Schneier on Security

SEPTEMBER 3, 2024

The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.

276

276

Tech Republic Security

SEPTEMBER 3, 2024

Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.

Mobile 181

Mobile 181

WIRED Threat Level

SEPTEMBER 3, 2024

The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.

Internet 129

Internet Internet 129

Tech Republic Security

SEPTEMBER 3, 2024

Many Australian companies are investing in new technology, but others are having a hard time justifying such investments given the current economic climate.

Technology 155

Technology 155

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

SEPTEMBER 3, 2024

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.

Ransomware 129

Ransomware Cybersecurity 129

Tech Republic Security

SEPTEMBER 3, 2024

A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.

Ransomware 147

Ransomware Malware Cybersecurity 147

Javvad Malik

SEPTEMBER 3, 2024

What started off as a vision I had many years ago has hit a significant milestone. The Host Unknown Podcast has somehow managed to stumble its way to 200 episodes. It’s a feat that probably a testament to the sheer stubbornness of my co-hosts Thom Langford and Andrew Agnês – and a bit of external motivation provided by Graham Cluley. For those of you who have been living under a rock (or perhaps just have better things to do with your time), Host Unknown is the weekly podcast that no

Cybersecurity 100

Cybersecurity 100

Security Boulevard

SEPTEMBER 3, 2024

A fully open model — one where the training data is available for inspection and modification — provides a means for addressing another threat: malicious or accidentally bad training data. The post Why NTIA Support of Open-Source AI is Good for Security appeared first on Security Boulevard.

Security Awareness 122

Security Awareness Software Cybersecurity 122

Tech Republic Security

SEPTEMBER 3, 2024

Bitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.

Antivirus 125

Antivirus Spyware Software Malware 125

Malwarebytes

SEPTEMBER 3, 2024

Transport for London (TfL), the city’s transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on London’s surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area. In a public notice Transport for London stated: “We are currently dealing with an ongoing cyber security incident.

Cybersecurity 119

Cybersecurity Ransomware Risk 119

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

SEPTEMBER 3, 2024

City officials in Columbus, Ohio, filed a complaint against a cybersecurity expert who has been telling local media that the sensitive data stolen by the Rhysida group in a July ransomware attack poses a larger threat to residents and employees than the mayor and others have been saying. The post Columbus Sues Expert, Fueling Debate About Ransomware Attack appeared first on Security Boulevard.

Ransomware 115

Ransomware Media Cybersecurity Security Awareness 115

Security Affairs

SEPTEMBER 3, 2024

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. Cisco Talos researchers discovered eight vulnerabilities in Microsoft apps for macOS. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. This could enable access to sensitive resources like the microphone, camera, and screen recording, potentially leading to data leaks or privilege escalation.

Risk 130

Risk Hacking Government Malware 130

Security Boulevard

SEPTEMBER 3, 2024

Is the network defendable? This serious question is often conveniently left unasked because the answer is uncomfortable. On June 3, 1983, the day before I graduated from high school, MGM released the movie “War Games”. For those who never saw the movie, the plot is essentially a teenage hacker accidentally kicks off an AI computer. The post Is the “Network” Defendable?

Cybersecurity 114

Cybersecurity Network Security 114

We Live Security

SEPTEMBER 3, 2024

Malvertising campaigns typically involve threat actors buying top ad space from search engines to lure potential victims into clicking on their malicious ads

Engineering 121

Engineering 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

SEPTEMBER 3, 2024

Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released security updates to address a critical vulnerability, tracked as CVE-2024-7261 (CVSS v3 score of 9.8), impacting multiple models of its business routers. The flaw is an operating system (OS) command injection issue that stems from the improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router

Manufacturing 120

Manufacturing Hacking Internet Internet 120

The Hacker News

SEPTEMBER 3, 2024

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024.

CISO 110

CISO Passwords 110

Security Affairs

SEPTEMBER 3, 2024

U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is responsible for most of the world’s largest fracking operations.

Data breaches 124

Data breaches Ransomware Hacking Risk 124

Trend Micro

SEPTEMBER 3, 2024

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

Malware 107

Malware 107

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

SEPTEMBER 3, 2024

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracked as CVE-2024-38811 (CVSS 8.8/10), in its Fusion hypervisor. The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application. “VMware Fusion contains a code-execut

Hacking 119

Hacking Information Security 119

WIRED Threat Level

SEPTEMBER 3, 2024

Activists claim Japanese industrial robots are being used to build military equipment for Israel. The robot maker denies the claims, but the episode reveals the complex ethics of global manufacturing.

Manufacturing 106

Manufacturing 106

Security Affairs

SEPTEMBER 3, 2024

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency , an online platform that allowed crooks to bypass MFA used by customers of several banks and services.

Banking 122

Banking Social Engineering Accountability Authentication 122

eSecurity Planet

SEPTEMBER 3, 2024

Dashlane is a leading password manager designed to simplify and secure your digital life. It consolidates your passwords into a single, encrypted vault. Dashlane helps you keep track of your login credentials and enhances your overall online security. This guide will walk you through how to use Dashlane, offering a step-by-step approach to set up and optimize your experience.

Password Management 104

Password Management Passwords Encryption VPN 104

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

SEPTEMBER 3, 2024

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.

VPN 106

VPN Software Malware Engineering 106

Zero Day

SEPTEMBER 3, 2024

The Amazon Fire TV Omni QLED offers excellent picture and audio quality for both streaming and console gaming, and you can save $170 on the 55-inch version in this still-live Labor Day deal.

98

98

The Hacker News

SEPTEMBER 3, 2024

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.

Cyber Attacks 105

Cyber Attacks 105

Zero Day

SEPTEMBER 3, 2024

Using Apple's iOS 18 and the right carrier, iPhone owners can send Android users messages with high-res photos and videos, read receipts, audio clips, and more. Here's how.

98

98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

SEPTEMBER 3, 2024

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said.

Banking 103

Banking Mobile Phishing Malware 103

Identity IQ

SEPTEMBER 3, 2024

Major Banks Under Fire for Refusing Reimbursements to Victims of Online Payment Scams IdentityIQ Major U.S. banks, including JPMorgan Chase, Wells Fargo, and Bank of America, have come under intense scrutiny for their response to online payment scams. A growing number of consumers have reported being denied reimbursement for funds lost to scams on Zelle , an online payment platform that is co-owned by JPMorgan Chase, Wells Fargo, and Bank of America, among other major banks.

Scams 96

Scams Banking Identity Theft Insurance 96

Penetration Testing

SEPTEMBER 3, 2024

Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified as CVE-2024-38106. This elevation of... The post CVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC Published appeared first on Cybersecurity News.

Cybersecurity 105

Cybersecurity 105

ZoneAlarm

SEPTEMBER 3, 2024

In an increasingly digital world, the rise of AI-generated deepfakes represents one of the most significant threats to cybersecurity and the integrity of information. These hyper-realistic, AI-created images, videos, and even voices blur the lines between reality and fiction, posing unprecedented risks to individuals, organizations, and society at large.

Technology 91

Technology Risk Cybersecurity Data privacy 91

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government