Schneier on Security
SEPTEMBER 6, 2024
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack , requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis.
Troy Hunt
SEPTEMBER 6, 2024
It's been a while since I've just gone all "AMA" on a weekly update, but this was just one of those weeks that flew by with my head mostly in the code and not doing much else. There's a bit of discussion about that this week, but it's mostly around the ongoing pain of resellers and all the various issues supporting them then creates as a result.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 6, 2024
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy.
Tech Republic Security
SEPTEMBER 6, 2024
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
SEPTEMBER 6, 2024
Eaten by a GRU: Fake ransomware created by Russian GRU Unit 29155 attacked Ukraine and NATO—a month before the full scale invasion. The post Russian ‘WhisperGate’ Hacks: 5 More Indicted appeared first on Security Boulevard.
WIRED Threat Level
SEPTEMBER 6, 2024
Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
SEPTEMBER 6, 2024
The inherent limitations of signature-based approaches have often driven practitioners and vendors to shift toward behavioral methods. The post Is Cloud Security Ready for a Pivot to Behavioral Detection & Response appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 6, 2024
Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific cond
Penetration Testing
SEPTEMBER 6, 2024
Red Hat has issued a critical security advisory warning of an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments. The vulnerability, with... The post Red Hat Issues Critical Patch for Pulpcore Authentication Bypass Flaw (CVE-2024-7923) appeared first on Cybersecurity News.
Security Affairs
SEPTEMBER 6, 2024
Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information. “We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
SEPTEMBER 6, 2024
IBM has issued a critical security advisory for its webMethods Integration Server, revealing multiple vulnerabilities that could allow authenticated users to execute arbitrary commands, escalate privileges, and access sensitive files.... The post CVE-2024-45076 (CVSS 9.9): Critical Flaw in IBM webMethods Integration Demand Immediate Action appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 6, 2024
Cisco Talos researchers found that multiple bad actors were abusing the MacroPack framework, continuing an ongoing trend of hackers repurposing legitimate security software tools to run cyber campaigns against organizations. The post Threat Actors Abuse Red Team Tool MacroPack to Deliver Malware appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 6, 2024
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
Security Boulevard
SEPTEMBER 6, 2024
Zero-trust, rooted in the principle of "never trust, always verify," requires organizations to assume that every access request, whether internal or external, is potentially harmful. The post Overcoming the Challenges of Zero-Trust appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
SEPTEMBER 6, 2024
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).
Security Boulevard
SEPTEMBER 6, 2024
NIST has released Version 2.0 of its widely used Cybersecurity Framework (CSF), a guidance document for mitigating cybersecurity risks. This update is not just a revision but a transformative approach to secure digital assets and infrastructures. The new version represents a significant advancement in addressing the evolving and complex cyber threats, offering a forward-looking perspective […] The post NIST CSF 2.0 Cyber Security Framework appeared first on Kratikal Blogs.
Security Affairs
SEPTEMBER 6, 2024
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications.
Security Boulevard
SEPTEMBER 6, 2024
A healthy approach to GenAI is one in which organizations build security protections from the start. Here are tips on how to integrate security into your organization's GenAI strategy from day zero. The post Why and How to Secure GenAI Investments From Day Zero appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Zero Day
SEPTEMBER 6, 2024
I've spent the summer testing solar-powered power banks. It turns out the devices are universally rubbish and potentially unsafe. Here's what I suggest using instead.
The Hacker News
SEPTEMBER 6, 2024
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future.
Heimadal Security
SEPTEMBER 6, 2024
The Russian threat actors responsible for the worldwide attacks on key infrastructure, identified as Cadet Blizzard and Ember Bear, have been connected by the United States and its allies to Unit 29155 of the Main Directorate of the General Staff of the Armed Forces (GRU). Joint Advisory Released: Key Information According to a joint advisory […] The post Russian Threat Actors Target Critical Infrastructure in the U.S. and Across the World appeared first on Heimdal Security Blog.
The Hacker News
SEPTEMBER 6, 2024
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
SecureWorld News
SEPTEMBER 6, 2024
The inspiration for my book, Soft Skills in Technical Sales , came from observing changes in the roles of sales engineers and salespeople. Sales engineers are now doing more direct selling, while salespeople are handling more procurement tasks. I've been in the cybersecurity industry for a long time and remember when we only had a few products to sell.
Heimadal Security
SEPTEMBER 6, 2024
American chip producer Microchip confirms that employee data was stolen during the cyberattack they suffered in August. The incident happened on August 17, and Microchip disclosed it on August 20, declaring that some of their manufacturing facilities had been affected. The cyberattack influenced the company’s ability to meet orders and forced it to shut down […] The post Microchip Technology Confirms Data Was Stolen in August Cyberattack appeared first on Heimdal Security Blog.
Zero Day
SEPTEMBER 6, 2024
The WDTA framework spans the lifecycle of large language models, offering guidelines to manage integration with other systems.
Security Boulevard
SEPTEMBER 6, 2024
Gary Perkins, Chief Information Security Officer In this landscape, organizations need a multi-faceted approach that includes prevention, detection, and response capabilities. A warranty tied to a comprehensive security solution supports this approach, providing both technological protection and financial assurance. The Trouble with Insurance Cyber insurers are increasingly being viewed with skepticism by organizations seeking protection […] The post Cyber Insurers Are Not Your Friend – Why a Wa
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Zero Day
SEPTEMBER 6, 2024
Narwal has just released a new flagship robot vacuum and mop with do-it-all functions that will remind you of The Jetsons.
WIRED Threat Level
SEPTEMBER 6, 2024
The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen.
Penetration Testing
SEPTEMBER 6, 2024
AhnLab Security Intelligence Center (ASEC) has uncovered a new phishing campaign targeting Netflix users, where cybercriminals are impersonating the popular streaming service to steal sensitive information. With the increasing popularity... The post Netflix Phishing Scam: Even the Savviest Streamers Can Fall Victim appeared first on Cybersecurity News.
Zero Day
SEPTEMBER 6, 2024
Sonos' recent upheaval highlights the risks of closed systems in home audio. Here's how an open-source platform and universal speaker connectivity standard could benefit everyone.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
261 
Let's personalize your content