Security News > 2024 > February

The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month.Sharp CVE increase heightens software vulnerability concerns.

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its...

As the frequency and sophistication of cyber threats continue to escalate, the need for robust cybersecurity regulations has never been more critical. In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts underscore the importance of proactive cybersecurity measures in the face of evolving regulations.

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave. Strong cybersecurity measures protect student data and enable teachers to do their jobs effectively without fear of disruptions or data breaches.

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication saying admitting that "Personal negligence and irresponsibility" led to law enforcement disrupting its activity in Operation Cronos.

Systems Approach One refrain you often hear is that security must be built in from the ground floor; that retrofitting security to an existing system is the source of design complications, or worse, outright flawed designs. Is there something about security that explains our challenges? Or, to put it another way, is there anything about security that makes it fundamentally different from scalability, availability, or any other design requirement when we talk about large systems such as the Internet?

"The theft of cookies is a sophisticated form of cyberattack, where an attacker steals or copies cookies from a victim's computer onto the attacker's web browser," PayPal says in the patent application. "With stolen cookies often containing hashed passwords, the attacker can use a web browser on the attacker's computer to impersonate the user and gain access to secure information associated with the user's account without having to manually login or provide authentication credentials," it is further explained.

"The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians," said an RCMP spokesperson in a media statement. "While a breach of this magnitude is alarming, the quick work and mitigation strategies put in place demonstrate the significant steps the RCMP has taken to detect and prevent these types of threats."

How decentralized identity is shaping the future of data protectionIn this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity in cybersecurity. 10 cybersecurity startups to watch in 2024Help Net Security decided to spotlight companies breaking new ground, attracting top talent, and leading innovation in key areas.

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said....