Sat.Aug 03, 2024

article thumbnail

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

The Last Watchdog

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

Hacking 246
article thumbnail

DOJ and FTC Sue TikTok for Violating Children's Privacy Laws

The Hacker News

The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

Security Affairs

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28 , Fancy Bear , or Sofacy ) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began around March 2024, the attackers leveraged phishing tactics that have been effective against diplomats for years, exploiting themes th

Phishing 140
article thumbnail

Hackers breach ISP to poison software updates with malware

Bleeping Computer

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.

Software 139
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

US sued TikTok and ByteDance for violating children’s privacy laws

Security Affairs

The U.S. Department of Justice has sued TikTok and its parent company, ByteDance, for extensive violations of children’s privacy laws. The Justice Department and the Federal Trade Commission (FTC) filed a civil lawsuit in the U.S. District Court for the Central District of California against TikTok Inc., its parent company ByteDance Ltd., and their affiliates (together, TikTok) for extensive violations of the Children’s Online Privacy Protection Act and its implementing regulations (COPPA)

article thumbnail

Linux kernel impacted by new SLUBStick cross-cache attack

Bleeping Computer

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. [.

121
121

More Trending

article thumbnail

Bringing Security Back into Balance

Trend Micro

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.

article thumbnail

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

In the rapid pace of Industrial Control Systems (ICS) and the Internet of Things (IoT), security can feel like an uphill battle against SCADA systems, which control and monitor essential infrastructure like power grids and water supplies, and IoT devices, which expand connectivity and functionality across industries, are integral to modern operations.

IoT 93
article thumbnail

BunkerWeb: The Next-Generation Open-Source Web Application Firewall

Penetration Testing

In today’s digital landscape, ensuring the security of web services is paramount. Enter BunkerWeb, a cutting-edge, open-source Web Application Firewall (WAF) that promises to make web security seamless and effective. Built on the robust... The post BunkerWeb: The Next-Generation Open-Source Web Application Firewall appeared first on Cybersecurity News.

article thumbnail

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

Security Boulevard

When Tennisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, … (more…) The post Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier first appeared on The Last Watchdog.

Hacking 69
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Domain Takeover: 35,000+ Victims of Sitting Ducks Attack

Penetration Testing

Cybercriminals have seized over 35,000 registered domains using an attack researchers have dubbed “Sitting Ducks.” This method allows attackers to capture domains without accessing the owner’s account with the DNS provider or registrar. In... The post Domain Takeover: 35,000+ Victims of Sitting Ducks Attack appeared first on Cybersecurity News.

DNS 76
article thumbnail

USENIX Security ’23 – Secure Floating-Point Training

Security Boulevard

Authors/Presenters:Deevashwer Rathee, Anwesh Bhattacharya, Divya Gupta, Rahul Sharma, Dawn Song Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Storm-1152’s CAPTCHA Bypass Operation Foiled by Microsoft

Penetration Testing

Microsoft has seized a domain used by the Vietnamese group Storm-1152 to sell fraudulent accounts and CAPTCHA bypass services. The domain rockcaptcha[.]com was taken down six months after Microsoft announced a large-scale operation against Storm-1152,... The post Storm-1152’s CAPTCHA Bypass Operation Foiled by Microsoft appeared first on Cybersecurity News.

article thumbnail

Fraud detection in banking

Thales Cloud Protection & Licensing

Fraud detection in banking josh.pearson@t… Sat, 08/03/2024 - 23:33 Banks and financial institutions (FIs) use fraud detection in banking technologies and strategies to reduce the risks of fraud to their business. These risks include the financial costs of fraud as well as the reputational damage that it causes. Identity & Access Management Ammar Faheem | Product Marketing Manager More About This Author > What is fraud detection in banking?

Banking 62
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!