Schneier on Security
OCTOBER 22, 2024
The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion.
Tech Republic Security
OCTOBER 22, 2024
A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
OCTOBER 22, 2024
Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.
WIRED Threat Level
OCTOBER 22, 2024
The North Atlantic Fella Organization, which started as a way to fight Kremlin propaganda, has raised millions of dollars to send vital equipment directly to soldiers fighting Russia.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
OCTOBER 22, 2024
VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.
The Hacker News
OCTOBER 22, 2024
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
OCTOBER 22, 2024
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.
Security Affairs
OCTOBER 22, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog. ScienceLogic SL1 contains a vulnerability related to a third-party component.
Security Boulevard
OCTOBER 22, 2024
The Russian disinformation group Storm-1516 reportedly was behind a deepfake video that claimed so show a former student accusing vice presidential candidate Tim Walz of abusing him, the latest incident in a U.S. election season targeted for disruption by Russia, Iran, and China. The post Russian Disinformation Group Behind Bogus Walz Conspiracy: Report appeared first on Security Boulevard.
The Hacker News
OCTOBER 22, 2024
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
NSTIC
OCTOBER 22, 2024
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT.
The Hacker News
OCTOBER 22, 2024
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol.
SecureWorld News
OCTOBER 22, 2024
Marriott International entered into a $52 million settlement with the U.S. Federal Trade Commission (FTC) to resolve allegations stemming from a massive data breach that affected millions of guests. The breach, which occurred between 2014 and 2018, involved the exposure of sensitive customer information, including names, passport numbers, credit card details, and reservation information.
The Hacker News
OCTOBER 22, 2024
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Malwarebytes
OCTOBER 22, 2024
Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts back. Social media accounts are often lost when users forget their password, switch devices, or when they inadvertently or even willingly give their credentials to a scammer.
The Hacker News
OCTOBER 22, 2024
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.
Graham Cluley
OCTOBER 22, 2024
Security researchers have uncovered a new flaw in some AI chatbots that could have allowed hackers to steal personal information from users. The flaw, which has been named "Imprompter", which uses a clever trick to hide malicious instructions within seemingly-random text. Read more in my article on the Hot for Security blog.
The Hacker News
OCTOBER 22, 2024
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Trend Micro
OCTOBER 22, 2024
How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.
DoublePulsar
OCTOBER 22, 2024
Yes, I’ve made a logo in crayon and named this FortiJump. Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do. I’ve even made a picture explaining! I give you all rights to use this image. Back on October 13th, I started a Mastodon thread for something I’d come across: Kevin Beaumont (@GossiTheDog@cyberplace.social) The thread is a bit wild, I didn’t know about the FortiNet private notification as I’m just an InfoSec pl
Zero Day
OCTOBER 22, 2024
ESR's latest Qi2 car mount can wirelessly charge your iPhone at 15W while keeping temperatures stabilized, thanks to its CryoBoost feature.
WIRED Threat Level
OCTOBER 22, 2024
More than 115,000 files related to UN Women included detailed financial disclosures from organizations around the world—and personal details and testimonials from vulnerable individuals.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Penetration Testing
OCTOBER 22, 2024
In a recent report by Kahng An, part of the Cofense Intelligence Team, a critical vulnerability in the detection capabilities of Secure Email Gateways (SEGs) and antivirus (AV) scanners was... The post Virtual Hard Drives: The New Bypass for Secure Email Gateways and Antivirus Scanners appeared first on Cybersecurity News.
Zero Day
OCTOBER 22, 2024
Big Blue's Granite LLMs are built for business and now they're available under the good old Apache 2.0 license.
Penetration Testing
OCTOBER 22, 2024
A new report by the Atlantic Council sheds light on China’s sophisticated and highly structured Capture the Flag (CTF) competition framework, which is helping the country become a global leader... The post Inside China’s State-Sponsored Hacking Competitions: Talent Spotting and Global Outreach appeared first on Cybersecurity News.
Zero Day
OCTOBER 22, 2024
Ecobee is adding extra security measures to its system to create smarter integrations in a single-user experience.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
OCTOBER 22, 2024
As artificial intelligence evolves, the concept of "identity" extends beyond humans. This article delves into the technical intricacies of non-human identity in the AI age, exploring how AI systems are identified, authenticated, and managed in a digital world. The post Non-Human Identity in the AI Age: A Technical Deep Dive appeared first on Security Boulevard.
Zero Day
OCTOBER 22, 2024
The Ozlo Sleep earbuds, developed by three ex-Bose engineers, are the best sleep earbuds I've tested.
Security Boulevard
OCTOBER 22, 2024
DEF CON 32 - Lessons Learned from Building and Defending LLM Applications Authors/Presenters:Javan Rasokat Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.
Penetration Testing
OCTOBER 22, 2024
Trend Micro researchers have uncovered a new and unconventional method used by cybercriminals to deploy the SRBMiner cryptominer on Docker remote API servers. This attack leverages the gRPC protocol over... The post Cryptojacking Alert: Hackers Exploit gRPC and HTTP/2 to Deploy Miners appeared first on Cybersecurity News.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
279 
Let's personalize your content