Sun.Oct 06, 2024

article thumbnail

Learning from the NASCIO Annual Conference 2024

Lohrman on Security

The National Association of State CIOs (NASCIO) held its annual conference in New Orleans, La., this past week. Here are some of the highlights, along with some thoughts about what the future holds for state CIOs.

207
207
article thumbnail

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

Hacking 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

The Hacker News

Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region.

article thumbnail

Google Pixel 9 supports new security features to mitigate baseband attacks

Security Affairs

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to performance constraints, Pixel has implemented security hardening measures for years.

Firmware 138
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-47191: Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits

Penetration Testing

A serious vulnerability has been identified in the OATH-Toolkit’s PAM module, exposing systems to potential root-level exploits when handling one-time password (OTP) authentication. This issue, tracked as CVE-2024-47191, was discovered... The post CVE-2024-47191: Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits appeared first on Cybersecurity News.

article thumbnail

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-

More Trending

article thumbnail

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

Security Affairs

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments. In February 2022, Light participated in a cyber attack on an investment firm in Sioux Falls, South Dakota, stealing over $37,000,000 worth of cryptocurrency from 571 victims.

article thumbnail

WordPress Security Checklist

Tech Republic Security

Stories of virus and malware infections, data loss, system compromises, and unauthorized access dominate headlines, and your WordPress website may be contributing to the problem. Therefore, it is vital to protect your WordPress site and your data, readers, users, and company by regularly auditing your WordPress site’s security configurations. Fortunately, checklists are proven tools that.

Malware 94
article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.

Malware 125
article thumbnail

Redis Patches for Multi Flaws, Including Potential RCE (CVE-2024-31449)

Penetration Testing

Redis, a popular open-source data structure store often used as a database, cache, and message broker, has urged users to update their installations immediately following the discovery of three new... The post Redis Patches for Multi Flaws, Including Potential RCE (CVE-2024-31449) appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

5 hurricane-tracking apps I rely on as a Floridian tech pro - and which one is my favorite

Zero Day

I've weathered multiple hurricanes from my South Florida home and refined my approach to preparing for them along the way. These are my essential weather-tracking tools that I use to stay ahead of severe storms.

75
article thumbnail

Privilege Escalation and Remote Code Execution Threaten Cisco Routers: No Updates Available

Penetration Testing

In a recent security advisory, Cisco revealed multiple vulnerabilities impacting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which could potentially expose businesses to serious... The post Privilege Escalation and Remote Code Execution Threaten Cisco Routers: No Updates Available appeared first on Cybersecurity News.

article thumbnail

Best Prime Day security camera deals to shop in October 2024

Zero Day

During Amazon's Prime Big Deal Days sale, save big bucks on your favorite smart home tech products. Check out these security camera deals from popular brands like Ring, Blink, and Arlo.

75
article thumbnail

Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519

Penetration Testing

Enterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently disclosed security flaw, tracked as CVE-2024-45519, has been under attack... The post Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519 appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

5 best hurricane-tracking apps that I rely on as a Floridian tech pro

Zero Day

I've weathered multiple hurricanes from my South Florida home and refined my approach to preparing for them along the way. These are my essential weather-tracking tools that I use to stay ahead of severe storms.

75
article thumbnail

Zoom Phishing Alert: Researcher Identifies New Threat Targeting Microsoft Accounts

Penetration Testing

As millions of users continue to rely on Zoom for everything from business meetings to collaborative projects, threat actors have found new ways to exploit this trusted platform. In a... The post Zoom Phishing Alert: Researcher Identifies New Threat Targeting Microsoft Accounts appeared first on Cybersecurity News.

article thumbnail

Get the AirPods Pro 2 for $60 off ahead of October Prime Day

Zero Day

Apple just unveiled the AirPods 4, but you can buy the AirPods Pro (2nd generation), which can double as a hearing aid, at a nice discount ahead of Prime Day.

75
article thumbnail

SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia

Penetration Testing

In a recent discovery, the Securonix Threat Research team, led by Den Iuzvyk and Tim Peck, has uncovered a stealthy malware campaign attributed to North Korea’s APT37, also known as... The post SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia appeared first on Cybersecurity News.

Malware 74
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Save 55% on this Radeon RX 7800 XT graphics card at Walmart

Zero Day

Disappointed in Amazon's October Prime Day graphics card deals? You can pick up the Sapphire Pulse AMD Radeon RX 7800 XT for just $510 at Walmart, that's a 55 percent discount!

75
article thumbnail

CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat

Penetration Testing

Cybersecurity researchers at Rapid7 Labs have released a detailed report on CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware as a primary tool in their attacks. Emerging... The post CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat appeared first on Cybersecurity News.

article thumbnail

Get a 5-year VPN subscription for $35 with this deal

Zero Day

With this AdGuard VPN deal, you can enjoy the benefits of a privacy-enhancing VPN on your mobile devices for the next five years for the equivalent of less than a dollar a month.

VPN 75
article thumbnail

PoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunes

Penetration Testing

Security researcher mbog14 has published the technical details and proof-of-concept for a critical local privilege escalation (LPE) vulnerability affecting iTunes version 12.13.2.3, identified as CVE-2024-44193 (CVSS 8.4). This flaw, which... The post PoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunes appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Get a free pair of Buds FE in this Samsung October Prime Day bundle

Zero Day

Amazon's October Prime Day kicks off tomorrow, but you can save big right now with this Samsung smartphone bundle deal.

75
article thumbnail

How Cybercriminals Use Stolen Data to Target Companies — A Deep Dive into the Dark Web

Security Boulevard

The digital world has revolutionized the way we live and work, but it has also opened up a new realm for cybercriminals. The rise of the dark web has provided a breeding ground for hackers and other malicious actors to trade stolen data and launch attacks against companies worldwide. This blog post provides a summary … The post How Cybercriminals Use Stolen Data to Target Companies — A Deep Dive into the Dark Web appeared first on Security Boulevard.

69
article thumbnail

Best Prime Day deals under $100 to shop in October 2024

Zero Day

Need to give yourself a budget cap? These 45 deals are already available ahead of Amazon's October Prime Day event next week - and they're all under $100.

75
article thumbnail

Researchers Detail Ruby-SAML/GitLab Flaw (CVE-2024-45409) Allows SAML Authentication Bypass

Penetration Testing

In a recent analysis conducted by Harsh Jaiswal and Rahul Maini at ProjectDiscovery, a critical vulnerability, CVE-2024-45409, was uncovered, exposing a flaw in Ruby-SAML and OmniAuth-SAML libraries, both of which... The post Researchers Detail Ruby-SAML/GitLab Flaw (CVE-2024-45409) Allows SAML Authentication Bypass appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Amazon Prime Day deals live: We found 150+ of the best deals ahead of October's Big Deal Days

Zero Day

October Prime Day is just days away, but our deal-hunting experts have found the best early Prime Day deals live now on TVs, laptops, phones, kitchen appliances, and more.

75
article thumbnail

Kia Security Flaw Exposed, NIST’s New Password Guidelines

Security Boulevard

In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security

article thumbnail

Best Prime Day gaming deals to shop in October 2024

Zero Day

Amazon's Big Deal Days sale is next week, but you can already save big on consoles, and games and accessories for your gaming PC, Xbox Series X|S, Nintendo Switch, or PlayStation 5.

74
article thumbnail

USENIX NSDI ’24 – Credence: Augmenting Datacenter Switch Buffer Sharing with ML Predictions

Security Boulevard

Authors/Presenters:Vamsi Addanki, Maciej Pacut, Stefan Schmid Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara ; and via the organizations YouTube channel.

64
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.