Schneier on Security

AUGUST 5, 2024

Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread.

Surveillance 290

Surveillance 290

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim’s operations.

Ransomware 248

Ransomware Insurance Healthcare Education 248

Tech Republic Security

AUGUST 5, 2024

Australia’s public sector agencies are under increasing pressure to improve their readiness for cyber attacks and data breaches, as surveys and investigations find their preparedness lackluster.

Data breaches 189

Data breaches Cyber Attacks Government 189

The Last Watchdog

AUGUST 5, 2024

LAS VEGAS — Humans, unsurprisingly, remain the weak link in cybersecurity. Related: Digital identity best practices We’re gullible – and we can’t get away from relying on usernames and passwords. Steady advances in software and hardware mechanisms to secure identities and privileged access have helped; yet crippling network breaches that start by fooling or spoofing a single human user continue to proliferate.

System Administration 173

System Administration Passwords Encryption Internet 173

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

AUGUST 5, 2024

If you’re on the hunt for Urban VPN alternatives, check out our in-depth analysis of Proton VPN, TunnelBear and other VPN providers.

VPN 155

VPN 155

WIRED Threat Level

AUGUST 5, 2024

Experts say the “nonsensical” policy proposal, which largely aligns with Donald Trump’s agenda, would weaken the US agency tasked with protecting election integrity, critical infrastructure, and more.

Risk 29

Risk Hacking 29

Security Affairs

AUGUST 5, 2024

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some precond

Authentication 136

Authentication Manufacturing Hacking Accountability 136

The Hacker News

AUGUST 5, 2024

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.

140

140

Security Affairs

AUGUST 5, 2024

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices. A high-severity security bypass vulnerability, tracked as CVE-2024-6242 (CVSS Base Score v4.0 of 7.3), impacts Rockwell Automation ControlLogix 1756 devices. An attacker can exploit the vulnerability to execute common industrial protocol (CIP) programming and configuration commands. “A vulnerability exists in the affected products that allows a threat actor to bypas

Hacking 135

Hacking Information Security 135

The Hacker News

AUGUST 5, 2024

The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law.

Cybersecurity 132

Cybersecurity 132

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 5, 2024

National Public Data, a background check company that collects sensitive personal information, is facing a class-action legal complaint for allowing the data from 2.9 billion people to be stolen in a breach and later sold on the dark web for millions of dollars. The post National Public Data Sued for Hack that Exposed Data of 2.9 Billion People appeared first on Security Boulevard.

Hacking 126

Hacking Data breaches Security Awareness Cybersecurity 126

The Hacker News

AUGUST 5, 2024

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis.

Cyber Attacks 131

Cyber Attacks Malware Cybersecurity 131

Security Boulevard

AUGUST 5, 2024

For You Plague: U.S. Justice Dept. and Federal Trade Commission file lawsuit, alleging TikTok broke the COPPA law, plus a previous injunction. The post TikTok Abuses Kids, say DoJ and FTC appeared first on Security Boulevard.

Social Engineering 126

Social Engineering Spyware Media Data privacy 126

The Hacker News

AUGUST 5, 2024

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly.

Data collection 127

Data collection Cyber Attacks 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

AUGUST 5, 2024

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [.

126

126

Malwarebytes

AUGUST 5, 2024

Last week on Malwarebytes Labs: Threat actor impersonates Google via fake ad for Authenticator Scammers are impersonating cryptocurrency exchanges, FBI warns Meta to pay $1.4 billion over unauthorized facial recognition image capture Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! SIEM is not storage, with Jess Dodson (Lock and Code S05E16) US senators ask FTC to investigate car makers’ privacy practices Last week on ThreatDown: Azure

DDOS 125

DDOS Cryptocurrency Authentication Ransomware 125

Bleeping Computer

AUGUST 5, 2024

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [.

122

122

Security Boulevard

AUGUST 5, 2024

LLMs are different from other tools and different approaches are required to mitigate their risks involving new security technologies. The post Strategies for Mitigating LLM Risks in Cybersecurity appeared first on Security Boulevard.

Risk 120

Risk Cybersecurity Technology Security Awareness 120

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

AUGUST 5, 2024

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [.

Ransomware 118

Ransomware Malware 118

Security Boulevard

AUGUST 5, 2024

As AI adoption grows, so does organizations’ appetite for the vast data from disparate sources needed to train AI models. Because of this, companies are grappling with how to safeguard a surging amount of fragmented data wherever it lives. The post DSPM: A Cybersecurity Approach Tailor-Made for This AI Era appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Security Awareness 119

Bleeping Computer

AUGUST 5, 2024

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [.

VPN 118

VPN Malware Software 118

Security Boulevard

AUGUST 5, 2024

n the battle against cyber threats, should we trust human experts or AI agents to protect our valuable data? Explore how AI's tireless vigilance, pattern recognition, and rapid adaptation are reshaping cybersecurity. The post Human vs AI Agents in Cybersecurity: Who Should Guard Your Data? appeared first on Security Boulevard.

Cybersecurity 116

Cybersecurity Cyber threats Artificial Intelligence 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

AUGUST 5, 2024

The U.S. Department of Justice, in conjunction with the Federal Trade Commission (FTC), has initiated a civil lawsuit against the popular app TikTok and its Chinese parent company ByteDance. Authorities accuse the developers of... The post TikTok Faces Civil Lawsuit for COPPA Violations, Millions of Children Affected appeared first on Cybersecurity News.

Cybersecurity 113

Cybersecurity 113

Security Boulevard

AUGUST 5, 2024

The Payment Card Industry Data Security Standard (PCI DSS) aims to improve credit, debit and cash card transaction security and protect cardholders from breaches of their personal information. The post Effective Third-Party Risk Management Under PCI DSS 4.0 appeared first on Security Boulevard.

Risk 116

Risk Security Awareness Government Cybersecurity 116

The Hacker News

AUGUST 5, 2024

Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings.

Cybersecurity 108

Cybersecurity 108

Security Boulevard

AUGUST 5, 2024

A novel Linux kernel exploit technique called SLUBStick has proven to be 99% successful running the kind of attacks that in the past had a success rate of about 40% and allows bad actors to take total control of a system. The post Novel SLUBStick Linux Exploit Gives Attackers Full System Control appeared first on Security Boulevard.

110

110

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

AUGUST 5, 2024

A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [.

Malware 105

Malware Mobile 105

Security Boulevard

AUGUST 5, 2024

Salt Security is making available a free scanning tool that it has been using to assess the level of potential risk organizations face from cross-site scripting (XSS) attacks in the wake of discovering similar flaws in multiple websites, including the Hotjar service that millions of users rely on to analyze web traffic. The post Salt Security Provides Free Scans for XXS Vulnerabilities Involving OAuth Protocol appeared first on Security Boulevard.

Risk 104

Risk Security Awareness Cybersecurity Network Security 104

Penetration Testing

AUGUST 5, 2024

In the ever-evolving landscape of cybersecurity threats, having access to reliable and up-to-date threat intelligence is paramount. One tool that has gained recognition in the cybersecurity community is C2 Tracker, a free and open-source... The post C2 Tracker: A Community-Driven IOC Feed for Cybersecurity appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

AUGUST 5, 2024

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [.

Cybersecurity 97

Cybersecurity 97

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity