Schneier on Security
DECEMBER 24, 2024
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Tech Republic Security
DECEMBER 23, 2024
Patch management software ensures that known vulnerabilities are patched efficiently to prevent breaches while streamlining IT workflows. Find the best patch management solution for your business.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 19, 2024
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.
The Hacker News
DECEMBER 24, 2024
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Lohrman on Security
DECEMBER 20, 2024
As we end the first quarter of the 21st century, cybersecurity threats seem more daunting than ever. So what cyber trends, forecasts, themes, insights and predictions are on offer for the new year? Heres your annual security industry prediction roundup for 2025.
Schneier on Security
DECEMBER 19, 2024
It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier , they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
DECEMBER 19, 2024
Companies can significantly reduce insider threat risks with a suitable data classification strategy that adequately manages and protects sensitive information. The post How Data Classification Reduces Insider Threats appeared first on Security Boulevard.
The Hacker News
DECEMBER 23, 2024
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
Malwarebytes
DECEMBER 19, 2024
The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company’s devices in the United States. The investigation comes amid heightened tension between the US and the Chinese government, and after a public letter from members of the US House of Representatives this summer that alleged that TP-Link was engaged in predatory pricing practices, driven by ulterior motives, and possibly sponsored by Ch
Schneier on Security
DECEMBER 23, 2024
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Joseph Steinberg
DECEMBER 21, 2024
Australia recently enacted legislation to ban children under 16 from using social media a policy that the Australian government plans to enforce through the use of untested age-verification technology. While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.
Security Affairs
DECEMBER 21, 2024
Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June. Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks. Hulea pleaded guilty to computer fraud conspiracy and wire fraud conspiracy on June 20 for his role in the NetWalker ransomware attacks against organizations worldwide, including healthcare during COVID-19.
The Hacker News
DECEMBER 21, 2024
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S.
Penetration Testing
DECEMBER 22, 2024
The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to... The post NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Schneier on Security
DECEMBER 26, 2024
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.
Javvad Malik
DECEMBER 19, 2024
It is the holiday season. Think twinkling lights, the scent of pine, and cyber threats lurking in the shadows, waiting to pounce quicker than Bruce Willis can say, Yippee ki yay. In the festive spirit of Die Hard,” lets see how we can make our holidays less like Nakatomi Plaza and a bit more secure. Jingle Bells, Phishing Smells, Educate All the Way Phishing does not take a holiday.
Security Affairs
DECEMBER 19, 2024
Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated attacker to read sensitive files.” reads the advisory published by the vendor.
The Hacker News
DECEMBER 19, 2024
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Zero Day
DECEMBER 24, 2024
In just two years, AI has gone from hype to essential skill, offering massive productivity gains and increasing creativity among teams who use it. Here's how.
Tech Republic Security
DECEMBER 23, 2024
A look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025.
WIRED Threat Level
DECEMBER 23, 2024
In Russias war against Ukraine, electronic warfare, including signal-jamming, anti-drone weapons, and innovative protections for critical military systems, has become a key piece of the conflict.
Security Affairs
DECEMBER 24, 2024
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337 , in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
DECEMBER 23, 2024
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.
Zero Day
DECEMBER 23, 2024
USB-C is great, but the ports can be fragile and vulnerable to damage. This breakaway accessory eliminates the chances of damaging your port.
Tech Republic Security
DECEMBER 23, 2024
Trend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more for one year.
Penetration Testing
DECEMBER 22, 2024
The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range... The post CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 23, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Acclaim Systems USAHERDS vulnerability, tracked as CVE-2021-44207 (CVSS score: 8.1) to its Known Exploited Vulnerabilities (KEV) catalog.
The Hacker News
DECEMBER 19, 2024
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix 4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.
Zero Day
DECEMBER 23, 2024
If you really want to see what's happening beneath the hood of your Linux distribution, you need to use log files.
Security Boulevard
DECEMBER 19, 2024
The global Secure Access Service Edge (SASE) market reached $2.4 billion in the third quarter of 2024, with six leading vendors Zscaler, Cisco, Palo Alto Networks, Broadcom, Fortinet and Netskope capturing a combined 72% market share. The post SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
224 
Let's personalize your content