Schneier on Security
SEPTEMBER 6, 2024
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack , requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis.
Troy Hunt
SEPTEMBER 6, 2024
It's been a while since I've just gone all "AMA" on a weekly update, but this was just one of those weeks that flew by with my head mostly in the code and not doing much else. There's a bit of discussion about that this week, but it's mostly around the ongoing pain of resellers and all the various issues supporting them then creates as a result.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 6, 2024
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy.
Tech Republic Security
SEPTEMBER 6, 2024
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
SEPTEMBER 6, 2024
Eaten by a GRU: Fake ransomware created by Russian GRU Unit 29155 attacked Ukraine and NATO—a month before the full scale invasion. The post Russian ‘WhisperGate’ Hacks: 5 More Indicted appeared first on Security Boulevard.
WIRED Threat Level
SEPTEMBER 6, 2024
Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
SEPTEMBER 6, 2024
Red Hat has issued a critical security advisory warning of an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments. The vulnerability, with... The post Red Hat Issues Critical Patch for Pulpcore Authentication Bypass Flaw (CVE-2024-7923) appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 6, 2024
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
Penetration Testing
SEPTEMBER 6, 2024
IBM has issued a critical security advisory for its webMethods Integration Server, revealing multiple vulnerabilities that could allow authenticated users to execute arbitrary commands, escalate privileges, and access sensitive files.... The post CVE-2024-45076 (CVSS 9.9): Critical Flaw in IBM webMethods Integration Demand Immediate Action appeared first on Cybersecurity News.
Security Affairs
SEPTEMBER 6, 2024
Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific cond
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Boulevard
SEPTEMBER 6, 2024
Cisco Talos researchers found that multiple bad actors were abusing the MacroPack framework, continuing an ongoing trend of hackers repurposing legitimate security software tools to run cyber campaigns against organizations. The post Threat Actors Abuse Red Team Tool MacroPack to Deliver Malware appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 6, 2024
The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its allies state that GRU is behind global critical infrastructure attacks.
Security Boulevard
SEPTEMBER 6, 2024
Zero-trust, rooted in the principle of "never trust, always verify," requires organizations to assume that every access request, whether internal or external, is potentially harmful. The post Overcoming the Challenges of Zero-Trust appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 6, 2024
Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information. “We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
SEPTEMBER 6, 2024
NIST has released Version 2.0 of its widely used Cybersecurity Framework (CSF), a guidance document for mitigating cybersecurity risks. This update is not just a revision but a transformative approach to secure digital assets and infrastructures. The new version represents a significant advancement in addressing the evolving and complex cyber threats, offering a forward-looking perspective […] The post NIST CSF 2.0 Cyber Security Framework appeared first on Kratikal Blogs.
The Hacker News
SEPTEMBER 6, 2024
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).
Heimadal Security
SEPTEMBER 6, 2024
The Russian threat actors responsible for the worldwide attacks on key infrastructure, identified as Cadet Blizzard and Ember Bear, have been connected by the United States and its allies to Unit 29155 of the Main Directorate of the General Staff of the Armed Forces (GRU). Joint Advisory Released: Key Information According to a joint advisory […] The post Russian Threat Actors Target Critical Infrastructure in the U.S. and Across the World appeared first on Heimdal Security Blog.
Security Boulevard
SEPTEMBER 6, 2024
A healthy approach to GenAI is one in which organizations build security protections from the start. Here are tips on how to integrate security into your organization's GenAI strategy from day zero. The post Why and How to Secure GenAI Investments From Day Zero appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Heimadal Security
SEPTEMBER 6, 2024
American chip producer Microchip confirms that employee data was stolen during the cyberattack they suffered in August. The incident happened on August 17, and Microchip disclosed it on August 20, declaring that some of their manufacturing facilities had been affected. The cyberattack influenced the company’s ability to meet orders and forced it to shut down […] The post Microchip Technology Confirms Data Was Stolen in August Cyberattack appeared first on Heimdal Security Blog.
The Hacker News
SEPTEMBER 6, 2024
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future.
Zero Day
SEPTEMBER 6, 2024
I've spent the summer testing solar-powered power banks. It turns out the devices are universally rubbish and potentially unsafe. Here's what I suggest using instead.
The Hacker News
SEPTEMBER 6, 2024
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureWorld News
SEPTEMBER 6, 2024
The inspiration for my book, Soft Skills in Technical Sales , came from observing changes in the roles of sales engineers and salespeople. Sales engineers are now doing more direct selling, while salespeople are handling more procurement tasks. I've been in the cybersecurity industry for a long time and remember when we only had a few products to sell.
Security Affairs
SEPTEMBER 6, 2024
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications.
Zero Day
SEPTEMBER 6, 2024
The WDTA framework spans the lifecycle of large language models, offering guidelines to manage integration with other systems.
WIRED Threat Level
SEPTEMBER 6, 2024
The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Zero Day
SEPTEMBER 6, 2024
Narwal has just released a new flagship robot vacuum and mop with do-it-all functions that will remind you of The Jetsons.
Security Boulevard
SEPTEMBER 6, 2024
Gary Perkins, Chief Information Security Officer In this landscape, organizations need a multi-faceted approach that includes prevention, detection, and response capabilities. A warranty tied to a comprehensive security solution supports this approach, providing both technological protection and financial assurance. The Trouble with Insurance Cyber insurers are increasingly being viewed with skepticism by organizations seeking protection […] The post Cyber Insurers Are Not Your Friend – Why a Wa
Penetration Testing
SEPTEMBER 6, 2024
AhnLab Security Intelligence Center (ASEC) has uncovered a new phishing campaign targeting Netflix users, where cybercriminals are impersonating the popular streaming service to steal sensitive information. With the increasing popularity... The post Netflix Phishing Scam: Even the Savviest Streamers Can Fall Victim appeared first on Cybersecurity News.
Zero Day
SEPTEMBER 6, 2024
Sonos' recent upheaval highlights the risks of closed systems in home audio. Here's how an open-source platform and universal speaker connectivity standard could benefit everyone.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
252 
Let's personalize your content