Schneier on Security

OCTOBER 11, 2024

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship The Thinking State: How AI Can Improve Democracy Better Run: How AI Can Make our Politics, Government, Citizenship More Efficient, Effective and Fair AI a

Government 203

Government Hacking Artificial Intelligence 203

Tech Republic Security

OCTOBER 11, 2024

The Internet Archive, a non-profit digital library best known for its Wayback Machine, has disclosed a major data breach affecting over 31 million users.

Internet 169

Internet Internet Accountability Data breaches 169

Schneier on Security

OCTOBER 11, 2024

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.

Technology 199

Technology Cybersecurity 199

Tech Republic Security

OCTOBER 11, 2024

A recent report has revealed errant cybersecurity behaviours in Australia, including employees sharing company data with AI tools.

Cybersecurity 175

Cybersecurity 175

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

OCTOBER 11, 2024

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy.

197

197

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

Authentication 132

Authentication Retail Healthcare Manufacturing 132

The Hacker News

OCTOBER 11, 2024

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S.

Marketing 132

Marketing Cryptocurrency 132

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Malware 136

Malware Social Engineering Engineering Hacking 136

Security Boulevard

OCTOBER 11, 2024

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training. The post Generative AI Fueling More Sophisticated Cyberattacks: Survey appeared first on Security Boulevard.

Encryption 128

Encryption Data privacy Security Awareness Risk 128

The Hacker News

OCTOBER 11, 2024

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.

Phishing 127

Phishing Insurance Malware Software 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

OCTOBER 11, 2024

FMR FAIL: Huge investment firm won’t say how it was hacked. The post (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost appeared first on Security Boulevard.

Data breaches 126

Data breaches Hacking Banking Data privacy 126

The Hacker News

OCTOBER 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network.

Internet 119

Internet Internet Cybersecurity 119

Security Boulevard

OCTOBER 11, 2024

Gary Perkins, Chief Information Security Officer, CISO Global While the scale of this data breach is alarming – with 277 gigabytes of data reportedly stolen – it’s important not to panic. Instead, focus on taking concrete steps to protect yourself. Stay informed, be proactive in safeguarding your personal information, and remainvigilant for any signs of […] The post Identity Under Siege: Responding to the National Public Data Breach appeared first on CISO Global.

Data breaches 118

Data breaches CISO Information Security Cyber threats 118

Tech Republic Security

OCTOBER 11, 2024

Creating new accounts under fake identities provides attackers with a way to launder money or commit fraud.

Accountability 139

Accountability Artificial Intelligence Cryptocurrency 139

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

OCTOBER 11, 2024

This year’s Cyber Security Awareness Month theme is “Generation Cyber Safe: Because online security knows no age”, but what does that mean? The annual theme of The post Generational security: The meaning behind this year’s Cyber Security Awareness Month theme appeared first on Security Boulevard.

Security Awareness 115

Security Awareness CISO 115

Security Affairs

OCTOBER 11, 2024

Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. In early September 2024, Veeam released security updates to address multiple vulnerabilities impacting its products, the company fixed 18 high and critical severity flaws in Veeam Backup & Repl

Backups 130

Backups Ransomware VPN Authentication 130

The Hacker News

OCTOBER 11, 2024

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.

Passwords 116

Passwords Cybersecurity 116

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials.

Data breaches 121

Data breaches Internet Internet DDOS 121

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

OCTOBER 11, 2024

We’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulnerability that was billed as a gift to hackers – a remote exploit that would supposedly render all Linux systems defenseless. The announcement of the vulnerability came with the […] The post The Sky is Falling!

110

110

Security Affairs

OCTOBER 11, 2024

GitLab issued updates for CE and EE to address multiple flaws, including a critical bug allowing CI/CD pipeline runs on unauthorized branches. GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities, including a critical bug, tracked as CVE-2024-9164 (CVSS score of 9.6), allowing CI/CD pipeline runs on unauthorized branches. “An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, st

Hacking 120

Hacking Information Security 120

Malwarebytes

OCTOBER 11, 2024

Your television is debuting the latest, most captivating program: You. In a report titled “ How TV Watches Us: Commercial Surveillance in the Streaming Era ,” the Center for Digital Democracy (CDD) spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern television sets. “The widespread technological and business developments that have taken place during the last five years have created a connected television media and marketing system with unprecedented c

Surveillance 108

Surveillance Advertising Marketing Technology 108

Penetration Testing

OCTOBER 11, 2024

Mozilla has issued an urgent security update for its Firefox browser to address a critical vulnerability that is currently being exploited in the wild. The flaw, tracked as CVE-2024-9680 and... The post Mozilla Confirms Active Attacks on Tor Browser via Firefox Vulnerability appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cisco Security

OCTOBER 11, 2024

Integrating security into the DevOps lifecycle is essential for building secure, scalable systems. By embedding security early on, teams can mitigate risks, enhance efficiency, and ensure compliance throughout development and deployment. Integrating security into the DevOps lifecycle is essential for building secure, scalable systems. By embedding security early on, teams can mitigate risks, enhance efficiency, and ensure compliance throughout development and deployment.

Risk 106

Risk 106

Penetration Testing

OCTOBER 11, 2024

In the ever-evolving landscape of cybersecurity, penetration testing (pen testing) and security assessments are vital to identifying vulnerabilities before they can be exploited by malicious actors. However, one of the... The post FACTION: Pen Test Report Generation and Assessment Collaboration appeared first on Cybersecurity News.

Penetration Testing 98

Penetration Testing Cybersecurity 98

Heimadal Security

OCTOBER 11, 2024

The F5 BIG-IP Local Traffic Manager (LTM) module is used by threat actors to manage unencrypted persistent cookies, which the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is alerting users to as a means of network surveillance. The advisory stated that other networked devices without internet access are being counted using this module.

Surveillance 82

Surveillance Internet Internet Cybersecurity 82

Security Boulevard

OCTOBER 11, 2024

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize vulnerabilities. With constant changes in the vulnerability landscape, security teams need tools that not only quantify risks but also enable them to act swiftly. This is where KnightVision , a core feature within CyberSaint’s CyberStrong platform, plays a pivotal role.

Cyber Risk 80

Cyber Risk Risk Cybersecurity Artificial Intelligence 80

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

CompTIA on Cybersecurity

OCTOBER 11, 2024

Anyone can say that they’re a cybersecurity expert. The truth is many MSPs and other tech companies do just that—even when it’s anything but the truth.

Cybersecurity 79

Cybersecurity 79

Security Boulevard

OCTOBER 11, 2024

Earlier this week, on October 9, during the second day of the fall CA/Browser Forum Face-to-Face meeting, Apple revealed that it had published a draft ballot for commentary to GitHub. This proposal, which is sponsored by Sectigo, offers to incrementally phase maximum term for public SSL/TLS certificates down to 45 days between now and 2027. The draft also phases down the DCV reuse period over time, until it reaches 10 days in 2027.

78

78

Zero Day

OCTOBER 11, 2024

A new version of the popular Rufus utility once again bypasses Microsoft's strict hardware compatibility requirements for Windows 11 upgrades. But the way it's implemented might make some people nervous.

98

98

Security Boulevard

OCTOBER 11, 2024

Online brand impersonation is an insidious threat compared to more straightforward attacks. Ransomware, for example, is simply extortion. A cybercriminal encrypts your data, holds it hostage, and demands payment in exchange for encryption keys. The consequences of the attack are either the loss of data or the cost of the ransom (and associated downtime).

Encryption 75

Encryption Ransomware Cybersecurity 75

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government