Schneier on Security
OCTOBER 2, 2024
Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.
The Last Watchdog
OCTOBER 2, 2024
Silver Spring, MD, Oct. 2, 2024, CyberNewswire — Aembit , the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment to address pressing gaps in non-human identity security. Duarteās journey in cybersecurity began with a passion for penetration testing, sparked by the 1980s cult classic film WarGames.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 2, 2024
Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.
Penetration Testing
OCTOBER 2, 2024
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Tech Republic Security
OCTOBER 2, 2024
Google Cloudās virtual machines can now get in-house attestation for VMs that offer AMD encrypted virtualization. Plus, Google VMs now offer more hardware options.
Security Boulevard
OCTOBER 2, 2024
Cybersecurity professionals are facing increasing levels of stress, with 66% reporting that their roles have become more demanding over the past five years, according to a report from ISACA. The post Cybersecurity Professionals Operate Under Increased Stress Levels appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
SecureList
OCTOBER 2, 2024
Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks before they cause significant damage.
Elie
OCTOBER 2, 2024
This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.
Security Boulevard
OCTOBER 2, 2024
US security agencies and international counterparts list six principles critical infrastructure organizations should hold onto to ensure their OT environments are protected against the rising tide of cyberthreats coming their way. The post US and Other Countries Outline Principles for Securing OT appeared first on Security Boulevard.
Security Affairs
OCTOBER 2, 2024
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. The social media platform “potentially revealed” that it has shared the IP addresses or phone numbers of over 100 users with law enforcement.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
OCTOBER 2, 2024
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
We Live Security
OCTOBER 2, 2024
ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
Security Boulevard
OCTOBER 2, 2024
Despite slower hiring trends and tighter budgets, chief information security officer (CISO) compensation continues to rise, with the average U.S.-based CISO earning $565K, and top earners exceeding $1 million. The post Average CISO Compensation Tops $500K appeared first on Security Boulevard.
The Hacker News
OCTOBER 2, 2024
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 2, 2024
Security applications can now analyze and detect trends and anomalies in vast seas of information. But how much is enough? And how much is too much information? The more you need to store and the more features you add, the higher costs rise. What is the right balance? Find out in this TechRepublic Premium feature.
The Hacker News
OCTOBER 2, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.
Security Affairs
OCTOBER 2, 2024
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
The Hacker News
OCTOBER 2, 2024
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Affairs
OCTOBER 2, 2024
The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware was first identified in 2022, and since then it has been upgraded with advanced features, the latest version 0.7.0 introduces AI-driven capabilities for extracting cryptocurrency seed phrases from i
The Hacker News
OCTOBER 2, 2024
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB.
Cisco Security
OCTOBER 2, 2024
With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage. With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage.
The Hacker News
OCTOBER 2, 2024
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
OCTOBER 2, 2024
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on vulnerable instances.
The Hacker News
OCTOBER 2, 2024
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1.
Zero Day
OCTOBER 2, 2024
Blackview's Mega 1 is an 11.5-inch Android 13 tablet with a brilliant 120Hz display and 24GB of RAM at a surprisingly miniscule price point.
SecureWorld News
OCTOBER 2, 2024
The invisible hands of artificial intelligence are reaching deeper into our lives than ever before. Have you ever scrolled through Facebook and noticed ads that seem eerily tailored to your interests? Or written a private email, only to later see similar phrases appearing elsewhere online? Perhaps you have even found content from your personal blog replicated in Google AI summaries.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 2, 2024
An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities announced a new operation against the LockBit ransomware gang. The police arrested an alleged LockBit developer at France’s request while vacationing outside Russia and two individuals in the UK for supporting a LockBit affiliate.
Heimadal Security
OCTOBER 2, 2024
Admin rights are one of the most important and fundamental aspects of cybersecurity. Without elevated permissions, hackers will have a hard time stealing your data or disrupting your services. For that reason, theyāre often trying to gain access to an administrator account to successfully carry off whatever attack theyāre planning. Thatās where privileged access management […] The post Admin Rights in Action: How Hackers Target Privileged Accounts appeared first on Heimdal Security Blog.
Security Affairs
OCTOBER 2, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.
SecureWorld News
OCTOBER 2, 2024
Th e 8th biennial Deloitte-NASCIO Cybersecurity Study reveals a rapidly evolving cybersecurity landscape, with artificial intelligence (AI) and generative AI (GenAI) introducing new challenges. Conducted in spring 2024, the study captures insights from Chief Information Security Officers of all 50 U.S. states and the District of Columbia, marking a period where the impact of COVID-19 has subsided yet new threats have surfaced.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Expert insights. Personalized for you.
213 
Let's personalize your content