Schneier on Security
SEPTEMBER 3, 2024
The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.
Tech Republic Security
SEPTEMBER 3, 2024
Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
SEPTEMBER 3, 2024
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
Tech Republic Security
SEPTEMBER 3, 2024
Many Australian companies are investing in new technology, but others are having a hard time justifying such investments given the current economic climate.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
SEPTEMBER 3, 2024
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024.
Tech Republic Security
SEPTEMBER 3, 2024
A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 3, 2024
Bitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.
The Hacker News
SEPTEMBER 3, 2024
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.
Security Affairs
SEPTEMBER 3, 2024
Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. Cisco Talos researchers discovered eight vulnerabilities in Microsoft apps for macOS. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. This could enable access to sensitive resources like the microphone, camera, and screen recording, potentially leading to data leaks or privilege escalation.
The Hacker News
SEPTEMBER 3, 2024
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
SEPTEMBER 3, 2024
Malvertising campaigns typically involve threat actors buying top ad space from search engines to lure potential victims into clicking on their malicious ads
The Hacker News
SEPTEMBER 3, 2024
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said.
Security Boulevard
SEPTEMBER 3, 2024
A fully open model — one where the training data is available for inspection and modification — provides a means for addressing another threat: malicious or accidentally bad training data. The post Why NTIA Support of Open-Source AI is Good for Security appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 3, 2024
U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is responsible for most of the world’s largest fracking operations.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
SEPTEMBER 3, 2024
Rubrik and Cisco have allied to improve cyber resiliency by integrating their respective data protection and extended detection and response (XDR) platforms. The post Rubrik Allies to Cisco to Improve Cyber Resiliency appeared first on Security Boulevard.
WIRED Threat Level
SEPTEMBER 3, 2024
The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.
Security Affairs
SEPTEMBER 3, 2024
Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency , an online platform that allowed crooks to bypass MFA used by customers of several banks and services.
Trend Micro
SEPTEMBER 3, 2024
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 3, 2024
Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released security updates to address a critical vulnerability, tracked as CVE-2024-7261 (CVSS v3 score of 9.8), impacting multiple models of its business routers. The flaw is an operating system (OS) command injection issue that stems from the improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router
Security Boulevard
SEPTEMBER 3, 2024
City officials in Columbus, Ohio, filed a complaint against a cybersecurity expert who has been telling local media that the sensitive data stolen by the Rhysida group in a July ransomware attack poses a larger threat to residents and employees than the mayor and others have been saying. The post Columbus Sues Expert, Fueling Debate About Ransomware Attack appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 3, 2024
VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracked as CVE-2024-38811 (CVSS 8.8/10), in its Fusion hypervisor. The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application. “VMware Fusion contains a code-execut
Security Boulevard
SEPTEMBER 3, 2024
Is the network defendable? This serious question is often conveniently left unasked because the answer is uncomfortable. On June 3, 1983, the day before I graduated from high school, MGM released the movie “War Games”. For those who never saw the movie, the plot is essentially a teenage hacker accidentally kicks off an AI computer. The post Is the “Network” Defendable?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
SecureWorld News
SEPTEMBER 3, 2024
The cloud has become the hub for delivery of digital applications in the modern digital era. Identity as the digital perimeter and data protection are mission critical to foster digital trust, enable service assurance, and minimize enterprise risk. These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era.
SecureList
SEPTEMBER 3, 2024
Targeted attacks XZ backdoor: a supply chain attack in the making On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server process sshd. On a number of systemd -based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is patched to use systemd features and is therefore dependent on the library (Arch Li
eSecurity Planet
SEPTEMBER 3, 2024
Dashlane is a leading password manager designed to simplify and secure your digital life. It consolidates your passwords into a single, encrypted vault. Dashlane helps you keep track of your login credentials and enhances your overall online security. This guide will walk you through how to use Dashlane, offering a step-by-step approach to set up and optimize your experience.
WIRED Threat Level
SEPTEMBER 3, 2024
Activists claim Japanese industrial robots are being used to build military equipment for Israel. The robot maker denies the claims, but the episode reveals the complex ethics of global manufacturing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
SEPTEMBER 3, 2024
Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified as CVE-2024-38106. This elevation of... The post CVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC Published appeared first on Cybersecurity News.
SecureList
SEPTEMBER 3, 2024
Quarterly figures According to Kaspersky Security Network, in Q2 2024: 7 million attacks using malware, adware or unwanted mobile software were blocked. The most common threat to mobile devices was RiskTool software – 41% of all detected threats. A total of 367,418 malicious installation packages were detected, of which: 13,013 packages were for mobile banking Trojans; 1,392 packages were for mobile ransomware Trojans.
Javvad Malik
SEPTEMBER 3, 2024
What started off as a vision I had many years ago has hit a significant milestone. The Host Unknown Podcast has somehow managed to stumble its way to 200 episodes. It’s a feat that probably a testament to the sheer stubbornness of my co-hosts Thom Langford and Andrew Agnês – and a bit of external motivation provided by Graham Cluley. For those of you who have been living under a rock (or perhaps just have better things to do with your time), Host Unknown is the weekly podcast that no
Zero Day
SEPTEMBER 3, 2024
Using Apple's iOS 18 and the right carrier, iPhone owners can send Android users messages with high-res photos and videos, read receipts, audio clips, and more. Here's how.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
327 
Let's personalize your content