At the Intersection of Technology and Real Life

Zendesk Vulnerability Could Have Given Hackers Access to Customer Data

Mike York SecurityWeek, Syndicated Stories

An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports.

Zendesk Explore is the analytics and reporting service of Zendesk, a popular customer support software-as-a-service solution.

Read the full article here

Latest Headlines

1
2
3
4
Error
6
7
8
9
10
11
12
13

'Rebel Moon' Director Zack Snyder on Violence, Loss, and Extreme Fandom

28 November 2023

The director manages to game the system and keep his soul while doing pretty much whatever he wants. Right now that means trying to make his Rebel Moon space opera into a Netflix mega-franchise. [...]

Twitter’s Former Head of Trust and Safety Finally Breaks Her Silence

21 November 2023

From Israel vs. Hamas threats to Donald Trump’s “wild” posts, Del Harvey helped make the platform’s hardest content moderation calls for 13 years. Then she left in 2021 … and disappeared. [...]

Satoshi Is Black

16 November 2023

For some people of color, crypto isn’t in crisis. In the midst of the FTX trial, I went to the Black Blockchain Summit to talk to the movement’s biggest believers. [...]

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

14 November 2023

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI. [...]

Robotic Putting Greens. Mixed Reality. Loud Spectators. This Is Golf?!

9 November 2023

Tiger Woods and Rory McIlroy are backing a new sports league that's reinventing golf as high-energy, made-for-TV entertainment. [...]

What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance

7 November 2023

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out. [...]

Taylor Swift, Star Wars, 'Stranger Things,' and Deadpool Have One Man in Common

31 October 2023

What exactly makes a Shawn Levy project? One thing’s for sure, the director is a hell of an entertainer. [...]

Watch This Guy Work, and You’ll Finally Understand the TikTok Era

19 October 2023

The creator economy is fragmented and chaotic. Talent manager Ursus Magana can (almost) make sense of it, with a frenetic formula for gaming the algorithms. [...]

‘Someone Is Using Photos of Me to Talk to Men’

17 October 2023

When disturbing online profiles appeared in her name, Melissa Trixie Watt was sure she knew who was behind the harassment. But she had to fight to get help from the police—and prove it in court. [...]

In the War Against Russia, Some Ukrainians Carry AK-47s. Andrey Liscovich Carries a Shopping List

5 October 2023

Kyiv enlisted a Silicon Valley insider to rush consumer-grade tech onto the battlefield. He’s giving a demo of the future of war: the military-retail complex. [...]

Police dismantle ransomware group behind attacks in 71 countries

28 November 2023

In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries. [...]

Microsoft deprecates Defender Application Guard for Office

27 November 2023

Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative. [...]

Ransomware attack on indie game maker wiped all player accounts

27 November 2023

A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game. [...]

Healthcare giant Henry Schein hit twice by BlackCat ransomware

27 November 2023

American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. [...]

Ukraine says it hacked Russian aviation agency, leaks data

27 November 2023

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. [...]

Ardent hospital ERs disrupted in 6 states after ransomware attack

27 November 2023

Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. [...]

Slovenia's largest power provider HSE hit by ransomware attack

27 November 2023

Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. [...]

Leveraging Wazuh to combat insider threats

27 November 2023

Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform. [...]

Google Drive users angry over losing months of stored data

27 November 2023

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [...]

New Rust-based SysJoker backdoor linked to Hamas hackers

26 November 2023

A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language. [...]

Best Internet Providers in Seattle, Washington - CNET

28 November 2023

The Emerald City offers plenty, but what about its home internet options? CNET breaks down Seattle broadband to help you find the right fit. [...]

Don't Snooze on DreamCloud's 40% Off Mattresses for Cyber Monday - CNET

28 November 2023

DreamCloud's Cyber Monday sale is still going on and includes up to 40% off mattresses for new customers, plus more deals on bed frames and accessories. [...]

The 23 Best Cyber Monday Deals You Can Still Buy, According to CNET Readers - CNET

28 November 2023

These deals trended over the Black Friday weekend and they're must-buys before they disappear for good. [...]

31 Cyber Monday Laptop Deals Still Remaining: Up to $700 Off on Dell, Samsung, Apple, and More - CNET

28 November 2023

Cyber Monday is over, but that doesn't mean that there aren't a lot of great laptop deals to be had. [...]

Brooklinen's Lush Sheets and Bedding Are Still 25% Off After Cyber Monday - CNET

28 November 2023

The savings on some of our favorite sheets are good through Nov. 29. Don't snooze on these offers. [...]

Casper Cyber Monday Deals: Everything Is Up to 30% Off - CNET

28 November 2023

Casper offered some of the best mattress deals for Cyber Monday. You can still nag deals on mattresses, pillows, foundations and more. [...]

Don't Miss Nectar's Cyber Monday Sale. Everything Is Up to 40% Off - CNET

28 November 2023

Nectar still has great mattress and bedding accessories deals after Cyber Monday. You don't want to miss out. [...]

Samsung Galaxy S24 Rumors: The Biggest Upgrades We Expect - CNET

28 November 2023

The Galaxy S24 series could be right around the corner. [...]

These Are the Best Wireless Noise-Canceling Headphones for 2023 video - CNET

28 November 2023

What are our favorite wireless noise-canceling headphones of the year? CNET's David Carnoy presents his top over-ear ANC headphones of 2023, including five premium models and one value option. They were all released in 2023. [...]

Black Friday and Cyber Monday Internet and Router Deals 2023 Still Available - CNET

28 November 2023

You'll find gadgets and gizmos aplenty, but did you know you can also find home broadband savings this time of year? Here's how to get discounted internet. [...]

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk

28 November 2023

Google says the issue has to do with organizations ensuring they implement least-privilege principles. [...]

The Role of the CISO in Digital Transformation

27 November 2023

A successful CISO should play a leading role in digital transformation and cloud migration initiatives in their organization. The CISO is responsible for making sure technical security controls are designed and implemented appropriately, and changes are properly managed, with security in mind from the very start. [...]

Cyber Threats to Watch Out for in 2024

27 November 2023

As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key. [...]

CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines

27 November 2023

US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law. [...]

General Electric, DARPA Hack Claims Raise National Security Concerns

27 November 2023

Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. [...]

Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity

27 November 2023

Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business. [...]

Hamas-Linked APT Wields New SysJoker Backdoor Against Israel

26 November 2023

Gaza Cybergang is using a version of the malware rewritten in the Rust programming language. [...]

Ardent Health Hospitals Disrupted After Ransomware Attack

26 November 2023

More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities. [...]

Hack The Box Launches 5th Annual University CTF Competition

22 November 2023

Fake Browser Updates Targeting Mac Systems With Infostealer

22 November 2023

A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn. [...]

RSS Error: A feed could not be found at `http://www.infosecisland.com/rss.html`; the status code is `404` and content-type is `text/html; charset=utf-8`

Buy a Costco membership for just $20 right now with this Cyber Week deal

28 November 2023

When you buy a one-year Costco membership for $60, you'll get a $40 gift card to use in the store or online with this deal, to help you save on everything from holiday gifts to groceries. [...]

The 13 best Roborock robot vacuum Cyber Monday deals still available

28 November 2023

Roborock has slashed the prices of its popular robot vacuums and robot vacuum mops. Here are the best Roborock Cyber Monday deals that are still available -- but hurry, these last-minute deals expire soon. [...]

The 48 best Cyber Monday phone deals still available: iPhone, Google Pixel, Samsung, and more

28 November 2023

This is your last chance to score Cyber Monday deals on iPhones, Google Pixels, Samsung Galaxy foldables, and more, vetted by ZDNET's mobile expert. [...]

The 16 best Cyber Monday smartwatch deals still available

28 November 2023

Looking to gift someone a smartwatch? These are the best Cyber Monday smartwatch deals that are still live, including deals on kids smartwatches. Get them before they're gone. [...]

Windows 11 Pro dropped to an all-time-low price of $23 for Cyber Week

28 November 2023

Don't miss the chance to upgrade your PC to Windows 11 Pro now for the lowest price ever, and get advanced security features and better performance. [...]

The 31 best Cyber Monday robot vacuum deals still live

28 November 2023

Save hundreds on the best robot vacuums from iRobot, Roborock, Ecovacs, and more with these Cyber Monday deals that are still available. Don't wait though, these deals are ending soon. [...]

Last Chance: The 19 best Cyber Monday Apple Watch deals you can still buy

28 November 2023

Black Friday and Cyber Monday have come and gone, but you can now find lingering deals on Apple Watches -- including the newest Apple Watch SE, Series 9, Series 8 and Ultra models. Save big while you still can. [...]

The 125+ best Cyber Monday deals still live: Last chance to save on expert picks

28 November 2023

Cyber Monday is over, but you can still find deals on TVs, headphones, smartphones, and other gadgets from Amazon, Apple, Best Buy, Walmart, and more. [...]

The best Apple Watches of 2023: Expert tested and reviewed

28 November 2023

I've tested the various Apple Watch models to help you pick the right one for tracking your health and accessing quick info and apps. [...]

It's the last day to get Hulu's Black Friday deal: Get 1 year of Hulu for $1 a month

28 November 2023

Hulu's Black Friday deal ends Tuesday, and drops the price of a monthly subscription to the streaming service from $8 to $1 for your first year. Don't miss out. [...]

Unified endpoint management for purpose-based devices

28 November 2023

As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized […] The post Unified endpoint management for purpose-based devices appeared first on Security Intelligence. [...]

Operationalize cyber risk quantification for smart security

20 November 2023

Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes […] The post Operationalize cyber risk quantification for smart security appeared first on Security Intelligence. [...]

Pentesting vs. Pentesting as a Service: Which is better?

15 November 2023

In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting […] The post Pentesting vs. Pentesting as a Service: Which is better? appeared first on Security Intelligence. [...]

The evolution of ransomware: Lessons for the future

14 November 2023

Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to […] The post The evolution of ransomware: Lessons for the future appeared first on Security Intelligence. [...]

Empowering cybersecurity leadership: Strategies for effective Board engagement

13 November 2023

With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are – serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why […] The post Empowering cybersecurity leadership: Strategies for effective Board engagement appeared first on Security Intelligence. [...]

Data security tools make data loss prevention more efficient

8 November 2023

As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role […] The post Data security tools make data loss prevention more efficient appeared first on Security Intelligence. [...]

NIST’s security transformation: How to keep up

7 November 2023

One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to […] The post NIST’s security transformation: How to keep up appeared first on Security Intelligence. [...]

Defense in depth: Layering your security coverage

2 November 2023

The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides […] The post Defense in depth: Layering your security coverage appeared first on Security Intelligence. [...]

What is data security posture management?

1 November 2023

Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across […] The post What is data security posture management? appeared first on Security Intelligence. [...]

Could a threat actor socially engineer ChatGPT?

31 October 2023

As the one-year anniversary of ChatGPT approaches, cybersecurity analysts are still exploring their options. One primary goal is to understand how generative AI can help solve security problems while also looking out for ways threat actors can use the technology. There is some thought that AI, specifically large language models (LLMs), will be the equalizer […] The post Could a threat actor socially engineer ChatGPT? appeared first on Security Intelligence. [...]

Exploitation of Critical ownCloud Vulnerability Begins

28 November 2023

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure. The post Exploitation of Critical ownCloud Vulnerability Begins appeared first on SecurityWeek. [...]

Critical Vulnerability Found in Ray AI Framework

28 November 2023

A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes. The post Critical Vulnerability Found in Ray AI Framework appeared first on SecurityWeek. [...]

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

28 November 2023

Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes. The post Los Angeles SIM Swapper Sentenced to 8 Years in Prison appeared first on SecurityWeek. [...]

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets

28 November 2023

AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets. The post Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets appeared first on SecurityWeek. [...]

Ardent Hospitals Diverting Patients Following Ransomware Attack

28 November 2023

Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations. The post Ardent Hospitals Diverting Patients Following Ransomware Attack appeared first on SecurityWeek. [...]

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

27 November 2023

Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass. The post Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass appeared first on SecurityWeek. [...]

Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption

27 November 2023

Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files. The post Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption appeared first on SecurityWeek. [...]

US, UK Cybersecurity Agencies Publish AI Development Guidance

27 November 2023

New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development. The post US, UK Cybersecurity Agencies Publish AI Development Guidance appeared first on SecurityWeek. [...]

Hacktivism: What’s in a Name… It May be More Than You Expect

27 November 2023

Hacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better understand how it should be treated. The post Hacktivism: What’s in a Name… It May be More Than You Expect appeared first on SecurityWeek. [...]

Fidelity National Financial Takes Down Systems Following Cyberattack

27 November 2023

Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack. The post Fidelity National Financial Takes Down Systems Following Cyberattack appeared first on SecurityWeek. [...]

Tumblr+ kills Post+, its ill-fated subscription offering for creators

28 November 2023

Tumblr’s ill-fated Post+ subscription service is shutting down, the company announced late on Monday. The service, which allowed creators to paywall select content for subscribers only, will no longer be an option Tumblr users can enable as of December 1st and will fully shut down in early 2024, when existing Post+ content will be set […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Europol arrest hackers allegedly behind string of ransomware attacks

28 November 2023

Europol and its international law enforcement partners have arrested five individuals who authorities accuse of involvement in a string of ransomware attacks affecting more than 1,800 victims worldwide. The arrested individuals, which include the criminal gang’s ringleader, 32, and four of his “most active” accomplices, were arrested following a series of raids at 30 properties […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Pika, which is building AI tools to generate and edit videos, raises $55M

28 November 2023

The generative AI hype hasn’t died down yet. Case in point, Pika, a startup creating an AI-powered platform to edit and generate videos from captions and still images, today announced that it raised $55 million in a funding round led by Lightspeed Venture Partners with participation from Homebrew, Conviction Capital, SV Angel, Ben’s Bites and […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Candex lands $45M infusion to grow its procurement management business

28 November 2023

Candex, a startup that aims to simplify procurement — specifically vendor management and payment processes — for businesses, today announced that it raised $45 million in a Series B investment led by Goldman Sachs with participation from WiL (World Innovation Lab), Altos, NFX, Craft, JP Morgan, American Express and Edenred. The tranche brings Candex’s total […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Solve Intelligence helps attorneys draft patents for IP analysis and generation

28 November 2023

Many legal tech startups streamline manual workflow for lawyers, and some legal tech companies provide tech solutions centered around intellectual property (IP). Among them is a startup called Solve Intelligence, which builds AI software specialized for patent attorneys to write drafts for IP analysis and generation. Solve Intelligence, a Delaware-based legal tech startup, has raised […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Vimcal raises $4.5 million to expand its team offerings

28 November 2023

Vimcal, a YC-backed calendar app, has raised a $4.5 million seed round from Altos Ventures to expand its team and enterprise offerings. The company, founded by CEO John Li, launched its iOS app and Outlook integration last year. Li told TechCrunch that Vimcal has improved its Outlook integration with fewer bugs. Since last year, Vimcal […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

NXTP closes largest fund with $98M for early-stage B2B founders in Latin America

28 November 2023

NXTP Fund III represents over a 2x increase from the size of its previous fund, enabling the firm to invest in between 25 and 30 companies this time around. © 2023 TechCrunch. All rights reserved. For personal use only. [...]

AWS brings Amazon One palm-scanning authentication to the enterprise

28 November 2023

Amazon’s cloud computing subsidiary AWS (Amazon Web Services) has lifted the lid on a new palm-scanning identity service that allows companies to authenticate people when entering physical premises. The announcement comes as part of AWS’s annual Re:Invent conference, which is running in Las Vegas for the duration of this week. Amazon One Enterprise, as the […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Meta’s EU ad-free subscription faces early privacy challenge

28 November 2023

Meta’s shiny new bid to circumvent European Union privacy rules — by offering users a false choice between paying it a hefty monthly subscription for ad-free versions of Facebook and Instagram or agreeing to give up their privacy rights in exchange for free access to its social networks, meaning they will be tracked and profiled […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

As pet owners turn to mobile insurance apps, Lassie raises $25M Series B led by Balderton

28 November 2023

We last wrote about Lassie, a pet health app and insurance provider, when it closed an €11 million Series A round in 2022. It’s growth had been spurred by the boom in pet ownership during the pandemic (nearly half of all European households now own a pet, and and owners spend €23.5 billion on them […] © 2023 TechCrunch. All rights reserved. For personal use only. [...]

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

28 November 2023

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud. [...]

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

28 November 2023

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other [...]

How Hackers Phish for Your Users' Credentials and Sell Them

28 November 2023

Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization’s entire network at risk. According to the 2023 Verizon Data Breach Investigation Report, external parties were responsible for 83 percent of breaches that occurred between November 2021 and October 2022. Forty-nine [...]

Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine

28 November 2023

A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. "On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today. "Four of the ringleader's most active accomplices were [...]

Stop Identity Attacks: Discover the Key to Early Threat Detection

28 November 2023

Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised credentials or bypassing the authentication mechanism? Recent breaches at MGM and Caesars have [...]

Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens

28 November 2023

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external data sources, such as a remote SQL [...]

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

28 November 2023

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. [...]

How to Handle Retail SaaS Security on Cyber Monday

27 November 2023

If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information. SaaS applications supporting retail efforts will host [...]

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

27 November 2023

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a computer over an unsecured network. Based on a [...]

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

27 November 2023

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority," the U.S. [...]

Spotlight Podcast: RADICL Is Coming To The Rescue Of Defense SMBs

21 November 2023

In this Spotlight Security Ledger podcast, Chris Petersen, the CEO and founder of RADICL, talks about his company's mission to protect small and midsized businesses serving the defense industrial base, which are increasingly in the cross-hairs of sophisticated, nation-state actors. The post Spotlight Podcast: RADICL Is Coming To The Rescue Of...Read the whole entry... »Click the icon below to listen. Related StoriesIs a DEF CON Village the right way to assess AI risk?Sickened by Software? Changing The Way We Talk About 0DaysEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple [...]

AppSec Is A Mess. Our Kids Are Paying The Price.

14 November 2023

Data stolen? Get used to it kid. That's the reality for young people coming of age today in the app sec shanty town that is the 21st century U.S. economy. Like the actual favelas and shanty towns that have sprung up in developing nations over the last century, our application ecosystem is sprawling, unregulated, ad-hoc and prone to shocking...Read the whole entry... »Related StoriesSickened by Software? Changing The Way We Talk About 0DaysGitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOpsEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple [...]

Sickened by Software? Changing The Way We Talk About 0Days

23 October 2023

How do we improve software quality and end the epidemic of shoddy, exploitable software harming consumers, communities and businesses? To start, we need to change the way we think and talk about software-based risks. The post Sickened by Software? Changing The Way We Talk About 0Days first appeared on The Security Ledger with Paul F. Roberts.Related StoriesSickened by Software? Changing The Way We Talk About 0DaysGitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOpsEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple [...]

GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps

17 October 2023

Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets. The post GitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOps first appeared on The Security Ledger with Paul F. Roberts.Related StoriesSickened by Software? Changing The Way We Talk About 0DaysEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack PurpleAttacks on APIs demand a Security Re-Think [...]

What does it cost small businesses to get advanced cybersecurity?

12 October 2023

In this Expert Insight, Derek Kernus, the Director of Cybersecurity Operations at DTS talks about the challenges facing small businesses that are under pressure to adopt cybersecurity best practices without breaking their budget. Derek offers suggestions for prioritizing cybersecurity investments - and things to watch out for as you build out an...Read the whole entry... »Related StoriesAttacks on APIs demand a Security Re-ThinkAppSec Is A Mess. Our Kids Are Paying The Price.The Future of IoT Security Standards [...]

Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

4 October 2023

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code. The post Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack...Read the whole entry... »Click the icon below to listen. Related StoriesSickened by Software? Changing The Way We Talk About 0DaysGitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOpsAttacks on APIs demand a Security Re-Think [...]

Black Hat: Colin O’Flynn On Hacking An Oven To Make It Stop Lying

9 August 2023

In this episode of the podcast, host Paul Roberts speaks with Colin O'Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home's electric oven - and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff. The post Black Hat: Colin O’Flynn On...Read the whole entry... »Click the icon below to listen. Related StoriesEpisode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoTEpisode 250: Window Snyder of Thistle on Making IoT Security EasyAttacks on APIs demand a Security Re-Think [...]

Spotlight Podcast: Are you ready for Threat Reconnaissance?

2 August 2023

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts.Click the icon below to listen. Related StoriesSpotlight Podcast: RADICL Is Coming To The Rescue Of Defense SMBsSpotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of KELAEpisode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats [...]

Attacks on APIs demand a Security Re-Think

12 July 2023

New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore. The post Attacks on APIs demand a Security Re-Think first appeared on The Security Ledger with Paul F. Roberts.Related StoriesSickened by Software? Changing The Way We Talk About 0DaysGitGuardian’s HasMySecretLeaked Is HaveIBeenPwned for DevOpsWhat does it cost small businesses to get advanced cybersecurity? [...]

Episode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoT

29 June 2023

Host Paul Roberts speaks with Boyd Multerer, the CEO and founder of Kry10, which has made a secure OS for the Internet of Things. The post Episode 251: Kry10 CEO Boyd Multerer on building a secure OS for the IoT first appeared on The Security Ledger with Paul F. Roberts.Click the icon below to listen. Related StoriesBlack Hat: Colin O’Flynn On Hacking An Oven To Make It Stop LyingEpisode 250: Window Snyder of Thistle on Making IoT Security EasyEpisode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple [...]

Apple Music Replay is back — and it’s still mostly a web experience

28 November 2023

Illustration by Alex Castro / The Verge Apple Music Replay has arrived. The year-end summary of your most-listened-to songs, artists, albums, and more is now available from Apple Music’s webpage — just days before Spotify is expected to drop its Wrapped stats. While Apple launched Replay in 2019, it gave the feature a major update last year that makes it a lot more like Spotify Wrapped. But unlike Wrapped, which offers a set of super shareable charts, the stats presented in Apple Music Replay just aren’t as attractive to post online, and they’re not directly available within the Apple Music [...]

The best Cyber Monday deals still happening on some Verge favorites

28 November 2023

Photo by Chris Welch / The Verge Black Friday and Cyber Monday may be in the past, but some sales are still hanging around (although maybe not for long). For more leftover deals we recommend across all categories, be sure to check out the rest of the Cyber Monday still available here. Every month or so, we like to ask our staff about their favorite stuff — whether it’s pet toys, travel aids, kitchen gadgets, or straightforward tech. And the results are usually very different, very interesting, and a lot of fun. In celebration of the annual post-Thanksgiving sales, we [...]

American Airlines will pay to bury 10,000 tons of CO2 underground

28 November 2023

Airplanes at Ronald Reagan Washington National Airport (DCA) in Arlington, Virginia, on Tuesday, November 21st, 2023. | Image: Haiyun Jiang / Bloomberg via Getty Images American Airlines signed a deal to trap 10,000 tons of carbon dioxide underground. It’s part of the airline’s plans to limit the pollution causing climate change, and it marks the first major deal for the Bill Gates-backed startup Graphyte that’s developing cutting-edge technology to tackle the problem. Similar startups are selling services to big brands that want to draw down some of the planet-heating emissions they release into the atmosphere. They’re developing technology that filters [...]

The best Cyber Monday streaming deals on Hulu, Paramount Plus, and more you can still get

28 November 2023

Illustration by Alex Castro / The Verge Black Friday and Cyber Monday may be in the past, but some sales are still hanging around (although maybe not for long). For more leftover deals we recommend across all categories, be sure to check out the rest of the Cyber Monday still available here. If it feels like every streaming service received a price hike this year, it’s probably because most of them have. Netflix, Apple TV Plus, Discovery Plus, and Disney Plus are just a few recent examples, though there are still ways to weather the price increases. Many Cyber Monday [...]

How to find your Apple Music Replay

28 November 2023

Illustration by Samar Haddad / The Verge I am a devoted Apple Music user, and you will pry the service out of my cold, dead hands. Still, I’ve spent the past few Decembers incredibly jealous of the sea of Spotify rewinds that populated my friends’ social media profiles. Sure, Apple has always had ways to see your most-played songs over given periods of time. But it hasn’t had anything nearly as comprehensive or interesting as what Spotify puts out — at least, until this year. I wouldn’t go so far as to say that Replay, Apple Music’s answer to Spotify [...]

Wix CEO Avishai Abrahami on why the web isn’t dying after all

28 November 2023

Photo illustration by Alex Parkin / The Verge The co-founder of website builder Wix is embracing generative AI, and he’s not too worried that it might destroy the business models of the web. Continue reading… [...]

How humans are engineering the future of coral reefs

28 November 2023

Alex Parkin How do you bring back a vanishing coral reef? That’s what conservationists are racing to do in the Florida Keys, where they’re coming up with a whole new playbook for saving corals. Over the summer, they did what used to be the unthinkable: they took thousands of corals out of the sea to save them from a killer ocean heatwave. Hot tub-like temperatures might have wiped them out otherwise. Now, what’s next? The Verge visited the evacuated corals where they found temporary refuge on land. We spent time at a gene bank, home to a new generation of [...]

UK watchdog slams the brakes on Adobe’s $20 billion bid for Figma

28 November 2023

Adobe and Figma have until December 19th to respond with potential remedies. | Illustration by Kristen Radtke / The Verge Adobe’s conquest of the creative software industry appears to be facing some difficulties following an in-depth investigation by the UK’s competition watchdog. The Competition and Markets Authority (CMA) has provisionally determined that Adobe’s proposed $20 billion bid for the cloud-based product design platform Figma would harm the product design software market and has effectively blocked the deal until competitive concerns are addressed. The CMA announced its findings on Tuesday, saying that if the deal goes ahead in its current form, [...]

The best Cyber Monday deals you can still get

28 November 2023

Illustration by Aaron Fernandez for The Verge Leftovers often get a bad rap, but this small buffet of lingering Cyber Monday deals is just as appetizing as when the deals were fresh. Black Friday and Cyber Monday brought deep discounts across a manner of tech devices, from phones and wearables to video games and headphones. Thankfully, if you haven’t already pounced on a deal, you may still be in luck. While many quietly expired in the middle of the night at Cyber Monday’s conclusion, a bunch are soldiering on. For example, you can still pick up the Bose QuietComfort Ultra [...]

Google’s new geothermal energy project is up and running

28 November 2023

Google partnered with clean energy startup Fervo on a new geothermal project in Nevada that will send electricity to the grid that serves two of Google’s data centers. | Image: Google A first-of-its-kind geothermal project is now up and running in Nevada, where it will help power Google’s data centers with clean energy. Google is partnering with startup Fervo, which has developed new technology for harnessing geothermal power. Since they’re using different tactics than traditional geothermal plants, it is a relatively small project with the capacity to generate 3.5 MW. For context, one megawatt is enough to meet the demand [...]

The Hundred-Year Battle for India’s Radio Airwaves

28 November 2023

The Indian government has a monopoly on radio news, allowing it to dictate what hundreds of millions of people hear. With an election approaching, that gives prime minister Narendra Modi a huge advantage. [...]

How to Use Obsidian for Writing and Productivity

28 November 2023

Obsidian is an incredible writing and note-taking tool. Here’s why this cloud-less, offline app helps me stay organized and keep the ideas flowing. [...]

A New Type of Geothermal Power Plant Just Made the Internet a Little Greener

28 November 2023

A new approach to geothermal energy makes it possible to tap the energy of hot rocks just about anywhere. A pilot plant in Nevada is now helping to power Google data centers. [...]

Security Bolts Finally Gave Me and My Bike Peace of Mind

28 November 2023

Any thief with a $5 tool can steal parts off your bike. Ruin their day with a set of bolts or inserts that only you can unlock. [...]

Palestinians Are Locked Out of Google’s Online Economy

28 November 2023

YouTube's revenue sharing for creators and other Google services are shut off or hard to access for people in Palestinian territories. That digital divide is under new scrutiny as war ravages Gaza. [...]

Dr. Sabrina Gonzalez Pasterski Will Change How You Think About Space

28 November 2023

Pioneering a new field in cosmology, Dr. Pasterski explores diverse perspectives in physics and astronomy—and whether the universe might actually be a hologram. [...]

'Rebel Moon' Director Zack Snyder on Violence, Loss, and Extreme Fandom

28 November 2023

Telegram’s Bans on Extremist Channels Aren't Really Bans

28 November 2023

A WIRED analysis of more than 100 restricted channels shows these communities remain active, and content shared within them often spreads to channels accessible to the public. [...]

A Damning Report Claims the Union That Defeated Uber Had a Culture of Abuse and Toxicity

28 November 2023

An independent report obtained by WIRED claims a UK union that won a major case against Uber mistreated its staff and grappled with incidents of racism. Two of its most senior figures have now stepped down. [...]

86 Best Cyber Monday Outdoor Deals (2023): Sleeping Bags, Tents, Solo Stoves

28 November 2023

It's cold outside, so you probably need new long underwear. Shop our favorite tents, backpacks, and other outdoor gear. [...]

Zendesk Vulnerability Could Have Given Hackers Access to Customer Data

Related Posts

Spotlight Podcast: RADICL Is Coming To The Rescue Of Defense SMBs

Microsoft Warns of Critical Bugs Being Exploited in the Wild

Critical Vulnerabilities Expose Veeam ONE Software to Code Execution