Schneier on Security

AUGUST 5, 2024

Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread.

Surveillance 270

Surveillance 270

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim’s operations.

Ransomware 232

Ransomware Insurance Healthcare Education 232

The Last Watchdog

AUGUST 5, 2024

LAS VEGAS — Humans, unsurprisingly, remain the weak link in cybersecurity. Related: Digital identity best practices We’re gullible – and we can’t get away from relying on usernames and passwords. Steady advances in software and hardware mechanisms to secure identities and privileged access have helped; yet crippling network breaches that start by fooling or spoofing a single human user continue to proliferate.

System Administration 173

System Administration Passwords Encryption Internet 173

Tech Republic Security

AUGUST 5, 2024

Australia’s public sector agencies are under increasing pressure to improve their readiness for cyber attacks and data breaches, as surveys and investigations find their preparedness lackluster.

Data breaches 173

Data breaches Cyber Attacks Government 173

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 5, 2024

National Public Data, a background check company that collects sensitive personal information, is facing a class-action legal complaint for allowing the data from 2.9 billion people to be stolen in a breach and later sold on the dark web for millions of dollars. The post National Public Data Sued for Hack that Exposed Data of 2.9 Billion People appeared first on Security Boulevard.

Hacking 126

Hacking Data breaches Security Awareness Cybersecurity 126

Tech Republic Security

AUGUST 5, 2024

If you’re on the hunt for Urban VPN alternatives, check out our in-depth analysis of Proton VPN, TunnelBear and other VPN providers.

VPN 135

VPN 135

Bleeping Computer

AUGUST 5, 2024

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [.

122

122

Security Boulevard

AUGUST 5, 2024

LLMs are different from other tools and different approaches are required to mitigate their risks involving new security technologies. The post Strategies for Mitigating LLM Risks in Cybersecurity appeared first on Security Boulevard.

Risk 120

Risk Cybersecurity Technology Security Awareness 120

Security Affairs

AUGUST 5, 2024

A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices. A high-severity security bypass vulnerability, tracked as CVE-2024-6242 (CVSS Base Score v4.0 of 7.3), impacts Rockwell Automation ControlLogix 1756 devices. An attacker can exploit the vulnerability to execute common industrial protocol (CIP) programming and configuration commands. “A vulnerability exists in the affected products that allows a threat actor to bypas

Hacking 129

Hacking Information Security 129

The Hacker News

AUGUST 5, 2024

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.

Authentication 129

Authentication 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

AUGUST 5, 2024

As AI adoption grows, so does organizations’ appetite for the vast data from disparate sources needed to train AI models. Because of this, companies are grappling with how to safeguard a surging amount of fragmented data wherever it lives. The post DSPM: A Cybersecurity Approach Tailor-Made for This AI Era appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Security Awareness 119

The Hacker News

AUGUST 5, 2024

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.

128

128

Security Affairs

AUGUST 5, 2024

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated endpoints could allow execution of screen rendering code of screens if some precond

Authentication 130

Authentication Manufacturing Hacking Accountability 130

Bleeping Computer

AUGUST 5, 2024

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [.

VPN 118

VPN Malware Software 118

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

AUGUST 5, 2024

n the battle against cyber threats, should we trust human experts or AI agents to protect our valuable data? Explore how AI's tireless vigilance, pattern recognition, and rapid adaptation are reshaping cybersecurity. The post Human vs AI Agents in Cybersecurity: Who Should Guard Your Data? appeared first on Security Boulevard.

Cybersecurity 116

Cybersecurity Cyber threats Artificial Intelligence 116

Bleeping Computer

AUGUST 5, 2024

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [.

126

126

Security Boulevard

AUGUST 5, 2024

The Payment Card Industry Data Security Standard (PCI DSS) aims to improve credit, debit and cash card transaction security and protect cardholders from breaches of their personal information. The post Effective Third-Party Risk Management Under PCI DSS 4.0 appeared first on Security Boulevard.

Risk 116

Risk Security Awareness Government Cybersecurity 116

Bleeping Computer

AUGUST 5, 2024

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [.

Ransomware 118

Ransomware Malware 118

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

AUGUST 5, 2024

A novel Linux kernel exploit technique called SLUBStick has proven to be 99% successful running the kind of attacks that in the past had a success rate of about 40% and allows bad actors to take total control of a system. The post Novel SLUBStick Linux Exploit Gives Attackers Full System Control appeared first on Security Boulevard.

110

110

Bleeping Computer

AUGUST 5, 2024

A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [.

Malware 105

Malware Mobile 105

Penetration Testing

AUGUST 5, 2024

The U.S. Department of Justice, in conjunction with the Federal Trade Commission (FTC), has initiated a civil lawsuit against the popular app TikTok and its Chinese parent company ByteDance. Authorities accuse the developers of... The post TikTok Faces Civil Lawsuit for COPPA Violations, Millions of Children Affected appeared first on Cybersecurity News.

Cybersecurity 108

Cybersecurity 108

Security Boulevard

AUGUST 5, 2024

Salt Security is making available a free scanning tool that it has been using to assess the level of potential risk organizations face from cross-site scripting (XSS) attacks in the wake of discovering similar flaws in multiple websites, including the Hotjar service that millions of users rely on to analyze web traffic. The post Salt Security Provides Free Scans for XXS Vulnerabilities Involving OAuth Protocol appeared first on Security Boulevard.

Risk 104

Risk Security Awareness Cybersecurity Network Security 104

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

AUGUST 5, 2024

The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law.

Cybersecurity 111

Cybersecurity 111

Penetration Testing

AUGUST 5, 2024

In the ever-evolving landscape of cybersecurity threats, having access to reliable and up-to-date threat intelligence is paramount. One tool that has gained recognition in the cybersecurity community is C2 Tracker, a free and open-source... The post C2 Tracker: A Community-Driven IOC Feed for Cybersecurity appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

The Hacker News

AUGUST 5, 2024

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis.

Cyber Attacks 109

Cyber Attacks Malware Cybersecurity 109

Penetration Testing

AUGUST 5, 2024

A sophisticated cyberattack targeting the government sector has been uncovered, utilizing a quartet of malicious software – XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer – and exploiting Cloudflare’s TryCloudflare service. eSentire’s Threat Response Unit (TRU)... The post Government Hit by Multi-Malware Cyberattack via Cloudflare Service appeared first on Cybersecurity News.

Government 98

Government Malware Software Cybersecurity 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

AUGUST 5, 2024

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [.

Cybersecurity 97

Cybersecurity 97

The Hacker News

AUGUST 5, 2024

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly.

Data collection 105

Data collection Cyber Attacks 105

SecureBlitz

AUGUST 5, 2024

In this post, learn why identity theft protection is crucial in today's digital world. Protecting personal information has never been more critical in our increasingly digital world. Identity theft is a growing concern that can have devastating consequences for its victims. This blog post will explore why identity theft protection is crucial, the risks of […] The post Why Is Identity Theft Protection Crucial in Today’s Digital World?

Identity Theft 95

Identity Theft Risk Cybersecurity 95

Tech Republic Security

AUGUST 5, 2024

Company devices which are hooked to the internet can involve both internal and external connections. These internet resources can be web servers, email servers, proxy servers, routers, FTP servers or any other public-facing device which performs a service or function.

Internet 83

Internet Internet Risk Software 83

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government