Krebs on Security

AUGUST 13, 2024

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Internet 272

Internet Internet Malware Software 272

Schneier on Security

AUGUST 13, 2024

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation.

252

252

Tech Republic Security

AUGUST 13, 2024

On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.

Data breaches 218

Data breaches 218

The Last Watchdog

AUGUST 13, 2024

Application Security Posture Management ( ASPM ) arose a few years ago as a strategy to help software developers and security teams continually improve the security of business applications. Related: Addressing rising cyber compliance pressures At Black Hat USA 2024, an iteration called Active ASPM is in the spotlight. I had the chance to visit with Neatsun Ziv , CEO and co-founder of Tel Aviv-based OX Security , a leading Active ASPM solutions provider.

CISO 130

CISO Internet Internet Software 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

AUGUST 13, 2024

A StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications

Cybersecurity 171

Cybersecurity 171

Penetration Testing

AUGUST 13, 2024

Security researchers have disclosed the technical details and proof-of-concept (PoC) exploit codes for three vulnerabilities (CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free”... The post Linux Kernel Vulnerabilities Expose Systems to Privilege Escalation: Flaws Detailed and Exploit Code Released appeared first on Cybersecurity News.

Cybersecurity 134

Cybersecurity 134

We Live Security

AUGUST 13, 2024

Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data

Banking 124

Banking Accountability 124

The Hacker News

AUGUST 13, 2024

The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain.

Ransomware 127

Ransomware 127

Thales Cloud Protection & Licensing

AUGUST 13, 2024

The Post-Quantum Cryptography Algorithms are finalized! Now what? josh.pearson@t… Tue, 08/13/2024 - 16:11 With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

Computers and Electronics 118

Computers and Electronics Encryption Technology Internet 118

Security Affairs

AUGUST 13, 2024

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS score of 9.8), impacting Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.

Authentication 133

Authentication Accountability Software Internet 133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

AUGUST 13, 2024

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month.

126

126

Security Boulevard

AUGUST 13, 2024

A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% increase in the attempted use of Log4j in WANbound traffic in the first half of this year. The post Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities appeared first on Security Boulevard.

Security Awareness 121

Security Awareness Cybersecurity 121

The Hacker News

AUGUST 13, 2024

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite.

Architecture 114

Architecture Information Security 114

Security Boulevard

AUGUST 13, 2024

North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ. The post WTH? DPRK WFH Ransomware Redux: 3rd Person Charged appeared first on Security Boulevard.

Ransomware 117

Ransomware Social Engineering Data privacy Engineering 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

AUGUST 13, 2024

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania.

Cyber Attacks 114

Cyber Attacks Media Government 114

Security Boulevard

AUGUST 13, 2024

That’s a wrap for Black Hat 2024! We had a great show and met many of you at the booth or on the show floor. I hope you were able to come by, watched a session by Jason Kent, Hacker in Residence at Cequence, or Parth Shukla, Security Engineer at Cequence, and maybe even entered […] The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Cequence Security.

Engineering 114

Engineering 114

eSecurity Planet

AUGUST 13, 2024

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been exploited yet, threat actors may make a move now that the flaws have been publicized. The other major news — which could affect both businesses and individuals — is a zero-day vulnerability found in most major web browsers on both Mac and Linux machines.

Firmware 109

Firmware Software Wireless Security Defenses 109

Security Boulevard

AUGUST 13, 2024

The FBI and law enforcement agencies from the UK and Germany seized servers and domains belonging to the Dispossessor ransomware gang, which had emerged into the spotlight following a similar operation against the notorious LockBit gang in February. The post FBI Disrupts Operations of the Dispossessor Ransomware Group appeared first on Security Boulevard.

Ransomware 114

Ransomware Malware Cybersecurity Network Security 114

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 13, 2024

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.

DDOS 113

DDOS Cyber threats 113

Penetration Testing

AUGUST 13, 2024

In its latest Patch Tuesday security update, Microsoft has disclosed a critical vulnerability in the Windows TCP/IP stack that demands urgent attention. Among the 88 vulnerabilities addressed this August, CVE-2024-38063... The post CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems appeared first on Cybersecurity News.

Cybersecurity 112

Cybersecurity 112

The Hacker News

AUGUST 13, 2024

Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data.

Cybersecurity 112

Cybersecurity 112

eSecurity Planet

AUGUST 13, 2024

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been exploited yet, threat actors may make a move now that the flaws have been publicized. The other major news — which could affect both businesses and individuals — is a zero-day vulnerability found in most major web browsers on both Mac and Linux machines.

Firmware 104

Firmware Software Wireless Security Defenses 104

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Graham Cluley

AUGUST 13, 2024

In episode 11 of The AI Fix, OpenAI battles a Shakespearean lawyer, Graham sings an uncanny bluegrass acrostic, Google drops the ball with a terrible AI ad, and Mark wonders why there's no sound on a video of an AI dentist. Graham finds religion with a little help from a man named "L Ron", a traffic cone saves the world, and Mark has a heated argument with belligerent ChatGPT.

104

104

Security Boulevard

AUGUST 13, 2024

One often overlooked aspect in the aftermath of a breach is the meticulous examination of firewall rule histories. These records not only reveal how an attacker gained access but can illuminate the path they took within an organization’s network. The post The Crucial Role of Firewall Rule Histories appeared first on Security Boulevard.

Firewall 104

Firewall Security Awareness Cybersecurity 104

The Hacker News

AUGUST 13, 2024

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.

Authentication 102

Authentication 102

ZoneAlarm

AUGUST 13, 2024

In a staggering display of cyber vulnerability, a recent data breach has led to the exposure of 2.7 billion records, including sensitive information such as Social Security numbers and home addresses. The scope and scale of this breach have sent shockwaves through the cybersecurity community, raising serious concerns about data protection and the increasing sophistication … The post Massive Data Breach Exposes 2.7 Billion Records Including Social Security Numbers appeared first on ZoneAlar

Data breaches 98

Data breaches Cybersecurity Data privacy Mobile 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

AUGUST 13, 2024

Zoom has released a security bulletin addressing several vulnerabilities in its Workplace Apps and Rooms Clients, some of which pose significant security risks to users. Among the most critical are... The post CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates appeared first on Cybersecurity News.

Risk 98

Risk Cybersecurity 98

Security Boulevard

AUGUST 13, 2024

Compliance with SOC 2 assures that the company maintains a high standard of information security, and highlights it among market competitors. The post How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins appeared first on Security Boulevard.

Marketing 93

Marketing Information Security Security Awareness Risk 93

The Hacker News

AUGUST 13, 2024

Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized.

Cyber threats 90

Cyber threats Phishing Ransomware Malware 90

Penetration Testing

AUGUST 13, 2024

Ivanti has released a security advisory addressing two significant vulnerabilities in its Neurons for IT Service Management (ITSM) platform, urging on-premise customers to take immediate action. The vulnerabilities, identified as... The post Ivanti Issues Critical Fixes for ITSM Vulnerabilities (CVE-2024-7569 and CVE-2024-7570) appeared first on Cybersecurity News.

Cybersecurity 88

Cybersecurity 88

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government