My TedXBillings Talk
Schneier on Security
SEPTEMBER 13, 2024
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.
Schneier on Security
SEPTEMBER 13, 2024
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.
Security Affairs
SEPTEMBER 13, 2024
Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
SEPTEMBER 13, 2024
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.
WIRED Threat Level
SEPTEMBER 13, 2024
The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 13, 2024
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
Security Affairs
SEPTEMBER 13, 2024
GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a critical pipeline execution issue. GitLab released security patches for 17 vulnerabilities in GitLab CE (Community Edition) and EE (Enterprise Edition). One of these vulnerabilities is a critical pipeline execution flaw, tracked as CVE-2024-6678 (CVSS score of 9.9), that could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances. “An issue was discovered in GitLab CE/EE affecti
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
SEPTEMBER 13, 2024
Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication Ford writes: “An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or
The Hacker News
SEPTEMBER 13, 2024
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said.
Security Affairs
SEPTEMBER 13, 2024
A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. The name comes from the attack “surge fist” in the Street Fighter series. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.
The Hacker News
SEPTEMBER 13, 2024
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
SEPTEMBER 13, 2024
Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done by the original owner or with the correct password. Without deactivating Lost Mode,... The post Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade appeared first on Cybersecurity News.
Security Affairs
SEPTEMBER 13, 2024
Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach. Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area.
Anton on Security
SEPTEMBER 13, 2024
So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.
Security Boulevard
SEPTEMBER 13, 2024
A Google Sheets exploit has recently been discovered by cybersecurity experts Proofpoint. As per the initial information, the platform is being leveraged as a command-and-control (C2) mechanism. In this article, we’ll look at what the Google Sheets exploit is about, which sectors are being targeted, and more. Let’s begin! Google Sheets Exploit: Initial Discovery The […] The post Espionage Alert: Google Sheets Exploit For Malware Control appeared first on TuxCare.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
SEPTEMBER 13, 2024
Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.
Security Boulevard
SEPTEMBER 13, 2024
Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics. The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard.
Zero Day
SEPTEMBER 13, 2024
Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a 120Hz display, 256GB of storage, and 24GB of RAM. What's more, it comes at a great discount.
Security Boulevard
SEPTEMBER 13, 2024
Most password protection methods use some form of encryption, but is there a clear choice between software and hardware encryption when it comes to protecting your personal or business files from theft, loss, or hacking? The post How Secure is the “Password Protection” on Your Files and Drives? appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Zero Day
SEPTEMBER 13, 2024
Testing for the new connection begins early next year across 1,000 airplanes.
Penetration Testing
SEPTEMBER 13, 2024
In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, could... The post Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws appeared first on Cybersecurity News.
Zero Day
SEPTEMBER 13, 2024
The newest iPhone comes with a hardware-based security feature to better ensure user privacy.
Penetration Testing
SEPTEMBER 13, 2024
A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malwarebytes. The scammers are using a combination of purchased Google... The post Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Zero Day
SEPTEMBER 13, 2024
NordVPN and Proton VPN are two of the most popular VPN services available with strong protection features. Here are the key reasons you might pick one over the other.
eSecurity Planet
SEPTEMBER 13, 2024
Cyber security in banking has become the frontline defense against an ever-growing wave of digital threats. With billions of dollars and sensitive data at risk, banks are under constant pressure to stay one step ahead of cybercriminals. So, what are the biggest threats facing the banking sector, and how are institutions safeguarding your financial future?
Zero Day
SEPTEMBER 13, 2024
I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.
Penetration Testing
SEPTEMBER 13, 2024
Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control systems (ICS). The vulnerabilities, tracked as CVE-2024-45823 and CVE-2024-45824, could potentially allow unauthorized... The post Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Zero Day
SEPTEMBER 13, 2024
I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.
Security Boulevard
SEPTEMBER 13, 2024
Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the.
Zero Day
SEPTEMBER 13, 2024
Google aims to make traveling this holiday easy with digital passports on its Wallet app; however these passes only work in a few locations.
Security Boulevard
SEPTEMBER 13, 2024
Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Let's personalize your content