Schneier on Security
SEPTEMBER 12, 2024
Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).
Tech Republic Security
SEPTEMBER 12, 2024
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
SEPTEMBER 12, 2024
Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian
Tech Republic Security
SEPTEMBER 12, 2024
Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 12, 2024
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua.
Malwarebytes
SEPTEMBER 12, 2024
We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub , the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
SEPTEMBER 12, 2024
The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
Tech Republic Security
SEPTEMBER 12, 2024
Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers.
The Hacker News
SEPTEMBER 12, 2024
Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages.
Malwarebytes
SEPTEMBER 12, 2024
Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is cheating on you and we have proof “Hi (target’s name], [Partner’s name] is cheating on you.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
SEPTEMBER 12, 2024
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing... The post Cybersecurity Alert: Python Libraries Exploited for Malicious Intent appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 12, 2024
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.
Security Boulevard
SEPTEMBER 12, 2024
Proofpoint this week at its Protect conference launched a series of efforts through which it plans to provide cybersecurity teams with more granular controls in real-time, over what applications and services are accessed by end users. The post Proofpoint Adds Ability to Dynamically Apply Granular Security Controls appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 12, 2024
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void).
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
SEPTEMBER 12, 2024
Silver Spring, MD, Sept.12, 2024, CyberNewsWire – – Aembit , the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.
The Hacker News
SEPTEMBER 12, 2024
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.
Security Boulevard
SEPTEMBER 12, 2024
In today's digital age, cybersecurity compliance is no longer just a legal necessity or a defensive measure; it has become a catalyst for innovation and growth. The post Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 12, 2024
The Singapore Police Force (SPF) has arrested six individuals for their role in the operations of a cybercrime ring in the country. The Singapore Police Force (SPF) arrested five Chinese nationals, aged 32 to 42, and a 34-year-old Singaporean man for the alleged involvement in illegal cyber activities in the country. On 9 September 2024, around 160 officers from various Singapore Police Force units conducted raids across the island, leading to the arrests and the seizure of electronic devices an
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
SEPTEMBER 12, 2024
In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit... The post CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw appeared first on Cybersecurity News.
Tech Republic Security
SEPTEMBER 12, 2024
Check out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.
Penetration Testing
SEPTEMBER 12, 2024
Docker Desktop, the go-to application for containerized application development, has recently been found to harbor two critical security vulnerabilities that could enable remote code execution (RCE) attacks. Docker Desktop offers... The post CVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker Desktop appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 12, 2024
Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
SEPTEMBER 12, 2024
We're told over and over again that there are hundreds of thousands of cybersecurity vacancies in the U.S. and millions worldwide. But from what I hear, many new entrants to the application security field find it difficult to land jobs. Why? The post Why Breaking into Cybersecurity Isn’t as Easy as You Think appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 12, 2024
The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users.
Security Affairs
SEPTEMBER 12, 2024
U.K. police arrested a 17-year-old teenager allegedly linked to the cyberattack on London’s public transportation agency, Transport for London. U.K.’s National Crime Agency announced the arrest of a 17-year-old teenager from Walsall who is allegedly linked to the cyberattack that recently hit Transport for London. “The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.” states the
Security Boulevard
SEPTEMBER 12, 2024
The use of employee mobile devices at work, or bring your own device (BYOD), is a significant and growing threat to organizational security. The post BYOD Policies Fueling Security Risks appeared first on Security Boulevard.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
SEPTEMBER 12, 2024
Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity company Check Point said in a new analysis.
Penetration Testing
SEPTEMBER 12, 2024
According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. These attacks, primarily targeting... The post Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released appeared first on Cybersecurity News.
Graham Cluley
SEPTEMBER 12, 2024
Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites. Read more in my article on the Tripwire State of Security blog.
Security Boulevard
SEPTEMBER 12, 2024
Tines today added an artificial intelligence (AI) chat interface to its no-code platform for automation cybersecurity workflows. The post Tines Leverages LLMs to Simplify Security Automation appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
322 
Let's personalize your content