Schneier on Security

JULY 26, 2024

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Firmware 301

Firmware Encryption Manufacturing Passwords 301

Krebs on Security

JULY 26, 2024

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google

Accountability 282

Accountability Authentication Cryptocurrency Web Fraud 282

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.

DNS 145

DNS Software Internet Internet 145

Bleeping Computer

JULY 26, 2024

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [.

136

136

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 26, 2024

Prepare for your cybersecurity certification with comprehensive study materials (including 30 hours of videos and hands-on labs) and expert guidance.

Cybersecurity 131

Cybersecurity 131

Security Boulevard

JULY 26, 2024

North Korea's APT45 threat group is using ransomware attacks on U.S. health care firms to fund an ongoing cyberespionage campaign to steal military and defense secrets that are fed back into the country's banned nuclear weapons program. A North Korean operative was indicted by the DOJ. The post Suspect Indicted in North Korea Group’s Expansive Spying Operation appeared first on Security Boulevard.

Ransomware 128

Ransomware Malware Cybersecurity Hacking 128

Security Boulevard

JULY 26, 2024

Organizations can keep their deepfake response plans current by continuously monitoring industry trends and integrating new technologies. The post Deepfake Attacks Prompt Change in Security Strategy appeared first on Security Boulevard.

Technology 126

Technology Social Engineering Engineering Security Awareness 126

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and autofill their passwords.

Password Management 141

Password Management Passwords Engineering Hacking 141

Security Boulevard

JULY 26, 2024

Outdated software components often contain vulnerabilities that have been discovered and are well-understood by threat actors. The post Networking Equipment Riddled With Software Supply Chain Risks appeared first on Security Boulevard.

Software 122

Software Risk Security Awareness Cybersecurity 122

The Hacker News

JULY 26, 2024

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024.

Malware 129

Malware Cybersecurity 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing 129

Phishing Hacking Data breaches Cybersecurity 129

Bleeping Computer

JULY 26, 2024

Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [.

Data breaches 108

Data breaches 108

Penetration Testing

JULY 26, 2024

Cybercriminals have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT service providers for the U.S. government, Bloomberg reports. According to a source familiar with the situation, Leidos recently became... The post Hackers Leak Sensitive Documents from Major Pentagon IT Contractor, Leidos appeared first on Cybersecurity News.

Government 119

Government Cybersecurity 119

The Hacker News

JULY 26, 2024

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can.

Cybersecurity 117

Cybersecurity Internet Internet 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

JULY 26, 2024

Meta announced the take-down of 63,000 sextortion-related Instagram accounts in Nigeria alone. The action was directed against a group known as Yahoo Boys, a loosely organized set of cybercriminals that largely operate out of Nigeria and specialize in different types of scams. Meta took down a host of accounts, including some 2,500 that belonged to a coordinated group of around 20 criminals which primarily targeted adult men in the US.

Accountability 109

Accountability Scams Media Internet 109

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 117

Cybercrime Phishing Malware Cybersecurity 117

Bleeping Computer

JULY 26, 2024

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. [.

Accountability 109

Accountability Ransomware Cryptocurrency 109

The Hacker News

JULY 26, 2024

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months.

Malware 115

Malware 115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Digital Guardian

JULY 26, 2024

Bottom-feeding cybercriminals are seizing new opportunities in the wake of this past week's massive Crowdstrike outage. Meanwhile, more prominent hackers from China, North Korea, and Russia aren't showing signs of slowing down. Read up on all these stories in this week's Friday Five!

97

97

Bleeping Computer

JULY 26, 2024

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [.

Data breaches 94

Data breaches Cryptocurrency 94

CompTIA on Cybersecurity

JULY 26, 2024

How will the CrowdStrike outage impact businesses and consumers in the near future? Learn more about the need for oversight and preparation for companies and individuals alike as we explore the outage. Plus, hear insights from CompTIA’s VP of Industry Research, Seth Robinson.

88

88

Bleeping Computer

JULY 26, 2024

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours.

Password Management 104

Password Management Passwords Software 104

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JULY 26, 2024

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private. The post PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’ appeared first on Security Boulevard.

Social Engineering 87

Social Engineering Firmware Data privacy Engineering 87

Heimadal Security

JULY 26, 2024

Did you know, the average employee today uses 2.5 devices to carry out their work? Across businesses, this can add up to hundreds or even thousands of bits of kit. One 2021 study in the UK found two-thirds of large businesses (250+ employees) have more than 1,000 devices on their networks, while medium-sized companies (50-249 […] The post 8 Benefits of Endpoint Detection & Response (EDR) You Should Know [2024] appeared first on Heimdal Security Blog.

83

83

Security Boulevard

JULY 26, 2024

TL;DR: Cyber liability insurance is essential, but premiums are increasing, and numerous exclusions exist. Important steps to lower premiums include preparation, articulating your risk, and demonstrating progressive improvement in security through measurable metrics. Why Do Organizations Need Cyber Liability Insurance? Cyber liability insurance has become an important component of every organization’s cyber strategy.

Cyber Insurance 80

Cyber Insurance Insurance Risk CISO 80

WIRED Threat Level

JULY 26, 2024

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds.

80

80

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

JULY 26, 2024

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise. The post Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more appeared first on Security Boulevard.

78

78

Heimadal Security

JULY 26, 2024

Threat actors are exploiting publicly known exploits to chain together ServiceNow flaws in order to infiltrate government organizations and commercial companies in data theft campaigns. Security researchers monitored the malicious activity and identified multiple victims, including government agencies, data centres, energy providers, and even software development firms.

Government 74

Government Software Cybersecurity 74

Security Boulevard

JULY 26, 2024

Imperva customers who properly utilize the managed certificate feature can experience a robust, interruptions-free, and fully automated certificate management process that requires no effort for domain validations and renewals. In today’s digital landscape, security is of paramount importance. One critical aspect of online security is ensuring that communication between a user’s browser and a website […] The post Effortless certificate management with automated CNAME validation appeared first o

72

72

Penetration Testing

JULY 26, 2024

In a recent and alarming discovery, cybersecurity specialists from Binarly have identified a critical flaw affecting hundreds of UEFI products from 10 prominent suppliers. The vulnerability, dubbed “PKfail,” poses a severe threat as it... The post PKfail Vulnerability: A New Threat to UEFI Security Unveiled by Binarly Research Team appeared first on Cybersecurity News.

Cybersecurity 81

Cybersecurity 81

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government