My TedXBillings Talk
Schneier on Security
SEPTEMBER 13, 2024
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.
Fri.Sep 13, 2024
228 
New Office of the CISO Paper: Organizing Security for Digital Transformation
Anton on Security
SEPTEMBER 13, 2024
So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries
Security Affairs
SEPTEMBER 13, 2024
Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.
Espionage Alert: Google Sheets Exploit For Malware Control
Security Boulevard
SEPTEMBER 13, 2024
A Google Sheets exploit has recently been discovered by cybersecurity experts Proofpoint. As per the initial information, the platform is being leveraged as a command-and-control (C2) mechanism. In this article, we’ll look at what the Google Sheets exploit is about, which sectors are being targeted, and more. Let’s begin! Google Sheets Exploit: Initial Discovery The […] The post Espionage Alert: Google Sheets Exploit For Malware Control appeared first on TuxCare.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
GitLab fixed a critical flaw in GitLab CE and GitLab EE
Security Affairs
SEPTEMBER 13, 2024
GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a critical pipeline execution issue. GitLab released security patches for 17 vulnerabilities in GitLab CE (Community Edition) and EE (Enterprise Edition). One of these vulnerabilities is a critical pipeline execution flaw, tracked as CVE-2024-6678 (CVSS score of 9.9), that could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances. “An issue was discovered in GitLab CE/EE affecti
Realm.Security Emerges to Tackle Cybersecurity Data Management
Security Boulevard
SEPTEMBER 13, 2024
Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics. The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
How Secure is the “Password Protection” on Your Files and Drives?
Security Boulevard
SEPTEMBER 13, 2024
Most password protection methods use some form of encryption, but is there a clear choice between software and hardware encryption when it comes to protecting your personal or business files from theft, loss, or hacking? The post How Secure is the “Password Protection” on Your Files and Drives? appeared first on Security Boulevard.
New Linux malware called Hadooken targets Oracle WebLogic servers
Security Affairs
SEPTEMBER 13, 2024
A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. The name comes from the attack “surge fist” in the Street Fighter series. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
The Hacker News
SEPTEMBER 13, 2024
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.
Cyber Security in Banking: Threats, Solutions & Best Practices
eSecurity Planet
SEPTEMBER 13, 2024
Cyber security in banking has become the frontline defense against an ever-growing wave of digital threats. With billions of dollars and sensitive data at risk, banks are under constant pressure to stay one step ahead of cybercriminals. So, what are the biggest threats facing the banking sector, and how are institutions safeguarding your financial future?
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
The Hacker News
SEPTEMBER 13, 2024
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along
WIRED Threat Level
SEPTEMBER 13, 2024
The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
The Hacker News
SEPTEMBER 13, 2024
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said.
Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach
Security Affairs
SEPTEMBER 13, 2024
Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach. Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area.
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
The Hacker News
SEPTEMBER 13, 2024
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said.
My Apple Intelligence wishlist: 10 features it needs to compete with OpenAI and Google
Zero Day
SEPTEMBER 13, 2024
I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
The Hacker News
SEPTEMBER 13, 2024
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.
Ford seeks patent for conversation-based advertising
Malwarebytes
SEPTEMBER 13, 2024
Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. In the abstract of the patent application publication Ford writes: “An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
The Hacker News
SEPTEMBER 13, 2024
Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.
Proton VPN vs NordVPN: Which is best in 2024?
Zero Day
SEPTEMBER 13, 2024
NordVPN and Proton VPN are two of the most popular VPN services available with strong protection features. Here are the key reasons you might pick one over the other.
Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws
Penetration Testing
SEPTEMBER 13, 2024
In a security advisory released recently, Cloud Software Group has disclosed two vulnerabilities affecting the widely used Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, could... The post Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws appeared first on Cybersecurity News.
10 features Apple Intelligence needs to actually compete with OpenAI and Google
Zero Day
SEPTEMBER 13, 2024
I've tried many of Apple's AI features in the iOS 18 beta and found them incomplete or underwhelming. Here's what the company needs to offer if it wants to become a leader in the AI race.
Introducing CDEs to Your Enterprise
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward
Security Boulevard
SEPTEMBER 13, 2024
Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the.
I love everything about this Android tablet (especially the price)
Zero Day
SEPTEMBER 13, 2024
Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a 120Hz display, 256GB of storage, and 24GB of RAM. What's more, it comes at a great discount.
Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)
Security Boulevard
SEPTEMBER 13, 2024
Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security. The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.
Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos
Penetration Testing
SEPTEMBER 13, 2024
A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malwarebytes. The scammers are using a combination of purchased Google... The post Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos appeared first on Cybersecurity News.
IT Leadership Agrees AI is Here, but Now What?
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
New Office of the CISO Paper: Organizing Security for Digital Transformation
Security Boulevard
SEPTEMBER 13, 2024
So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs.
Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required
Penetration Testing
SEPTEMBER 13, 2024
Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control systems (ICS). The vulnerabilities, tracked as CVE-2024-45823 and CVE-2024-45824, could potentially allow unauthorized... The post Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required appeared first on Cybersecurity News.
The best wireless chargers of 2024: Expert tested
Zero Day
SEPTEMBER 13, 2024
Did you just preorder the new iPhone 16? Now, break up with your charging cables. We went hands-on with chargers from Anker, ESR, Courant, and more to find the best wireless chargers to make powering your devices easier than ever.
What is EchoSpoofing?: Proofpoint Email Routing Exploit
Security Boulevard
SEPTEMBER 13, 2024
Reading Time: 3 min The recent exploitation of Proofpoint’s email routing flaw, known as EchoSpoofing, allowed attackers to send millions of spoofed emails across multiple organizations. The post What is EchoSpoofing?: Proofpoint Email Routing Exploit appeared first on Security Boulevard.
Enhance Innovation and Governance Through the Cloud Development Maturity Model
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Let's personalize your content