-02-2024 18:49

5 Best Free Password Managers for 2024
Discover the top free password managers for securely storing and managing your passwords. Learn about their features, benefits and choose the best one for your needs.
22-02-2024 17:24

Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million
Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients. The post appeared first on .
22-02-2024 16:45

Russian Turla Cyberspies Target Polish NGOs With New Backdoor
Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs. The post appeared first on .
22-02-2024 15:38

Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks
The outing of China-backed threat actor Volt Typhoon and Microsoft’s compromise by Russia-backed Midnight Blizzard provide important cyber security strategy lessons for Australia, says Tenable.
22-02-2024 14:52

Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool
Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm. The post appeared first on .
22-02-2024 14:13

An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance
Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online. The post appeared first on .
22-02-2024 13:51

Develop Advanced Cybersecurity Skills for Just $80
If you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams.
22-02-2024 13:30

Webinar Today: Cloudy With a Chance of Threats: The Active Threat Landscape in the Cloud
Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them. The post appeared first on .
22-02-2024 13:16

US Government Issues Guidance on Securing Water Systems
CISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments. The post appeared first on .
22-02-2024 13:11

Change Healthcare Cyberattack Causes Significant Disruption
Change Healthcare is experiencing network disruptions after taking systems offline in response to a cyberattack. The post appeared first on .
22-02-2024 12:36

US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals
The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals. The post appeared first on .
22-02-2024 12:15

Cyber Insights 2024: Ransomware
Ransomware insights: When ransomware first appeared, the term became associated with encrypting data. This is a misconception. The post appeared first on .
21-02-2024 17:43

Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers
Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers. The post appeared first on .
21-02-2024 17:04

Ping Identity (ForgeRock) vs Okta (2024): Compare IAM software
In this guide, we compare Okta and Ping Identity, two identity and access management (IAM) solutions on the market. We analyze their features, pricing and more.
21-02-2024 16:40

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation
Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.” The post appeared first on .
21-02-2024 16:36

IT Email Templates: Security Alerts
All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins. These bulletins may be one-off or regularly scheduled communications to
21-02-2024 16:00

Should IT and Security Teams Play a Role in Crisis Communications?
Australian IT and security teams should play key roles in communications during outages and cyber attacks; they also need to be prepared to act when such a tech-related crisis occurs.
21-02-2024 15:39

Webinar Tomorrow: The Active Threat Landscape in the Cloud
Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them. The post appeared first on .
21-02-2024 15:04

Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes
A new Biden executive order to boost the cybersecurity of US ports highlights the risks associated with the use of Chinese cranes. The post appeared first on .
21-02-2024 14:08

Apple Adds Post-Quantum Encryption to iMessage
Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks. The post appeared first on .
21-02-2024 14:00

Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach
Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware. The post appeared first on .
21-02-2024 12:44

Redis Servers Targeted With New ‘Migo’ Malware
Attackers weaken Redis instances to deploy the new Migo malware and install a rootkit and cryptominers. The post appeared first on .
21-02-2024 12:33

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates. The post appeared first on .
21-02-2024 11:36

Control Systems Firm PSI Struggles to Recover From Ransomware Attack
German control system solutions provider PSI Software says it is still recovering from a ransomware attack. The post appeared first on .
21-02-2024 11:27

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war
A mix of PSYOPs, espionage and … fake Canadian pharmacies!
21-02-2024 05:00

LockBit Ransomware Gang’s Website Shut Down by FBI and International Law Enforcement
The enforcement action is a major blow against the ransomware-as-a-service provider, which has been connected to 2,000 victims globally.
20-02-2024 19:43

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool
ConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching. The post appeared first on .
20-02-2024 16:19

Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day. The post appeared first on .
20-02-2024 14:57

Cyber Insights 2024: Supply Chain 
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers. The post appeared first on .
20-02-2024 14:01

China’s Volt Typhoon Hackers Are Exfiltrating Sensitive OT Data
Volt Typhoon and two other threat groups that emerged in 2023 can pose a serious threat to ICS/OT, according to industrial cybersecurity firm Dragos. The post appeared first on .
20-02-2024 13:51

Volt Typhoon Seen Exfiltrating Sensitive OT Data
Volt Typhoon and two other threat groups that emerged in 2023 can pose a serious threat to ICS/OT, according to industrial cybersecurity firm Dragos. The post appeared first on .
20-02-2024 13:51

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin
Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. The post appeared first on .
20-02-2024 13:10

Cactus Ransomware Group Confirms Hacking Schneider Electric
Cactus ransomware has added Schneider Electric to its leak site, claiming to have stolen 1.5 terabytes of data. The post appeared first on .
20-02-2024 12:24

Law Enforcement Hacks LockBit Ransomware, Delivers Major Blow to Operation
The LockBit ransomware operation has been severely disrupted by an international law enforcement operation resulting in server seizures and arrests. The post appeared first on .
20-02-2024 12:09

Anatsa Android Banking Trojan Continues to Spread via Google Play
Recent Anatsa Android banking trojan attacks have become more targeted, showing an evolution in tactics. The post appeared first on .
20-02-2024 11:34

Watching out for the fakes: How to spot online disinformation
Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?
20-02-2024 10:30

Ukrainian Raccoon Infostealer Operator Extradited to US
Alleged Raccoon Infostealer operator Mark Sokolovsky is awaiting trial in the US, after being extradited from the Netherlands. The post appeared first on .
19-02-2024 13:57

Russian Cyberspies Exploit Roundcube Flaws Against European Governments
Russian cyberespionage group targets European government, military, and critical infrastructure entities via Roundcube vulnerabilities. The post appeared first on .
19-02-2024 12:57

Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks
The BlackCat/Alphv ransomware group has taken credit for the LoanDepot and Prudential Financial attacks, threatening to sell or leak data. The post appeared first on .
19-02-2024 12:32

New Google Initiative to Foster AI in Cybersecurity
Google’s new AI Cyber Defense Initiative focuses on boosting cybersecurity through artificial intelligence. The post appeared first on .
19-02-2024 10:27

iOS Trojan Collects Face and Other Data for Bank Account Hacking 
Chinese hackers use Android and iOS trojans to obtain information needed to steal money from victims’ bank accounts. The post appeared first on .
19-02-2024 10:10

Tech Companies Sign Accord to Combat AI-Generated Election Trickery
Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok gathered at the Munich Security Conference to announce a framework for how they respond to AI-generated deepfakes that deliberately trick voters. The post appeared first on
18-02-2024 13:02

OpenAI’s Sora Generates Photorealistic Videos
Sora is in red teamers' and selected artists' hands for now, as OpenAI tries to prevent AI video from being used for misinformation or offensive content.
16-02-2024 21:37

Okta vs. Microsoft Entra ID (Azure Active Directory) 2024: IAM Software Comparison
In this guide, we compare BeyondTrust and CyberArk—two Identity and Access Management (IAM) solutions. We analyze their features, pricing and more
16-02-2024 20:56

What Is a Passphrase? Examples, Types & Best Practices
Learn about passphrases and understand how you can use these strong yet memorable phrases to safeguard your accounts against hackers.
16-02-2024 17:22

LogMeOnce vs Bitwarden (2024): Which Password Manager is Better?
While LogMeOnce features a useful password scoring system, Bitwarden’s more polished user interface and open source software make it a better pick for most businesses.
16-02-2024 15:31

Permit.io Raises $8 Million for Authorization Platform
Tel Aviv startup raises $8 million in Series A funding to help developers add secure access approval flows to applications. The post appeared first on .
16-02-2024 14:58

Top 4 Ivanti Competitors and Alternatives for 2024
Explore our list of Ivanti's competitors and find out which VPN solutions can meet your business needs. Compare features, pricing, pros and cons.
16-02-2024 14:41

Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe
Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals
16-02-2024 14:05

Ex-Employee’s Admin Credentials Used in US Gov Agency Hack
A threat actor employed the administrative credentials of a former employee to hack a US government organization. The post appeared first on .
16-02-2024 13:53

EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme
Civil rights groups called on an EU watchdog to rule against Facebook owner Meta's scheme to let Europeans pay to opt out of data tracking, which they say violates EU law. The post appeared first on .
16-02-2024 13:47

In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption, NIST Guidance
Noteworthy stories that might have slipped under the radar: US hacks Iranian military vessel used for spying, Rhysida ransomware free decryption tool, NIST guidance. The post appeared first on .
16-02-2024 13:43

Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed
The existence of a previously unknown infection technique used by spyware firm NSO Group is suggested by a single line in a contract between NSO and the telecom regulator of Ghana. The post appeared first on .
16-02-2024 13:27

Eight Vulnerabilities Disclosed in the AI Development Supply Chain
Details of eight vulnerabilities found in the open source supply chain used to develop in-house AI and ML models have been disclosed. All have CVE numbers, one has critical severity, and seven have high severity. The post appeared first on .
16-02-2024 12:27

Vulnerabilities in CUSG CMS Exposed Credit Unions to Attacks
Three vulnerabilities in CU Solutions Group CMS exposed 275 credit unions to credential theft, account takeover. The post appeared first on .
16-02-2024 12:06

CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks
CISA has added CVE-2020-3259, an old Cisco ASA vulnerability exploited by ransomware, to its KEV catalog.  The post appeared first on .
16-02-2024 11:26

US Offers $10 Million for Information on BlackCat Ransomware Leaders
The US announces a $10 million reward for information on key members of the Alphv/BlackCat ransomware group. The post appeared first on .
16-02-2024 10:26

Ukrainian Pleads Guilty in US to Key Role in Zeus, IcedID Malware Operations
Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to holding key roles in the Zeus and IcedID malware operations. The post appeared first on .
16-02-2024 09:40

This Complete Ethical Hacking Bundle is Less Than $40
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $39.97 now.
16-02-2024 09:20

FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies
The US government says it has neutralized a network of hundreds of Ubiquiti Edge OS routers under the control of the Russia's APT28 hackers. The post appeared first on .
15-02-2024 18:31

Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn
Hospitals around the country are at risk for attacks like the one that is crippling operations at a children’s hospital, and some say the government is doing too little prevent such breaches. The post appeared first on .
15-02-2024 17:59

Malware Response Checklist
Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an i
15-02-2024 16:00

What is AI, really? | Unlocked 403: A cybersecurity podcast
Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack AI's basics, applications and broader implications.
15-02-2024 15:32

All eyes on AI | Unlocked 403: A cybersecurity podcast
Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.
15-02-2024 15:32

Cyberattack Disrupts Production at Varta Battery Factories
Production at five plants of German battery maker Varta has been disrupted by a cyberattack, possibly a ransomware attack. The post appeared first on .
15-02-2024 15:03

ESET Patches High-Severity Privilege Escalation Vulnerability
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products. The post appeared first on .
15-02-2024 14:10

No Security Scrutiny for Half of Major Code Changes: AppSec Survey
Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals. The post appeared first on .
15-02-2024 13:17

New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
A couple of Wi-Fi authentication bypass vulnerabilities found in open source software can expose enterprise and home networks to attacks. The post appeared first on .
15-02-2024 12:54

Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks. The post appeared first on .
15-02-2024 11:11

DDoS Hacktivism is Back With a Geopolitical Vengeance
DDoS attacks have evolved from social protests through criminal extortion, hack attack smokescreens and competitor suppression to geopolitical vengeance. The post appeared first on .
15-02-2024 11:02

Cisco Announces It is Laying Off Thousands of Workers
About 5 percent of Cisco's global workforce will be affected by layoffs, the Silicon Valley-based company said. The post appeared first on .
15-02-2024 01:41

IBM, ISC2 Offer Cybersecurity Certificate
The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.
14-02-2024 20:59

Google Threat Analysis Group’s Spyware Research: How CSVs Target Devices and Applications
Read more about the commercial surveillance vendors threat and its ecosystem and learn how to protect from it.
14-02-2024 18:39

How to Use LogMeOnce Step-by-Step Guide
LogMeOnce has useful features that may be hard to navigate for some. Learn how to get the most out of LogMeOnce in this step-by-step guide.
14-02-2024 18:25

Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting
Microsoft threat hunters say foreign APTs are interacting with OpenAI’s ChatGPT to automate malicious vulnerability research, target reconnaissance and malware creation tasks. The post appeared first on .
14-02-2024 18:25

South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer
South Korean President Yoon Suk Yeol’s office said presumed North Korean hackers breached the personal emails of one of his staff members. The post appeared first on .
14-02-2024 16:09

Incident Response Policy
This policy from TechRepublic Premium provides information on defining an incident, assigning an incident response team, documenting a plan and conducting a response. It can be customized to meet the needs of your organization. Featured text from the pol
14-02-2024 16:00

What is a Passkey? Definition, How It Works and More
A passkey is a security measure used to grant access to a protected system. This guide explains how it works, and provides more information on its uses and benefits.
14-02-2024 15:17

Kubernetes Security Firm KTrust Emerges From Stealth With $5.3M in Funding
Israel-based Kubernetes security firm KTrust emerges from stealth mode with $5.3 million in seed funding from VC Awz Ventures.  The post appeared first on .
14-02-2024 14:53

Prudential Financial Discloses Data Breach
Prudential Financial says administrative and user data was compromised in a cyberattack earlier this month. The post appeared first on .
14-02-2024 14:22

LogMeOnce Review (2024): Is It a Safe & Reliable Password Manager?
While LogMeOnce comes with a lot of the features we want in a password manager, it’s held back by an unpolished user interface and a half-baked mobile application.
14-02-2024 13:46

Zoom Patches Critical Vulnerability in Windows Applications
Zoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications. The post appeared first on .
14-02-2024 13:22

Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities
AMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs. The post appeared first on .
14-02-2024 13:10

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers
Patches released for a new DNSSEC vulnerability named KeyTrap, described as the worst DNS attack ever discovered.   The post appeared first on .
14-02-2024 12:53

Beyond the Hype: Questioning FUD in Cybersecurity Marketing
Could cybersecurity professionals benefit from FUD awareness training in the same way that users benefit from phishing awareness training? The post appeared first on .
14-02-2024 12:00

Windows Zero-Day Exploited in Attacks on Financial Market Traders
CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). The post appeared first on .
14-02-2024 11:16

Albanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of Statistics
Albania’s cybersecurity authorities have accused a hacker group “sponsored” by the Iranian government of attacking the country’s Institute of Statistics earlier this month. The post appeared first on .
14-02-2024 11:05

The art of digital sleuthing: How digital forensics unlocks the truth
Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell
14-02-2024 10:30

Protect Your Private Data With an iProVPN Lifetime Subscription for Under $30
Maintaining security is important in business, and iProVPN uses AES 256-bit encryption to keep your data secure — even on public Wi-Fi networks.
14-02-2024 09:53

Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery
Major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of AI tools to disrupt democratic elections. The post appeared first on .
14-02-2024 02:52

IBM, ISC2 Offer Free Cybersecurity Certificate
The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.
13-02-2024 21:21

Microsoft Confirms Windows Exploits Bypassing Security Features
Patch Tuesday: Microsoft pushes a massive batch of security-themed updates and calls urgent attention to exploits bypassing security features. The post appeared first on .
13-02-2024 19:01

RoboForm Review (2024): Pricing, Features, Pros, & Cons
RoboForm is a great solution for users who want a no-nonsense password manager with strong security and a straightforward user interface.
13-02-2024 18:03

Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software
Adobe ships patches for at least 30 documented security flaws, warning that users are exposed to code execution, security feature bypass and denial-of-service attacks. The post appeared first on .
13-02-2024 16:59

French Healthcare Payments Processor Breaches Affect Half of Population
France’s data protection agency CNIL says it is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected. The post appeared first on .
13-02-2024 16:22

NIST Establishes AI Safety Consortium
The mixed public and private consortium will focus on safety, standards and skills-building for AI generally and generative AI in particular.
13-02-2024 14:40

Willis Lease Finance Corp Discloses Cyberattack
Aircraft parts dealer Willis Lease Finance Corporation (WLFC) notified the SEC that it fell victim to a cyberattack. The post appeared first on .
13-02-2024 14:16

Bank of America Customer Data Stolen in Data Breach
Bank of America is notifying some customers that their personal information was stolen in a data breach at third-party services provider. The post appeared first on .
13-02-2024 13:58

source : hackernews, securityweek, techrepublicsecurity, welivesecurity


Ads