Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 305

Phishing Passwords Security IT 305

Data Breach Today

SEPTEMBER 19, 2024

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

Communications 304

Communications Security Encryption 304

The Last Watchdog

SEPTEMBER 19, 2024

Silver Spring, MD, Sept. 19, 2024, CyberNewsWire — Aembit , the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report , a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) – such as applications, scripts, and service accounts. The report reveals a stunning, widespread reliance on outdated methods and manual practices that fail to provide adequate protection against the reali

Security 100

Security Cloud Access Authentication 100

Data Breach Today

SEPTEMBER 19, 2024

Also: US SEC Settles With Prager Metis, Rari Capital This week, Delta Prime and Ethena were hacked, Lazarus' funds were frozen, the SEC settled with Prager Metis and Rari Capital, Sam Bankman-Fried sought a new trial, the SEC accused NanoBit and CoinW6 of scams, the CTFC sought to fight pig butchering, and Wormhole integrated World ID and Solana.

287

287

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

SEPTEMBER 19, 2024

Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure.

IT 137

IT Security Information Security 137

Security Affairs

SEPTEMBER 19, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT 132

IT Cybersecurity Access Risk 132

Data Breach Today

SEPTEMBER 19, 2024

EVP Johan Gerber on How Threat Intelligence Can Prevent Fraud, Protect Payments Mastercard's proposed purchase of Recorded Future for $2.65 billion will bring advanced threat intelligence into its payment systems. EVP Johan Gerber explains how this move improves fraud detection and prevention and strengthens Mastercard's cybersecurity in an evolving digital payments landscape.

Cybersecurity 290

Cybersecurity IT 290

Security Affairs

SEPTEMBER 19, 2024

Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity Theft Resource Center (ITRC) recently found that 73% of US small business owners experienced a cyberattack in 2023.

Compliance 129

Compliance Cybersecurity Security Data breaches 129

Data Breach Today

SEPTEMBER 19, 2024

As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.

Insurance 276

Insurance Cybersecurity Security 276

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Matters

SEPTEMBER 19, 2024

On August 30, 2024, the Beijing Municipal Cyberspace Administration, Beijing Municipal Commerce Bureau and Beijing Municipal Government Services and Data Administration Bureau jointly released the “Administrative Measures for the Data Exit Negative List of the China (Beijing) Pilot Free Trade Zone (Trial)” (Administrative Measures) and the “Data Exit Administration List (Negative List) of the China (Beijing) Pilot Free Trade Zone (2024 Edition)” (Negative List) to facilitate the export of import

Privacy 100

Privacy Government 100

Data Breach Today

SEPTEMBER 19, 2024

BAE Systems Among Companies in the Sights of North Korean Cyberespionage Group A North Korean cyberespionage group is posing as job recruiters and targeting aerospace and energy sector employees with lucrative job offers, according to Mandiant. The hackers use email and WhatsApp messages to lure victims into clicking a link that deploys backdoor malware onto their devices.

274

274

Security Affairs

SEPTEMBER 19, 2024

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.

Cloud 123

Cloud Authentication Libraries Access 123

Data Breach Today

SEPTEMBER 19, 2024

Essen Health Care's Hiren Dave Makes the Case for Integration of CIO-CISO Roles As cloud computing, DevOps and automation continue to evolve, the lines between IT functions are fading, making security integral to these processes. Hiren Dave, CIO and CISO at Essen Health Care, shares how combining the roles of CIO and CISO improves risk management and communication.

Communications 268

Communications Cloud Risk Security 268

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as

Government 100

Government 100

Data Breach Today

SEPTEMBER 19, 2024

Riverwood Capital Leads Investment in Security Validation Firm to Grow in Americas Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.

Security 173

Security 173

Collaboration 2.0

SEPTEMBER 19, 2024

Apple Vision Pro's 3D photo conversion 'realified' my old snapshots in a way I was completely unprepared for. Here's how it could transform the way you view your old memories.

IT 98

IT 98

Data Breach Today

SEPTEMBER 19, 2024

Chinese Botnet Targets US Critical Infrastructure and Taiwan A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.

IoT 173

IoT 173

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Collaboration 2.0

SEPTEMBER 19, 2024

What's the best way to test a power station's longevity and durability? Take it back in time! I exposed a Jackery Explorer Kit 4000 to the ultimate challenge. See the results.

IT 98

IT 98

Data Breach Today

SEPTEMBER 19, 2024

German Law Enforcement Reportedly Deanonymized Tor User in 2021 The Tor Project on Wednesday reassured users that they remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site. Tor users can continue to use the browser "securely" and the "Tor Network is healthy," it said.

Security 173

Security IT 173

KnowBe4

SEPTEMBER 19, 2024

Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we’ve noticed that they often fall short of capturing the full picture. You already know that we are the undisputed leader in the essential areas that have been standard features in the security awareness market for years. Those capabilities are why we’ve become the largest vendor in the space.

Risk 103

Risk Security awareness Marketing Security 103

WIRED Threat Level

SEPTEMBER 19, 2024

Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.

Security 90

Security 90

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

Collaboration 2.0

SEPTEMBER 19, 2024

Anyone can install the new public beta, but you'll need an iPhone 15 Pro or a new iPhone 16 model to run Apple Intelligence.

IT 98

IT 98

WIRED Threat Level

SEPTEMBER 19, 2024

The explosion of thousands of rigged pagers and walkie-talkies will likely make Hezbollah operatives fear any means of electronic communication. It’s having the same effect on the Lebanese population.

Communications 88

Communications Security 88

Collaboration 2.0

SEPTEMBER 19, 2024

The 2024 IEEE Spectrum Top Programming Languages report is out. We've seen some movement at the top of the jobs list that you should know about. A few languages fell off the list, too.

98

98

Data Protection Report

SEPTEMBER 19, 2024

NT Analyzer Refresher: Why Network Traffic Analysis? Keeping track of where all the data is going can be devilishly difficult for companies, given the increasingly data-centric economy, massive changes in browser/mobile platforms, and the necessary use of a variety of modularized services and hosted solutions to make any website or mobile app function properly.

Privacy 40

Privacy Risk Data collection Analytics 40

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Collaboration 2.0

SEPTEMBER 19, 2024

Pay just once and get a lifetime license to the Microsoft Office 2021 app suite (including Word, Excel, and PowerPoint) on your PC for 84% off right now (there's a deal for a Mac version, too).

98

98

Jamf

SEPTEMBER 19, 2024

Learn more about how the integration between Jamf solutions and Diamond Assets helps organizations manage their Apple fleet's lifecycle from procurement to decommissioning.

40

40

Collaboration 2.0

SEPTEMBER 19, 2024

With features similar to those of the newer M3 model, now is the time to spring for Apple's ultraportable laptop, especially at this unbeatable sale price weeks ahead of October Prime Day.

Sales 75

Sales IT 75