Schneier on Security
JUNE 17, 2024
Interesting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems.
Bleeping Computer
JUNE 17, 2024
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JUNE 17, 2024
A critical vulnerability (CVE-2024-37902) has been discovered in the Deep Java Library (DJL), a widely-used open-source framework for deep learning projects. The flaw allows attackers to overwrite critical system files, potentially granting them full... The post CVE-2024-37902 (CVSS 10): Critical Flaw in Deep Java Library Opens Door to System Takeover appeared first on Cybersecurity News.
Appknox
JUNE 17, 2024
You might already know a fair bit about r2frida by now - its definition, usage, features, installation, and examples - something we discussed in the previous blog of this series. In case you missed out on it, you can find it here. In this blog, we will explore how r2frida can be instrumental in manipulating an iOS app's runtime.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JUNE 17, 2024
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0.
Security Affairs
JUNE 17, 2024
Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffered by a large organization that they attributed to a China-linked threat actor tracked as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to gain persistent access to the internal network of the target organization and steal sensitive data.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JUNE 17, 2024
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes.
IT Security Guru
JUNE 17, 2024
Ransomware may be an old technique, however, due to increasing levels of digital connectivity, are witnessing a proliferation of ransomware attacks in recent years, which pose significant threats to individuals, businesses, and entire industry sectors industries. Ransomware, in its current form, has evolved into a lucrative criminal enterprise, exploiting vulnerabilities in cybersecurity defences worldwide.
Security Boulevard
JUNE 17, 2024
In a significant move aimed at aiding victims of cyberattacks, the U.S. Federal Bureau of Investigation (FBI) has announced the distribution of more than 7,000 FBI decryption keys associated with the notorious LockBit ransomware decryption. This initiative comes as part of ongoing efforts to mitigate the devastating impact of ransomware attacks on businesses worldwide. […] The post 7000 LockBit Ransomware Decryption Keys Distributed By FBI appeared first on TuxCare.
WIRED Threat Level
JUNE 17, 2024
A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
JUNE 17, 2024
Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the best. The post Runtime Enforcement: Software Security After the Supply Chain Ends appeared first on Security Boulevard.
Malwarebytes
JUNE 17, 2024
Microsoft has announced it will postpone the broadly available preview of the heavily discussed Recall feature for Copilot+ PCs. Copilot+ PCs are personal computers that come equipped with several artificial intelligence (AI) features. The Recall feature tracks anything from web browsing to voice chats. The idea is that Recall can assist users to reconstruct past activity by taking regular screenshots of a user’s activity and storing them locally.
Security Affairs
JUNE 17, 2024
Offers that promise easy earnings can also bring with them a host of scams that deceive those who are genuinely seeking income opportunities. Often, behind these enticing offers are pyramid schemes in which profits are generated through the recruitment of new participants, rather than through actual service, sometimes even causing significant financial losses.
Tech Republic Security
JUNE 17, 2024
Cloud adoption is not slowing down, and neither is the cloud threat landscape. Among many other benefits, the cloud offers increased productivity and flexibility, as well as reduced infrastructural costs. However, despite delivering many goodies, API endpoints hosted in the cloud can be susceptible to at least 12 security issues. These issues can come in.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JUNE 17, 2024
Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated over $430 million in illegal transactions. Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020.
The Hacker News
JUNE 17, 2024
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.
Security Affairs
JUNE 17, 2024
A joint law enforcement operation led to the arrest of a key member of the cybercrime group known as Scattered Spider. Spanish police arrested a 22-year-old British national who is suspected of being a key member of the cybercrime group known as Scattered Spider (also known as UNC3944 , 0ktapus ). The man was arrested in Palma de Mallorca while attempting to fly to Italy, during the arrest, police confiscated a laptop and a mobile phone.
WIRED Threat Level
JUNE 17, 2024
CCTV cameras and AI are being combined to monitor crowds, detect bike thefts, and spot trespassers.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
SecureWorld News
JUNE 17, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency." The CISA warning explicitly states that its employees "will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to kee
Bleeping Computer
JUNE 17, 2024
Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees. [.
Trend Micro
JUNE 17, 2024
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps— balancing detections and business priorities including operational continuity and minimized disruption.
Bleeping Computer
JUNE 17, 2024
A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Affairs
JUNE 17, 2024
The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County’s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024. Threat actors obtained the log-in credentials of 53 Public Health employees through a phishing campaign. “Between February 19, 2024, and February 20, 2024, the Los An
Zero Day
JUNE 17, 2024
Forget all the fake Flipper Zero nonsense you see on TikTok. Here are a bunch of very real and impressive things I've used it for.
SecureBlitz
JUNE 17, 2024
This post will show you 4 important implementations for new restaurants. Launching a new restaurant is an exciting venture, but it requires careful planning and implementation to ensure success. Every element of your restaurant has the potential to captivate and retain customers, from crafting a menu that entices palates to establishing an inviting environment that […] The post 4 Important Implementations for New Restaurants appeared first on SecureBlitz Cybersecurity.
Bleeping Computer
JUNE 17, 2024
Two men have been charged in a Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions between February 2018 and August 2020. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
JUNE 17, 2024
Healthcare organizations worldwide are facing a surge in cyberattacks. The healthcare industry is grappling with increasingly sophisticated cyberattacks, often exploiting known vulnerabilities that should have been addressed much earlier. Automated Linux patching helps ensure that systems are continuously updated with the latest security patches. These days, healthcare organizations are increasingly relying on advanced technologies like […] The post How Automated Linux Patching Boosts Healthcare
SecureBlitz
JUNE 17, 2024
Capturing great photos requires more than just a good eye and creative vision—it also relies on having the right photography supplies at your disposal. Possessing the right tools—from cameras and lenses to lighting fixtures and accessories—can make all the difference in producing amazing outcomes. This comprehensive guide will explore essential photography supplies that every photographer […] The post Photography Supplies: What You Need to Take Great Photos appeared first on SecureBlitz Cy
Thales Cloud Protection & Licensing
JUNE 17, 2024
Guide to Achieving ISO27001:2022 Compliance glenn.hamilton… Tue, 06/18/2024 - 06:01 ISO/IEC 27001:2022 , the latest edition of the internationally recognized standard for information security management systems (ISMS), introduces several significant updates and revisions to address the evolving security challenges that worldwide organizations face. One of the most significant changes in the standard is the overhaul of Annex A, which now aligns closely with the updates introduced in ISO/IEC 2700
Security Boulevard
JUNE 17, 2024
As retailers compete in an increasingly competitive marketplace, they invest a great deal of resources in becoming household names. But brand recognition is a double-edged sword when it comes to cybersecurity. The bigger your name, the bigger the cyber target on your back. Data breaches in the retail sector cost an average of $3.28 million. The post Navigating Retail: Overcoming the Top 3 Identity Security Challenges appeared first on Silverfort.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
286 
Let's personalize your content