Troy Hunt
SEPTEMBER 6, 2024
It's been a while since I've just gone all "AMA" on a weekly update, but this was just one of those weeks that flew by with my head mostly in the code and not doing much else. There's a bit of discussion about that this week, but it's mostly around the ongoing pain of resellers and all the various issues supporting them then creates as a result.
Schneier on Security
SEPTEMBER 6, 2024
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack , requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 3, 2024
The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.
Krebs on Security
SEPTEMBER 2, 2024
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Lohrman on Security
SEPTEMBER 1, 2024
We are one month away from the start of the annual Cybersecurity Awareness Month in October. Here are resources, themes, toolkits and much more to help your organization prepare.
Tech Republic Security
SEPTEMBER 3, 2024
Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 31, 2024
I still find the reactions to the Telegram situation with Durov's arrest odd. There are no doubt all sorts of politics surrounding it, but even putting all that aside for a moment, the assertion that a platform provider should not be held accountable for moderating content on the platform is just nuts. As I say in this week's video, there's lots of content that you can put in the "grey" bucket (free speech versus hate speech, for example) and there are valid arguments to b
Penetration Testing
SEPTEMBER 4, 2024
Security researcher Hyprdude has published detailed information and a proof-of-concept (PoC) exploit for a critical vulnerability identified as CVE-2024-20017. With a CVSS score of 9.8, this vulnerability poses a severe... The post CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published appeared first on Cybersecurity News.
WIRED Threat Level
SEPTEMBER 5, 2024
Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
Tech Republic Security
SEPTEMBER 5, 2024
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
The Hacker News
SEPTEMBER 6, 2024
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
Penetration Testing
SEPTEMBER 4, 2024
A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most severe vulnerability (CVE-2024-40711,... The post Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover appeared first on Cybersecurity News.
WIRED Threat Level
SEPTEMBER 6, 2024
Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
Tech Republic Security
SEPTEMBER 4, 2024
Read more about an attack campaign led by Iran-based cyberespionage threat actor Fox Kitten, and learn how to protect your company from this threat.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
SEPTEMBER 4, 2024
This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Let’s hope the judge throws the case out, but—still—it will serve as a warning to others.
The Hacker News
SEPTEMBER 3, 2024
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
Penetration Testing
SEPTEMBER 4, 2024
The security company Praetorian has released GoffLoader, a tool designed to simplify the execution of BOF files and unmanaged Cobalt Strike PE files directly in memory, without writing any files... The post Goffloader: In-Memory Execution, No Disk Required appeared first on Cybersecurity News.
WIRED Threat Level
SEPTEMBER 3, 2024
The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
SEPTEMBER 3, 2024
Many Australian companies are investing in new technology, but others are having a hard time justifying such investments given the current economic climate.
Schneier on Security
SEPTEMBER 6, 2024
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy.
The Hacker News
SEPTEMBER 4, 2024
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
Penetration Testing
SEPTEMBER 2, 2024
A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. With a CVSS score of 8.2, this flaw exposes critical UEFI security mechanisms to compromise, making systems vulnerable... The post CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
SEPTEMBER 3, 2024
A fully open model — one where the training data is available for inspection and modification — provides a means for addressing another threat: malicious or accidentally bad training data. The post Why NTIA Support of Open-Source AI is Good for Security appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 6, 2024
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
Schneier on Security
SEPTEMBER 5, 2024
Really interesting analysis of the American M-209 encryption device and its security.
The Hacker News
AUGUST 31, 2024
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
SEPTEMBER 1, 2024
A security researcher from Conviso Labs published the technical details and a proof-of-concept (PoC) exploit for a critical CVE-2024-43044 vulnerability in Jenkin. Jenkins is integral to many development pipelines, making... The post CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE, PoC Exploit Published appeared first on Cybersecurity News.
WIRED Threat Level
SEPTEMBER 5, 2024
Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.
Tech Republic Security
SEPTEMBER 2, 2024
Australian banks and government are not rushing to adopt passkey authentication methods, despite the added security benefits. Learn why they lag in embracing this crucial technology.
Trend Micro
SEPTEMBER 3, 2024
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
219 
Let's personalize your content