Schneier on Security
JULY 25, 2024
I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.
Bleeping Computer
JULY 25, 2024
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
JULY 25, 2024
Some Windows users may see a BitLocker Recovery screen after applying the Microsoft patch Tuesday updates. BitLocker is a Windows security feature that encrypts entire drives. It prevents someone that has obtained a stolen or lost device from reading the files stored on that drive. Unfortunately, though, Microsoft launched an update this month that has caused problems for some Windows systems.
Security Affairs
JULY 25, 2024
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Graham Cluley
JULY 25, 2024
The US Department of Homeland Security has unveiled a dog-like robot that it says has been adapted to jam the connectivity of smart home devices. Read more in my article on the Hot for Security blog.
Security Affairs
JULY 25, 2024
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma , and Meduza.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JULY 25, 2024
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr.
The Hacker News
JULY 25, 2024
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.
Penetration Testing
JULY 25, 2024
Starting with OneUI 6.1.1, Samsung has implemented a default setting that blocks users from sideloading APK files. This setting is now applied to Samsung’s latest Android devices, even if the REQUEST_INSTALL_PACKAGES permission has been... The post New Auto Blocker in Samsung OneUI 6.1.1: Blocking APK Sideloading for Enhanced Security appeared first on Cybersecurity News.
WIRED Threat Level
JULY 25, 2024
A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Graham Cluley
JULY 25, 2024
A cybercrime group has gained notoriety for attacking VMware ESXi servers since February 2024. Learn more about the SEXi / APT Inc ransomware in my article on the Tripwire State of Security blog.
The Hacker News
JULY 25, 2024
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. "These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S.
Security Boulevard
JULY 25, 2024
Microsoft and Google were joined by LinkedIn, GitHub, and Trend Micro in a supporting an appeal of a lawsuit against spyware maker NSO Group that was tossed by a U.S. judge who said that, as a Salvadoran citizen, the plaintiff's case had no standing in a U.S. court. The post Google, Microsoft, Others Support U.S.-Based Spyware Lawsuits appeared first on Security Boulevard.
The Hacker News
JULY 25, 2024
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JULY 25, 2024
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. [.
The Hacker News
JULY 25, 2024
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023.
GlobalSign
JULY 25, 2024
While hybrid and multi-cloud environments are more convenient, they can complicate certificate management. Explore how automation may be the solution.
Bleeping Computer
JULY 25, 2024
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JULY 25, 2024
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes.
The Hacker News
JULY 25, 2024
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction.
Bleeping Computer
JULY 25, 2024
Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. [.
The Hacker News
JULY 25, 2024
While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Bleeping Computer
JULY 25, 2024
The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker. [.
The Hacker News
JULY 25, 2024
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.
Security Boulevard
JULY 25, 2024
The accountability for security failures or breaches typically falls on security teams or specific IT leaders rather than higher-level executives or the board. This accountability has long been the case; cyber risks were often siloed as technical issues rather than integrated into broader company business risk management frameworks. However, bucking this historical trend are recent moves from big companies like.
The Hacker News
JULY 25, 2024
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JULY 25, 2024
Explore the strengths and weaknesses of Argon2, bcrypt, scrypt, and PBKDF2 in this comprehensive comparison of password hashing algorithms. Learn which algorithm suits your security needs, from cutting-edge Argon2 to the widely-used bcrypt, and understand the future of cryptographic protection. The post Comparative Analysis of Password Hashing Algorithms: Argon2, bcrypt, scrypt, and PBKDF2 appeared first on Security Boulevard.
Penetration Testing
JULY 25, 2024
In a recent security advisory, a critical vulnerability has been identified in Spring Cloud Data Flow, a popular microservices-based streaming and batch data processing platform used in Cloud Foundry and Kubernetes environments. This vulnerability,... The post CVE-2024-37084 (CVSS 9.8): Remote code execution in Spring Cloud Data Flow appeared first on Cybersecurity News.
Bleeping Computer
JULY 25, 2024
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. [.
SecureBlitz
JULY 25, 2024
Take a look at the benefits of new tech in healthcare in this post. The rapid advancement of technology offers numerous benefits that enhance patient care, streamline processes, and improve overall outcomes for healthcare companies. New technologies are transforming healthcare delivery and experience. These innovations make healthcare more efficient, accessible, and personalized.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
317 
Let's personalize your content