Troy Hunt
JUNE 30, 2024
Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.
Lohrman on Security
JUNE 30, 2024
I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JUNE 30, 2024
Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).
Bleeping Computer
JUNE 30, 2024
Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. [.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
JUNE 30, 2024
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.
Security Affairs
JUNE 30, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Infosys McCamish Systems data breach impacted over 6 million people A cyberattack shut down the University Hospital Centre Zagreb in Croatia US announces a $10M reward for Russia’s GRU hacker behind attacks on Ukraine New P2Pinfect version delivers
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureBlitz
JUNE 30, 2024
In this post, I will address the future of manufacturing and talk about cutting-edge tech. Cutting-edge developments are about to trigger a technological revolution in the manufacturing sector. Innovations in artificial intelligence, 3D printing, robotics, quantum computing, and the Industrial Internet of Things are revolutionizing the design, manufacturing, and maintenance of products.
Bleeping Computer
JUNE 30, 2024
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. [.
Penetration Testing
JUNE 30, 2024
In a move towards greater transparency and security, Microsoft has announced a new practice of assigning Common Vulnerabilities and Exposures (CVE) numbers for significant vulnerabilities found and fixed within their cloud services. This shift... The post Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities appeared first on Cybersecurity News.
Bleeping Computer
JUNE 30, 2024
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. [.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
JUNE 30, 2024
Researchers at the University of California San Diego have published a groundbreaking paper detailing a new class of security vulnerabilities in Intel’s high-end CPUs. These vulnerabilities, dubbed “Indirector” attacks, exploit weaknesses in the chip’s... The post Indirector – High-Precision Branch Target Injection Attacks: A New Threat to Intel CPUs appeared first on Cybersecurity News.
Zero Day
JUNE 30, 2024
Gen AI opens up all kinds of opportunities to obtain sensitive data without even building malware.
Penetration Testing
JUNE 30, 2024
A critical denial-of-service (DoS) vulnerability has been identified in media servers handling WebRTC’s DTLS-SRTP. This flaw, stemming from a race condition between ICE and DTLS traffic, can disrupt media sessions, threatening the availability of... The post Critical Vulnerability in WebRTC Media Servers Threatens Real-Time Communication appeared first on Cybersecurity News.
Security Boulevard
JUNE 30, 2024
Authors/Presenters:Athanasios Avgetidis, Omar Alrawi, Kevin Valakuzhy, Charles Lever, Paul Burbage, Angelos D. Keromytis, Fabian Monrose, Manos Antonakakis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
JUNE 30, 2024
A security researcher has released proof-of-concept (PoC) exploit code targeting a high-severity vulnerability (CVE-2024-0193) within the Linux kernel. This use-after-free flaw in the netfilter subsystem, scored 7.8 on the CVSS scale, can be exploited... The post PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193) appeared first on Cybersecurity News.
Security Boulevard
JUNE 30, 2024
I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from. The post Montgomery County, Md.’s Chatbot Shows GenAI in Action appeared first on Security Boulevard.
Penetration Testing
JUNE 30, 2024
In a recent report, Unit 42 researchers have revealed a concerning trend: threat actors are increasingly exploiting publicly available Cobalt Strike profiles to mask their malicious activities and bypass security measures. Cobalt Strike, a... The post Attackers Leveraging Public Cobalt Strike Profiles to Evade Detection appeared first on Cybersecurity News.
Penetration Testing
JUNE 30, 2024
Security researchers at Trend Micro have uncovered a sophisticated campaign by the Water Sigbin threat actor, also known as the 8220 Gang, targeting Oracle WebLogic servers to deploy XMRig cryptocurrency miners. This group, primarily... The post Water Sigbin Threat Actor Targets Oracle WebLogic Servers to Deploy XMRig Cryptominer appeared first on Cybersecurity News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
JUNE 30, 2024
The Document Foundation, the organization behind the popular open-source office suite LibreOffice, has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-5261) in its LibreOfficeKit component. This flaw could allow attackers to intercept... The post CVE-2024-5261 (CVSS 10): LibreOffice Patches Critical Vulnerability in LibreOfficeKit appeared first on Cybersecurity News.
Expert insights. Personalized for you.
267 
Let's personalize your content