Mar 29, 2024NewsroomNetwork Security / IoT Security A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. “TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries…
Read MoreMar 29, 2024The Hacker NewsPen Testing / Regulatory Compliance Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities…
Read MoreAbout Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, and the Chief of Security Architecture…
Read MoreMar 29, 2024NewsroomVulnerability / Linux Details have emerged about a vulnerability impacting the “wall” command of the util-linux package that could be potentially exploited by a bad actor to leak a user’s password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante.…
Read MoreLessons from a Ransomware Attack against the British Library You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Tags: cyberattack, ransomware, reports Posted on March 29, 2024 at 7:03 AM • 0 Comments Sidebar photo of Bruce Schneier…
Read MoreThe Olympic Games, the FIFA World Cup, and the Super Bowl are just a few examples of iconic sporting events that showcase the global significance of the professional sports industry. But while professional sports stir passion and emotion among fans, cybercriminals couldn’t care less about the competitive aspects of sports or the feeling of community…
Read MoreMar 29, 2024NewsroomSupply Chain Attack / Threat Intelligence The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware…
Read MoreThread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s…
Read MoreAn intended feature with security implications Last year security researchers from Bishop Fox found and reported five vulnerabilities in the Ray framework. Anyscale, the company that maintains the software, decided to patch four of them (CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 and CVE-2023-48023) in version 2.8.1, but claimed that the fifth one, assigned CVE-2023-48022, was not really a…
Read More“We’ve been having that debate in security for ten years,” he said. Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security. That’s finally…
Read More