Lohrman on Security
JUNE 30, 2024
I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.
Bleeping Computer
JUNE 30, 2024
Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
JUNE 30, 2024
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.
Bleeping Computer
JUNE 30, 2024
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. [.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Affairs
JUNE 30, 2024
Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).
Bleeping Computer
JUNE 30, 2024
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 30, 2024
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. [.
Penetration Testing
JUNE 30, 2024
In a move towards greater transparency and security, Microsoft has announced a new practice of assigning Common Vulnerabilities and Exposures (CVE) numbers for significant vulnerabilities found and fixed within their cloud services. This shift... The post Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities appeared first on Cybersecurity News.
SecureBlitz
JUNE 30, 2024
In this post, I will address the future of manufacturing and talk about cutting-edge tech. Cutting-edge developments are about to trigger a technological revolution in the manufacturing sector. Innovations in artificial intelligence, 3D printing, robotics, quantum computing, and the Industrial Internet of Things are revolutionizing the design, manufacturing, and maintenance of products.
Penetration Testing
JUNE 30, 2024
Researchers at the University of California San Diego have published a groundbreaking paper detailing a new class of security vulnerabilities in Intel’s high-end CPUs. These vulnerabilities, dubbed “Indirector” attacks, exploit weaknesses in the chip’s... The post Indirector – High-Precision Branch Target Injection Attacks: A New Threat to Intel CPUs appeared first on Cybersecurity News.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JUNE 30, 2024
Authors/Presenters:Athanasios Avgetidis, Omar Alrawi, Kevin Valakuzhy, Charles Lever, Paul Burbage, Angelos D. Keromytis, Fabian Monrose, Manos Antonakakis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Penetration Testing
JUNE 30, 2024
A critical denial-of-service (DoS) vulnerability has been identified in media servers handling WebRTC’s DTLS-SRTP. This flaw, stemming from a race condition between ICE and DTLS traffic, can disrupt media sessions, threatening the availability of... The post Critical Vulnerability in WebRTC Media Servers Threatens Real-Time Communication appeared first on Cybersecurity News.
Security Boulevard
JUNE 30, 2024
I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from. The post Montgomery County, Md.’s Chatbot Shows GenAI in Action appeared first on Security Boulevard.
Penetration Testing
JUNE 30, 2024
A security researcher has released proof-of-concept (PoC) exploit code targeting a high-severity vulnerability (CVE-2024-0193) within the Linux kernel. This use-after-free flaw in the netfilter subsystem, scored 7.8 on the CVSS scale, can be exploited... The post PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193) appeared first on Cybersecurity News.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Zero Day
JUNE 30, 2024
Gen AI opens up all kinds of opportunities to obtain sensitive data without even building malware.
Penetration Testing
JUNE 30, 2024
In a recent report, Unit 42 researchers have revealed a concerning trend: threat actors are increasingly exploiting publicly available Cobalt Strike profiles to mask their malicious activities and bypass security measures. Cobalt Strike, a... The post Attackers Leveraging Public Cobalt Strike Profiles to Evade Detection appeared first on Cybersecurity News.
Troy Hunt
JUNE 30, 2024
Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.
Penetration Testing
JUNE 30, 2024
Security researchers at Trend Micro have uncovered a sophisticated campaign by the Water Sigbin threat actor, also known as the 8220 Gang, targeting Oracle WebLogic servers to deploy XMRig cryptocurrency miners. This group, primarily... The post Water Sigbin Threat Actor Targets Oracle WebLogic Servers to Deploy XMRig Cryptominer appeared first on Cybersecurity News.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Penetration Testing
JUNE 30, 2024
The Document Foundation, the organization behind the popular open-source office suite LibreOffice, has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-5261) in its LibreOfficeKit component. This flaw could allow attackers to intercept... The post CVE-2024-5261 (CVSS 10): LibreOffice Patches Critical Vulnerability in LibreOfficeKit appeared first on Cybersecurity News.
Expert insights. Personalized for you.
117 
Let's personalize your content