Information security
Information security

Hackers make millions of attempts to exploit WordPress plugin vulnerability

Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover. [ more ]

Fast Company

11 hours ago

Be careful where you upload files: Cybersecurity researchers highlight a new ransomware threat to browsers

Uploading files online can also lead to ransomware attacks due to modern browsers' capabilities to interact with local file systems. [ more ]

Tripwire

"Junk gun" ransomware: the cheap new threat to small businesses

Cheap, unsophisticated ransomware like 'junk gun' poses a serious threat to organizations, despite not making headlines like other advanced variants. [ more ]

morehackers

Los Angeles Times

9 hours ago

Glendale teachers surprised to find their taxes already filed -- fraudulently

The Glendale Unified School District experienced a ransomware attack resulting in the fraudulent filing of taxes for hundreds of employees. [ more ]

The Verge

7 hours ago

Eken fixes "terrible" video doorbell issue that could let someone spy on you

Eken Group issued firmware update for video doorbells with serious security vulnerabilities found by Consumer Reports. [ more ]

Ars Technica

10 hours ago

Google says it's fixing a nasty Android TV account security loophole

Google patched a loophole granting full Google account access via Android TV sideloading apps. [ more ]

Nextgov.com

10 hours ago

VA is warning veterans about Change Healthcare cyberattack, secretary says

The Department of Veterans Affairs notified over 15 million veterans of a cybersecurity breach but found no adverse impacts on patient care. [ more ]

Above the Law

14 hours ago

Using Employee Engagement And Technical Controls To Reduce Insider Risk

Insider risk, posed by employees, is a significant cybersecurity concern in organizations despite traditional defense mechanisms. [ more ]

Axios

13 hours ago

AI models are inching closer to hacking on their own

The new report indicates this fear could be a reality sooner than anticipated.

ITPro

14 hours ago

DevaOnBreaches 14 hours ago

Tech brief security bundle

Operational peace of mind with HPE ProLiant Gen11 servers through trusted security features. [ more ]

U.S. health conglomerate Kaiser is notifying millions of current and former members of a #databreach after confirming it shared patients’ information with third-party advertisers.

https://t.co/Fk7f4OsoVT

TechCrunch

Health insurance giant Kaiser notifies millions of a data breach | TechCrunch

Kaiser Foundation Health Plan notified 13.4 million residents of a data breach involving unauthorized access to a network server. [ more ]

ITPro

17 hours ago

Everything you need to know about the Product Security and Telecommunications Infrastructure Act

Organizations urged to prepare for UK's Product Security and Telecommunications Infrastructure Act (PSTI) by the end of April. [ more ]

ITPro

18 hours ago

Cyber security sector gender balance shows modest signs of improvement

The number of women entering cyber security is increasing, with positive trends in leadership roles and hiring responsibilities. [ more ]

ComputerWeekly.com

15 hours ago

Security Think Tank: Maybe let's negotiate with terrorists | Computer Weekly

Negotiation can be essential even in the context of terrorism, despite firm public stances against it. [ more ]

ITPro

21 hours ago

Flawed Cisco firewalls used to target government networks

A state-affiliated cyber espionage campaign, ArceneDoor, exploited two Cisco zero-day vulnerabilities to infiltrate government networks. [ more ]

London Business News | Londonlovesbusiness.com

18 hours ago

Spy chief warns foreign powers are targeting UK universities

The MI5 spy chief has issued a warning that the UK's enemies are targeting universities to undermine national security.

Theregister

Flaws in Chinese keyboard apps expose smartphones to snoops

Chinese keyboard apps, including those from major manufacturers, pose a security risk by potentially leaking keystrokes to snoopers. [ more ]

security

TechRepublic

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

GPT-4 can autonomously exploit one-day vulnerabilities. [ more ]

Developer Tech News

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security. [ more ]

TechRepublic

4 Best Open Source Password Managers for Teams in 2024

Password managers are crucial for secure credential storage, sharing, and access.

Open source password managers offer code customization, easy vulnerability detection, and transparency. [ more ]

TechRepublic

6 Best Open Source Password Managers for Mac in 2024

MacPass is the best overall open-source password manager for macOS users.

Open source password managers ensure transparency and control over data for enhanced security and privacy. [ more ]

TechRepublic

6 Best Open Source Password Managers for Windows in 2024

Bitwarden is the best overall open-source password manager for Windows.

Different password managers excel in security, data protection, offline management, storage, collaboration, and being free. [ more ]

@micshasan

...

TechRepublic

5 Best Password Managers for Android in 2024

Android accounts for 70.1% of mobile operating systems worldwide in Q4 2023.

Password managers on Android enhance security by encrypting and organizing passwords. [ more ]

moresecurity

The Verge

CISA ransomware warning program will launch this year

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is rolling out a program that warns organizations about potential ransomware attacks, CyberScoop reports.

Alleywatch

The AlleyWatch Startup Daily Funding Report: 4/25/2024

NYC startups Dripos, Alaffia Security, and Nagomi Security secured funding, totaling $51M, $10M, and $30M, respectively. [ more ]

ransomware-attacks

CyberScoop

CISA ransomware warning program set to fully launch by end of 2024

CISA plans to launch automated vulnerability warning program to reduce ransomware attacks through patching vulnerabilities. [ more ]

TechRepublic

Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7

Ransomware threats in Asia-Pacific vary by jurisdiction and sector

Intelligence on specific attack trends can enhance ransomware defense [ more ]

moreransomware-attacks

Ars Technica

Zombie worm continues to infect millions of IPs years after it was left for dead

An old USB worm, self-replicating and backdooring devices, remains active on thousands if not millions of machines despite creators losing control. [ more ]

TechCrunch

Health insurance giant Kaiser notifies millions of a data breach | TechCrunch

Kaiser Foundation Health Plan notified 13.4 million residents of a data breach involving unauthorized access to a network server. [ more ]

adlibweb.

SIEM at a glance (Security information and event management)

Contingency plans can fail due to various uncontrollable factors, emphasizing the importance of proactive monitoring with tools like SIEM. [ more ]

TechRepublic

Women in Cybersecurity: ISC2 Survey Shows Pay Gap and Benefits of Inclusive Teams

Only 17% of cybersecurity workforce respondents were women, showing ongoing gender imbalance. [ more ]

microsoft

The Verge

Microsoft needs to win back trust

Microsoft is facing serious security challenges, requiring a complete overhaul of its security culture to prevent further breaches and restore trust. [ more ]

Zero Day Initiative

Zero Day Initiative - The April 2024 Security Updates Review

Adobe released nine patches addressing 24 CVEs in various products, including critical and important-severity bugs.

Microsoft released 147 new CVEs this month in Microsoft Windows and Windows Components. [ more ]

moremicrosoft

Hot for Security

Hacker posts fake story about Ukrainians trying to kill Slovak President

The importance of cybersecurity measures and vigilance in protecting IT systems from malicious hackers. [ more ]

Graham Cluley

Smashing Security podcast #369: Keeping the lights on after a ransomware attack

Podcast discusses Leicester City Council ransomware attack, data breach, Indian election deepfakery. [ more ]

CyberScoop

FCC wants rules for 'most important part of the internet you've probably never heard of'

FCC to vote on restoring net neutrality rules and potentially implementing regulations to address BGP security vulnerabilities. [ more ]

InfoQ

SSH Backdoor from Compromised XZ Utils Library

A backdoor was discovered in xz utils affecting Linux distributions like Debian Sid and Fedora, emphasizing the importance of cybersecurity diligence. [ more ]

Mail Online

Hackers are using fake Facebook ads to steal bank account details

Cyberattack targets Facebook users with phishing ads disguised as 'sponsored' Google links. [ more ]

Theregister

Mandiant: Russia, Iran pose biggest threat to 2024 elections

State-sponsored cybercriminals pose the biggest threat to election security this year. [ more ]

TechCrunch

Ex-NSA hacker and ex-Apple researcher launch startup to protect Apple devices | TechCrunch

Two veteran security experts are launching a startup that aims to help other makers of cybersecurity products to up their game in protecting Apple devices.

Inside Higher Ed | Higher Education News, Events and Jobs

Colleges spending more than ever on cybersecurity efforts

Higher education institutions are increasing cybersecurity budgets, but still lag behind other sectors in spending levels. [ more ]

ITPro

Hackers have been abusing a popular antivirus solution to crack corporate networks for five years

A malware campaign has been using a popular antivirus solution to distribute backdoors on networks since at least 2018. [ more ]

Theregister

'Sophisticated' nation-state crew exploiting Cisco firewalls

A sophisticated nation-state group compromised Cisco firewalls for espionage, targeting VPN services globally. [ more ]

ComputerWeekly.com

Patch Tuesday: Windows Server 2008 receives emergency security patch | Computer Weekly

Microsoft's latest Patch Tuesday in April 2024 addresses 155 vulnerabilities, including 3 critical ones and 145 important severity ones.

An emergency patch for the Proxy Driver Spoofing Vulnerability impacting Windows desktop and server OS was released for end-of-life versions like Windows Server 2008. [ more ]

Theregister

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.

A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows. [ more ]

TechRepublic

Review Methodology for Password Managers

Detailed breakdown of TechRepublic's password manager review process. [ more ]

TechRepublic

Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020

The number of devices infected with data-stealing malware in 2023 was 9.8 million, with an expected rise to 16 million; infostealers are on the rise due to ease of access. [ more ]

TechRepublic

Data Encryption Policy | TechRepublic

Data Encryption Policy aims to define encryption requirements for all organization devices to prevent unauthorized access. [ more ]

TechRepublic

TechRepublic's Review Methodology for VPNs

TechRepublic evaluates VPNs based on five main categories: pricing, core VPN features, ease of use, customer support, and expert analysis, each weighted differently in the assessment process. [ more ]

TechRepublic

Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted

Backups do not guarantee safety from ransomware attacks; compromised backups significantly increase the likelihood of paying ransom and recovery costs. [ more ]

TechRepublic

Apple Alerts iPhone Users to Mercenary Spyware Attacks

Apple warned iPhone users of targeted mercenary spyware attacks, advising expert help for affected users. [ more ]

New Relic

Identify vulnerabilities across application environments

Securing application environments is essential for operational security, compliance, and customer trust, requiring identification and mitigation of vulnerabilities through detailed understanding and effective strategies. [ more ]

TechRepublic

Checklist: Securing Digital Information | TechRepublic

Digital information is crucial for organizations, and the checklist offers a strategy for maximum security. [ more ]

TechRepublic

Cybersecurity: Benefits and Best Practices | TechRepublic

Cybercriminal activity is increasing.It is no longer a matter of if an attack will happen, but of when.

TechRepublic

Cyber Insurance Policy | TechRepublic

Cyber threats are increasing, leading to financial losses that companies need to mitigate.

The policy covers various cyber-related incidents, such as unauthorized access to bank accounts and fraudulent transactions. [ more ]

TechRepublic

Building a Cyber Threat Hunting Team: Methods, Strategies and Technologies | TechRepublic

Cyber threat hunting aims to detect malicious activities and enhance an organization's resilience against attacks.

Hypothesis-driven hunting involves forming assumptions based on threat intelligence to uncover potential security breaches. [ more ]

TechRepublic

TechRepublic Academy Is Offering Extra 20% Off Most Deals Through 4/16

Opportunity to get 20% extra discount on site-wide sales at TechRepublic Academy.

TechRepublic Academy offers a wide range of technology deals, online training, and electronics to enhance business operations or personal career growth. [ more ]

TechRepublic

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

XZ Utils is widely used in Unix-based systems like Linux for data compression.

The XZ backdoor allowed remote code execution via SSH login certificates and affected versions 5.6.0 and 5.6.1. [ more ]

TechRepublic

Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

Protect business data with a lifetime subscription to OysterVPN for $32 using code SECURE20 through April 7.

OysterVPN offers secure connections to over 182 servers across 22 countries, unlimited data on five connections, and advanced features like encryption and ad blocking. [ more ]

TechRepublic

5 Best Password Managers for Android in 2024

Android accounts for 70.1% of mobile operating systems worldwide in Q4 2023.

Password managers on Android enhance security by encrypting and organizing passwords. [ more ]

TechRepublic

9 Must-Do Tips to Secure Ubuntu Server | TechRepublic

Constantly secure servers to stay ahead of hackers, even as a Linux systems administrator.

Linux platforms like Ubuntu still require hardening measures to prevent compromises. [ more ]

TechRepublic

Get a Lifetime of VPN Protection for Just $16

Get a lifetime subscription to RealVPN for $16 with promo code SECURE20 until April 7th.

RealVPN offers encryption for all data, access to multiple servers worldwide, and can connect up to five devices simultaneously. [ more ]

TechRepublic

What Is a VPN Kill Switch and Why Do You Need One?

Virtual Private Network (VPN) kill switch benefits include protecting sensitive data, preventing account compromise, and ensuring privacy from censorship.

VPN kill switch drawbacks include frequent disconnections, the requirement of an always-on VPN, and crashes that disable internet access. [ more ]

TechRepublic

JetBrains fixes 26 'security problems,' offering no details

JetBrains urged users to upgrade due to 26 security issues in TeamCity.

JetBrains declined to disclose details for security fixes. [ more ]

TechRepublic

Protect Your Business With This Seamless Firewall for $50

DNS FireWall offers a cost-effective solution for cybersecurity protection.

DNS FireWall uses machine learning to proactively block malware, phishing, and botnets. [ more ]

CyberScoop

US and UK accuse China of cyber operations targeting domestic politics

U.S. government accuses Chinese nationals of hacking operation targeting political targets in the U.S.

Indictment unveiled against Chinese group for breaching personal devices of U.S. officials, dissidents, and companies. [ more ]

TechRepublic

Microsoft: 87% of UK Businesses Are Unprepared for Cyberattacks

Only 13% of UK businesses are resilient to cyberattacks, 87% are at risk.

AI in cybersecurity can increase resilience and reduce costs for organizations. [ more ]

TechRepublic

6 Best Authenticator Apps for 2024

Authenticator apps add security against identity-related breaches.

Google Authenticator provides locally generated time-based passcodes for offline authentication support. [ more ]

TechRepublic

New GoFetch Vulnerability in Apple's M Chips Allows Secret Keys Leak on Compromised Computers

GoFetch vulnerability affects Apple's M1, M2, and M3 chips, allowing exfiltration of keys from cryptographic applications.

The vulnerability resides in Data Memory-dependent Prefetchers in the chips, exploiting behavior that confuses memory content with pointer values to guess secret keys. [ more ]

Theregister

Uncle Sam has had enough of SQL injection vulnerabilities

US authorities urge software vendors to conduct formal code reviews to eliminate SQL injection vulnerabilities.

Customers advised to hold vendors accountable by asking about mitigation measures for SQL injection exploits. [ more ]

Exponential-e Ltd.

Ransomware: lessons all companies can learn from the British Library attack

The British Library faced a major cyber incident with data encryption and exfiltration by Rhysida ransomware gang.

British Library refused to pay ransom, emphasizing adherence to the UK's policy against such payments. [ more ]

The New Stack

Product Security Plans: What They Are and Why They Matter

www.independent.co.uk

Cyber security agency says China behind malicious' cyber attacks on UK

Theregister

Vans says cyber crooks didn't nab customers' financial info

35.5 million customers notified of identity threat

No evidence of credit card or bank account details stolen [ more ]

WIRED

Apple Chip Flaw Leaks Secret Encryption Keys

Hotel room locks worldwide vulnerable to intrusion technique

Privacy concerns include Apple's iMessage encryption and data sharing by websites. [ more ]

TeachPrivacy

The Failure of Data Security Law

TechRepublic

JumpCloud vs Okta (2024): IAM Software Comparison

Identity and access management software is crucial for network security.

JumpCloud and Okta are significant players in the IAM space. [ more ]

TechRepublic

Top 6 Google Authenticator Alternatives in 2024

InfoQ