Schneier on Security
AUGUST 13, 2024
Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation.
Krebs on Security
AUGUST 13, 2024
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 13, 2024
On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.
The Hacker News
AUGUST 13, 2024
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
AUGUST 13, 2024
A StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications
Security Affairs
AUGUST 13, 2024
CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. The campaign, tracked as UAC-0198, has been active since July.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Penetration Testing
AUGUST 13, 2024
Security researchers have disclosed the technical details and proof-of-concept (PoC) exploit codes for three vulnerabilities (CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free”... The post Linux Kernel Vulnerabilities Expose Systems to Privilege Escalation: Flaws Detailed and Exploit Code Released appeared first on Cybersecurity News.
We Live Security
AUGUST 13, 2024
Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data
Security Affairs
AUGUST 13, 2024
Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS score of 9.8), impacting Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.
The Hacker News
AUGUST 13, 2024
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
AUGUST 13, 2024
Application Security Posture Management ( ASPM ) arose a few years ago as a strategy to help software developers and security teams continually improve the security of business applications. Related: Addressing rising cyber compliance pressures At Black Hat USA 2024, an iteration called Active ASPM is in the spotlight. I had the chance to visit with Neatsun Ziv , CEO and co-founder of Tel Aviv-based OX Security , a leading Active ASPM solutions provider.
The Hacker News
AUGUST 13, 2024
Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.
Security Boulevard
AUGUST 13, 2024
A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% increase in the attempted use of Log4j in WANbound traffic in the first half of this year. The post Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities appeared first on Security Boulevard.
The Hacker News
AUGUST 13, 2024
A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
AUGUST 13, 2024
North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ. The post WTH? DPRK WFH Ransomware Redux: 3rd Person Charged appeared first on Security Boulevard.
The Hacker News
AUGUST 13, 2024
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data.
Thales Cloud Protection & Licensing
AUGUST 13, 2024
The Post-Quantum Cryptography Algorithms are finalized! Now what? josh.pearson@t… Tue, 08/13/2024 - 16:11 With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.
The Hacker News
AUGUST 13, 2024
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
AUGUST 13, 2024
That’s a wrap for Black Hat 2024! We had a great show and met many of you at the booth or on the show floor. I hope you were able to come by, watched a session by Jason Kent, Hacker in Residence at Cequence, or Parth Shukla, Security Engineer at Cequence, and maybe even entered […] The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Cequence Security.
Penetration Testing
AUGUST 13, 2024
In its latest Patch Tuesday security update, Microsoft has disclosed a critical vulnerability in the Windows TCP/IP stack that demands urgent attention. Among the 88 vulnerabilities addressed this August, CVE-2024-38063... The post CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems appeared first on Cybersecurity News.
Security Boulevard
AUGUST 13, 2024
The FBI and law enforcement agencies from the UK and Germany seized servers and domains belonging to the Dispossessor ransomware gang, which had emerged into the spotlight following a similar operation against the notorious LockBit gang in February. The post FBI Disrupts Operations of the Dispossessor Ransomware Group appeared first on Security Boulevard.
eSecurity Planet
AUGUST 13, 2024
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been exploited yet, threat actors may make a move now that the flaws have been publicized. The other major news — which could affect both businesses and individuals — is a zero-day vulnerability found in most major web browsers on both Mac and Linux machines.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
AUGUST 13, 2024
Two men without a clear source of income landed cyberfraud charges after being so flash with their ill-gotten cash that it gained the attention of the authorities. In 2022, Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev arrived in Florida and requested asylum, which was granted by the Department of Homeland Security (DHS).
ZoneAlarm
AUGUST 13, 2024
In a staggering display of cyber vulnerability, a recent data breach has led to the exposure of 2.7 billion records, including sensitive information such as Social Security numbers and home addresses. The scope and scale of this breach have sent shockwaves through the cybersecurity community, raising serious concerns about data protection and the increasing sophistication … The post Massive Data Breach Exposes 2.7 Billion Records Including Social Security Numbers appeared first on ZoneAlar
eSecurity Planet
AUGUST 13, 2024
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been exploited yet, threat actors may make a move now that the flaws have been publicized. The other major news — which could affect both businesses and individuals — is a zero-day vulnerability found in most major web browsers on both Mac and Linux machines.
Security Boulevard
AUGUST 13, 2024
One often overlooked aspect in the aftermath of a breach is the meticulous examination of firewall rule histories. These records not only reveal how an attacker gained access but can illuminate the path they took within an organization’s network. The post The Crucial Role of Firewall Rule Histories appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
AUGUST 13, 2024
Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized.
Graham Cluley
AUGUST 13, 2024
In episode 11 of The AI Fix, OpenAI battles a Shakespearean lawyer, Graham sings an uncanny bluegrass acrostic, Google drops the ball with a terrible AI ad, and Mark wonders why there's no sound on a video of an AI dentist. Graham finds religion with a little help from a man named "L Ron", a traffic cone saves the world, and Mark has a heated argument with belligerent ChatGPT.
Malwarebytes
AUGUST 13, 2024
We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents and caregivers. Malwarebytes Plus , our Premium Security + Privacy VPN bundle, was tested and reviewed by a group of parents, and scored high in areas of ease of installation and use, value for money, a
Penetration Testing
AUGUST 13, 2024
Zoom has released a security bulletin addressing several vulnerabilities in its Workplace Apps and Rooms Clients, some of which pose significant security risks to users. Among the most critical are... The post CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
301 
Let's personalize your content