Schneier on Security
AUGUST 6, 2024
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of dollars. We need one. To be sure, there is the White House’s Cyber Safety Review Board.
The Last Watchdog
AUGUST 6, 2024
LAS VEGAS — As Black Hat USA 2024 plays out here this week, the disruptive impact of GenAI/LLM at many different levels will be in the spotlight. Related : GenAI introduces fresh risks We’re in early days. The productivity gains are ramping up – but so are the exposures. I had the chance to visit with Amod Gupta , head of product at Traceable ; we discussed how GenAI/LLM is reverberating at the API level, where hyper-interconnectivity continues to intensify.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 6, 2024
IBM’s recent Cost of a Data Breach report found that the average cost of a data breach in Australia reached a record-high in 2024. Explore additional key findings and how the Australian government is mitigating these threats.
Security Affairs
AUGUST 6, 2024
Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices. Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. The incident impacted users globally, the attackers remotely wiped a small percentage of devices, according to the company.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
AUGUST 6, 2024
If you’ve been following any news about ransomware , you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And it’s back, with full force, demanding four figure ransoms to unencrypt data.
Bleeping Computer
AUGUST 6, 2024
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
AUGUST 6, 2024
A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [.
The Hacker News
AUGUST 6, 2024
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.
Security Boulevard
AUGUST 6, 2024
C-level executives have insights, access and control over privileged company data, systems and finances. Such information and access are highly coveted by cybercriminals, due to their potential for exploitation and illicit gain. The post The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cybersecurity? appeared first on Security Boulevard.
Security Affairs
AUGUST 6, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a deserialization of untrusted data vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
AUGUST 6, 2024
Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes. The same analysis also revealed that, while men report more regret in sharing their locations, women report less awareness in how their locations can be accessed, particularly through food delivery apps, ride-hailing services, vacation rental platforms, and othe
The Hacker News
AUGUST 6, 2024
INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024.
Security Affairs
AUGUST 6, 2024
Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms. Ransomware attacks are the most significant risk for modern organizations, with the Verizon Data Breach Report 2024 reporting that ransomware is a top threat across 92% of industries. In recent years, the number of ransomware attacks has grown significantly.
Malwarebytes
AUGUST 6, 2024
Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
AUGUST 6, 2024
Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability.
Security Boulevard
AUGUST 6, 2024
On July 10th, the White House released Memorandum M24-14, giving administrative agencies guidance for cybersecurity priorities when building FY26 budgets. The […] The post White House Memo Pushes Federal Agencies on Cybersecurity appeared first on Security Boulevard.
Security Affairs
AUGUST 6, 2024
The Réunion des Musées Nationaux network, including Paris’ Grand Palais and other museums, was hit by a ransomware attack. A ransomware attack hit the Réunion des Musées Nationaux network, including Paris’ Grand Palais and other museums. The attack impacted around 40 museums across France. The attack occurred on Sunday, and despite some affected venues are hosting Summer Olympics competitions, the incident had no impact on the Olympic Games.
The Hacker News
AUGUST 6, 2024
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
SecureWorld News
AUGUST 6, 2024
A contentious clash has erupted between Delta Air Lines and cybersecurity firm CrowdStrike following the July 19th incident in which a faulty update to CrowdStrike's Falcon software caused more than 8.5 million Windows devices worldwide to crash and become unbootable. The impact was particularly severe for Delta, resulting in more than 5,000 flight cancellations over five days and an estimated $500 million in losses, according to Delta CEO Ed Bastian.
Security Boulevard
AUGUST 6, 2024
AWS details Mithra, its massive neural network graph model that runs on its internal systems and is used to identify and rank malicious domains that threaten the cloud giants systems that hold its customers' data. The post AWS’ Mithra Neural Network Detects, Ranks Malicious Domains appeared first on Security Boulevard.
Graham Cluley
AUGUST 6, 2024
Are you eager for your credit report to be "cleaned-up" so lenders and landlords will have a better opinion of your financial responsibility and creditworthiness? You might be wise to read my article on the Hot for Security blog.
Bleeping Computer
AUGUST 6, 2024
Google has confirmed plans to implement Web Monetization in Chrome, allowing website owners to receive micro-payments as tips or rewards for their content as an additional way to generate revenue. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Penetration Testing
AUGUST 6, 2024
The hacker group APT28 recently launched a new campaign to distribute the HeadLace malware through a fake car sale advertisement. The campaign began in March 2024 and is likely targeting diplomats. This tactic is... The post Fake Car Ads Conceal APT28’s HeadLace Malware Attack appeared first on Cybersecurity News.
The Hacker News
AUGUST 6, 2024
Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gatekeeper protections. Gatekeeper is a crucial line of defense built into macOS designed to ensure that only trusted apps run on the operating system.
Security Affairs
AUGUST 6, 2024
South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea’s national security and intelligence agencies, including the National Intelligence Service, the Prosecutor’s Office, the Police Agency, the Military Intelligence Command, and the Cyber Operations Command, have issued a joint cybersecurity advisory to warn that North Korea-linked hackers exploited VPN software update to install
Security Boulevard
AUGUST 6, 2024
Organizations that operate on a global scale must adopt some special practices to ensure not just that they can manage endpoints effectively, but also that they do so in ways that ensure a smooth experience for end-users. The post 5 Best Practices for Managing Endpoints On a Global Scale appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
AUGUST 6, 2024
Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.
Graham Cluley
AUGUST 6, 2024
In episode ten of "The AI Fix" podcast, Graham attempts to say "quinoa", Mark draws a line in the amper-sand, ChatGPT becomes an expert in solar panels and bomb disposal, and our hosts watch a terrifying tailer for a creepy new AI friend. Graham discovers that the world of AI cookery is a soggy, limey mess, and learns an unusual trick for making a great mojito, while Mark pits his co-host against the cleverest AI brains in the world.
Bleeping Computer
AUGUST 6, 2024
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [.
Security Boulevard
AUGUST 6, 2024
Phishing attacks have been a prevalent cybersecurity threat for years, but with the advancement of artificial intelligence (AI), threat actors are now able to create more sophisticated and convincing phishing campaigns. This evolution has made it even more challenging to detect and prevent these attacks and threats are bypassing secure email gateways (SEGs) at an […] The post The Evolution of Phishing: How AI is Revolutionizing Cybersecurity Threats appeared first on Cofense.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
258 
Let's personalize your content