Lohrman on Security
OCTOBER 6, 2024
The National Association of State CIOs (NASCIO) held its annual conference in New Orleans, La., this past week. Here are some of the highlights, along with some thoughts about what the future holds for state CIOs.
Security Affairs
OCTOBER 6, 2024
China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
OCTOBER 6, 2024
Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region.
Security Affairs
OCTOBER 6, 2024
Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to performance constraints, Pixel has implemented security hardening measures for years.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Penetration Testing
OCTOBER 6, 2024
A serious vulnerability has been identified in the OATH-Toolkit’s PAM module, exposing systems to potential root-level exploits when handling one-time password (OTP) authentication. This issue, tracked as CVE-2024-47191, was discovered... The post CVE-2024-47191: Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits appeared first on Cybersecurity News.
Security Affairs
OCTOBER 6, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
OCTOBER 6, 2024
A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments. In February 2022, Light participated in a cyber attack on an investment firm in Sioux Falls, South Dakota, stealing over $37,000,000 worth of cryptocurrency from 571 victims.
Penetration Testing
OCTOBER 6, 2024
Redis, a popular open-source data structure store often used as a database, cache, and message broker, has urged users to update their installations immediately following the discovery of three new... The post Redis Patches for Multi Flaws, Including Potential RCE (CVE-2024-31449) appeared first on Cybersecurity News.
Security Affairs
OCTOBER 6, 2024
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.
Tech Republic Security
OCTOBER 6, 2024
Stories of virus and malware infections, data loss, system compromises, and unauthorized access dominate headlines, and your WordPress website may be contributing to the problem. Therefore, it is vital to protect your WordPress site and your data, readers, users, and company by regularly auditing your WordPress site’s security configurations. Fortunately, checklists are proven tools that.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
OCTOBER 6, 2024
In a recent security advisory, Cisco revealed multiple vulnerabilities impacting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which could potentially expose businesses to serious... The post Privilege Escalation and Remote Code Execution Threaten Cisco Routers: No Updates Available appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
I've weathered multiple hurricanes from my South Florida home and refined my approach to preparing for them along the way. These are my essential weather-tracking tools that I use to stay ahead of severe storms.
Penetration Testing
OCTOBER 6, 2024
Enterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently disclosed security flaw, tracked as CVE-2024-45519, has been under attack... The post Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519 appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
During Amazon's Prime Big Deal Days sale, save big bucks on your favorite smart home tech products. Check out these security camera deals from popular brands like Ring, Blink, and Arlo.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
OCTOBER 6, 2024
As millions of users continue to rely on Zoom for everything from business meetings to collaborative projects, threat actors have found new ways to exploit this trusted platform. In a... The post Zoom Phishing Alert: Researcher Identifies New Threat Targeting Microsoft Accounts appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
I've weathered multiple hurricanes from my South Florida home and refined my approach to preparing for them along the way. These are my essential weather-tracking tools that I use to stay ahead of severe storms.
Penetration Testing
OCTOBER 6, 2024
Cybersecurity researchers at Rapid7 Labs have released a detailed report on CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware as a primary tool in their attacks. Emerging... The post CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
Apple just unveiled the AirPods 4, but you can buy the AirPods Pro (2nd generation), which can double as a hearing aid, at a nice discount ahead of Prime Day.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
OCTOBER 6, 2024
In a recent discovery, the Securonix Threat Research team, led by Den Iuzvyk and Tim Peck, has uncovered a stealthy malware campaign attributed to North Korea’s APT37, also known as... The post SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
Disappointed in Amazon's October Prime Day graphics card deals? You can pick up the Sapphire Pulse AMD Radeon RX 7800 XT for just $510 at Walmart, that's a 55 percent discount!
Penetration Testing
OCTOBER 6, 2024
Security researcher mbog14 has published the technical details and proof-of-concept for a critical local privilege escalation (LPE) vulnerability affecting iTunes version 12.13.2.3, identified as CVE-2024-44193 (CVSS 8.4). This flaw, which... The post PoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunes appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
With this AdGuard VPN deal, you can enjoy the benefits of a privacy-enhancing VPN on your mobile devices for the next five years for the equivalent of less than a dollar a month.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
OCTOBER 6, 2024
The digital world has revolutionized the way we live and work, but it has also opened up a new realm for cybercriminals. The rise of the dark web has provided a breeding ground for hackers and other malicious actors to trade stolen data and launch attacks against companies worldwide. This blog post provides a summary … The post How Cybercriminals Use Stolen Data to Target Companies — A Deep Dive into the Dark Web appeared first on Security Boulevard.
Zero Day
OCTOBER 6, 2024
Amazon's October Prime Day kicks off tomorrow, but you can save big right now with this Samsung smartphone bundle deal.
Penetration Testing
OCTOBER 6, 2024
In a recent analysis conducted by Harsh Jaiswal and Rahul Maini at ProjectDiscovery, a critical vulnerability, CVE-2024-45409, was uncovered, exposing a flaw in Ruby-SAML and OmniAuth-SAML libraries, both of which... The post Researchers Detail Ruby-SAML/GitLab Flaw (CVE-2024-45409) Allows SAML Authentication Bypass appeared first on Cybersecurity News.
Zero Day
OCTOBER 6, 2024
Need to give yourself a budget cap? These 45 deals are already available ahead of Amazon's October Prime Day event next week - and they're all under $100.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
OCTOBER 6, 2024
In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security
Zero Day
OCTOBER 6, 2024
October Prime Day is just days away, but our deal-hunting experts have found the best early Prime Day deals live now on TVs, laptops, phones, kitchen appliances, and more.
Security Boulevard
OCTOBER 6, 2024
Authors/Presenters:Vamsi Addanki, Maciej Pacut, Stefan Schmid Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara ; and via the organizations YouTube channel.
Zero Day
OCTOBER 6, 2024
Amazon's Big Deal Days sale is next week, but you can already save big on consoles, and games and accessories for your gaming PC, Xbox Series X|S, Nintendo Switch, or PlayStation 5.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
226 
Let's personalize your content