Schneier on Security
SEPTEMBER 12, 2024
Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).
Tech Republic Security
SEPTEMBER 12, 2024
Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 12, 2024
Silver Spring, MD, Sept.12, 2024, CyberNewsWire – – Aembit , the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.
Tech Republic Security
SEPTEMBER 12, 2024
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
SEPTEMBER 12, 2024
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing... The post Cybersecurity Alert: Python Libraries Exploited for Malicious Intent appeared first on Cybersecurity News.
Tech Republic Security
SEPTEMBER 12, 2024
Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 12, 2024
Check out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.
Security Boulevard
SEPTEMBER 12, 2024
Proofpoint this week at its Protect conference launched a series of efforts through which it plans to provide cybersecurity teams with more granular controls in real-time, over what applications and services are accessed by end users. The post Proofpoint Adds Ability to Dynamically Apply Granular Security Controls appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 12, 2024
Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages.
Security Boulevard
SEPTEMBER 12, 2024
We're told over and over again that there are hundreds of thousands of cybersecurity vacancies in the U.S. and millions worldwide. But from what I hear, many new entrants to the application security field find it difficult to land jobs. Why? The post Why Breaking into Cybersecurity Isn’t as Easy as You Think appeared first on Security Boulevard.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Affairs
SEPTEMBER 12, 2024
Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and
Security Boulevard
SEPTEMBER 12, 2024
The use of employee mobile devices at work, or bring your own device (BYOD), is a significant and growing threat to organizational security. The post BYOD Policies Fueling Security Risks appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 12, 2024
In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit... The post CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 12, 2024
In today's digital age, cybersecurity compliance is no longer just a legal necessity or a defensive measure; it has become a catalyst for innovation and growth. The post Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Penetration Testing
SEPTEMBER 12, 2024
Docker Desktop, the go-to application for containerized application development, has recently been found to harbor two critical security vulnerabilities that could enable remote code execution (RCE) attacks. Docker Desktop offers... The post CVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker Desktop appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 12, 2024
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void).
Graham Cluley
SEPTEMBER 12, 2024
Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites. Read more in my article on the Tripwire State of Security blog.
The Hacker News
SEPTEMBER 12, 2024
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
SEPTEMBER 12, 2024
According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. These attacks, primarily targeting... The post Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 12, 2024
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.
WIRED Threat Level
SEPTEMBER 12, 2024
The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
The Hacker News
SEPTEMBER 12, 2024
The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
SEPTEMBER 12, 2024
Tines today added an artificial intelligence (AI) chat interface to its no-code platform for automation cybersecurity workflows. The post Tines Leverages LLMs to Simplify Security Automation appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 12, 2024
Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024.
Penetration Testing
SEPTEMBER 12, 2024
A new report from Mandiant revealed the increasing cyber threats faced by Mexico, with a complex mix of global espionage and local cybercrime targeting both users and enterprises. As the... The post Cyber Threats Intensify in Mexico: Insights from Mandiant on Espionage and Extortion appeared first on Cybersecurity News.
Malwarebytes
SEPTEMBER 12, 2024
We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub , the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
SEPTEMBER 12, 2024
U.K. police arrested a 17-year-old teenager allegedly linked to the cyberattack on London’s public transportation agency, Transport for London. U.K.’s National Crime Agency announced the arrest of a 17-year-old teenager from Walsall who is allegedly linked to the cyberattack that recently hit Transport for London. “The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.” states the
Malwarebytes
SEPTEMBER 12, 2024
Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is cheating on you and we have proof “Hi (target’s name], [Partner’s name] is cheating on you.
Zero Day
SEPTEMBER 12, 2024
Apple unveiled the new iPhone 16 series with camera improvements and larger displays, but which one is right for you? Here's how each model compares.
SecureWorld News
SEPTEMBER 12, 2024
Artificial intelligence adoption is accelerating across industries, and organizations increasingly recognize the need for dedicated AI leadership at the executive level. This has given rise to the emerging role of Chief AI Officer (CAIO). The CAIO is the leader in formulating and driving an organization's AI strategy. This critical role is still taking shape but has become more defined recently as organizations embed AI into their products, services, and operations.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
286 
Let's personalize your content