While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest degree of ease for threat actors to execute attacks, according to IDC. To defend against these attacks and avoid significant disruptions, IDC estimates that revenue from cybersecurity services in France will increase by $94 million … More → The post Paris 2024 Olympics to face complex cyber threats appeared first on Help Net Security.

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T. Find out what led to the breaches and how they affected the breached organizations. The information in this recap might help your organization strengthen its cybersecurity posture. Trello January 2024 In January 2024, Trello encountered an incident in which user … More → The post Major data breaches that have rocked organizations in 2024 appeared first on Help Net Security.

Comments

Mainframes are the unseen workhorses that carry the load for many services we use on a daily basis: Withdrawing money from an ATM, credit card payments, and airline reservations to name just a few of the high volume workloads that are primarily handled by mainframes. For those that like to see figures to support this … Continue reading Punch Card Hacking – Exploring a Mainframe Attack Vector →

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower than many expected. A recent survey by Telstra and MIT Review showed that while 75% of enterprises tested GenAI last year, only 9% deployed it widely. The primary obstacle? Data privacy and compliance. This rings … More → The post ChatGPTriage: How can CISOs see and control employees’ AI use? appeared first on Help Net Security.

Samuel Stolton / Bloomberg: Sources: Google offered CISPE ~€455M worth of Google cloud licenses and €14M in cash in a deal for CISPE to maintain its antitrust complaint against Microsoft  —  - Firm's deal offer aimed at continuing EU case against rival  — Cloud group CISPE eventually reached settlement with Microsoft

Lawsuit: One user's IP address was identified in 4,450 infringement notices.

Files available on the open source NPM repository underscore a growing sophistication.

A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.

Hacktivists claim they have stolen 1.2 TB of data from Disney's developer Slack channels.

A while ago I already looked into Avast Secure Browser. Back then it didn’t end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user’s computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn’t finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast’s Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in Europe and the US. According to the European decision, Avast is still arguing despite better knowledge that their data collection was fully anonymized and completely privacy-conformant but… well, old habits are hard to get rid of. Either way, it’s time to take a look at Avast Secure Browser again. Because… all right, because of the name. That was a truly ingenious idea to name their browser like that, nerd sniping security professionals into giving them free security audits. By now they certainly would have addressed the issues raised in my original article and made everything much more secure, right?

Note: This article does not present any actual security vulnerabilities.[...]

    Photo by Tom Warren / The Verge

Alderon Games, the maker of dinosaur MMO Path of Titans, says it's swapping out its Intel 13th and 14th Gen-based servers for AMD and urges others hosting the game’s servers to do the same. The developer has had “significant” instability issues that none of the fixes so far have reversed, wrote Alderon founder Matthew Cassells in a blog post last week. Cassells wrote that Alderon has recorded “thousands of crashes” on gamers’ CPUs using its crash reporting tools and says the processors can also corrupt SSDs and memory. He added that in his team’s experience, 100 percent of the affected CPUs “deteriorate over time, eventually failing.” On the contrary, Unreal Engine decompression tool maker RAD Game Tools, which Cassells cites in the...

Continue reading…

A hacker who claims to have stolen sensitive call and text logs from AT&T Inc. said they were paid about $400,000 to erase the data trove.

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain.

Google parent Alphabet Inc. is in advanced talks to buy cybersecurity startup Wiz in a deal that could fetch $23 billion, the Wall Street Journal reported, citing people with knowledge of the matter.

Cryptography ain’t easy. Seemingly small details like how many times a computationally intensive loop runs can give the game away. [Lord Feistel] gives us a demo of how this could …read more

Authors/Presenters:Nian Xue, Yashaswi Malla, Zihang Xia, Christina Pöpper, Mathy Vanhoef
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables appeared first on Security Boulevard.

    Images of UTM SE from its App Store listing. | Screenshots: UTM SE

Apple has approved UTM SE, an app for emulating a computer to run classic software and games, weeks after the company rejected it and barred it from being notarized for third-party app stores in the European Union. The app is now available for free for iOS, iPadOS, and visionOS. After Apple rejected the app in June, the developer said it wasn’t going to keep trying because the app was “a subpar experience.” Today, UTM thanked the AltStore team for helping it and credited another developer “whose QEMU TCTI implementation was pivotal for this JIT-less build.”

  Screenshot: UTM SE
  UTM SE doesn’t include any virtual machines, but does help you find them.

As with other emulators on the App Store, you can’t do much...

Continue reading…

Administration Continues to Shift Software Security Responsibilities to DevelopersThe Biden administration is calling on government agencies and departments to file fiscal year 2026 budget proposals that focus on defending critical infrastructure, dismantling threat actors and investing in resilient federal systems, according to a new memorandum issued this week.

Proactively stop hosting scams or face hefty fines.

Red team exercise revealed a score of security fails The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.…

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [...]

Six months of call and text records taken from AT&T workspace on cloud platform.

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. [...]

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).