Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices…
Category: EN
Altenen – 1,267,701 breached accounts
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes…
The Role of Secrets Management in Securing Financial Services
The Role of Secrets Management in Securing Financial Services madhav Tue, 11/05/2024 – 04:30 < div> Secrets management is one of the top DevOps challenges. According to 2024 Thales Global Data Threat Report: Financial Services, FinServ organizations face greater security…
Hackers Exploit DocuSign APIs for Phishing Campaign
Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fraudulent campaigns in recent months. Unlike typical phishing scams that rely on spoofed emails and malicious links, these attacks use…
Schneider Electric breached again, Russia behind fake video, Ohio’s ransomware lawsuits
Schneider Electric breached for second time this year U.S. says Russia behind fake Haitian voter video Ohio’s capital city faces lawsuits for handling of ransomware attack Thanks to today’s episode sponsor, Vanta As third-party breaches continue to rise, companies are…
500,000 Affected in Columbus Data Breach, Followed by Lawsuit Against Security Researcher
In July 2024, the City of Columbus, Ohio, experienced a ransomware attack that exposed the personal information of approximately 500,000 residents. While officials quickly took systems offline to contain the incident and reported halting the attack before ransomware encryption could…
Google claims Big Sleep ‘first’ AI to spot freshly committed security bug that fuzzing missed
You snooze, you lose, er, win Google claims one of its AI models is the first of its kind to spot a memory safety vulnerability in the wild – specifically an exploitable stack buffer underflow in SQLite – which was…
Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander “Connor” Moucka (aka Judische…
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address…
Threat Actor IntelBroker Claims Leak of Nokia’s Source Code
The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the…
Three UK Council websites hit by DdoS Cyber Attacks
Three UK councils—Salford, Portsmouth, and Middlesbrough—were disrupted by a Distributed Denial of Service (DDoS) attack, causing temporary outages on their websites. The National Cyber Security Centre (NCSC), part of the UK’s GCHQ, has confirmed that the attack was carried out…
How to Make SaaS Backups More Secure than Production Data
In today’s digital landscape, Software as a Service (SaaS) applications have become vital for businesses of all sizes. However, with the increasing reliance on cloud-based solutions comes the heightened need for robust data security. While production data is often fortified…
AI & API Security
Artificial Intelligence (AI) and Application Programming Interfaces (APIs) are integral to technological advancement in today’s digital age. As gateways allowing different software applications to communicate, APIs are crucial in AI’s evolution, powering everything from cloud computing to machine learning models.…
What is a Cyber Range?
Today, we’re diving into the fascinating world of cyber ranges—a critical component in the ever-evolving landscape of cybersecurity. But what exactly is a cyber range? Let’s break it down. What is a Cyber Range? A cyber range is a sophisticated…
Bitdefender’s Perspective on Weaponized AI and Its Impact on Cybersecurity
Taking cybersecurity seriously is one of the biggest things users can do to protect their company from cyberattacks. While discussing with Bogdan “Bob” Botezatu, Director of Threat Research at Bitdefender, to get a deeper understanding of what is happening…
Open-source software: A first attempt at organization after CRA
The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by…
Maximizing security visibility on a budget
In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is…
AI learning mechanisms may lead to increase in codebase leaks
The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across…
Cybersecurity jobs available right now: November 5, 2024
Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated…
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could…