Schneier on Security

SEPTEMBER 11, 2024

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

Artificial Intelligence 206

Artificial Intelligence 206

Tech Republic Security

SEPTEMBER 11, 2024

According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.

Cybersecurity 149

Cybersecurity 149

Security Affairs

SEPTEMBER 11, 2024

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45

Hacking 130

Hacking Software Information Security 130

Security Boulevard

SEPTEMBER 11, 2024

SpecterOps has added the ability to track attack paths across instances of Microsoft Azure Directory (AD) running in both on-premises and on the Microsoft Azure cloud service. The post SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks appeared first on Security Boulevard.

Security Awareness 130

Security Awareness Cybersecurity 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

SEPTEMBER 11, 2024

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said.

Malware 126

Malware Software Cybersecurity 126

Security Boulevard

SEPTEMBER 11, 2024

Week B: Bugs begone! This month Redmond fixes 79 security flaws in Windows and other products The post Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS appeared first on Security Boulevard.

Social Engineering 124

Social Engineering Data privacy Engineering Security Awareness 124

Security Affairs

SEPTEMBER 11, 2024

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script

Ransomware 121

Ransomware Malware Security Defenses Hacking 121

The Hacker News

SEPTEMBER 11, 2024

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia.

VPN 117

VPN Cybersecurity 117

Security Boulevard

SEPTEMBER 11, 2024

Once SBOM and IAM provisioning knit seamlessly with policy-driven data encryption and AI-powered monitoring, they will have a far stronger security posture. The post The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security appeared first on Security Boulevard.

IoT 117

IoT Encryption Risk Government 117

The Hacker News

SEPTEMBER 11, 2024

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations.

Cybercrime 116

Cybercrime 116

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Trend Micro

SEPTEMBER 11, 2024

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

115

115

The Hacker News

SEPTEMBER 11, 2024

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024.

Authentication 115

Authentication Accountability Account Security 115

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

Social Engineering 113

Social Engineering IoT Engineering Authentication 113

The Hacker News

SEPTEMBER 11, 2024

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.

Engineering 112

Engineering 112

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

SEPTEMBER 11, 2024

In recent months, the National Public Data (NPD) breach has been a topic of intense scrutiny, with cybersecurity experts like Brian Krebs highlighting the poor security practices that contributed to the breach’s magnitude. As we continue to analyze the aftermath, new findings have come to light that underscore the dangers posed by inadequate security measures … The post New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vecto

Data breaches 110

Data breaches Malware Cybersecurity 110

WIRED Threat Level

SEPTEMBER 11, 2024

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.

105

105

Security Boulevard

SEPTEMBER 11, 2024

Choosing the right identity provider is crucial, as it requires architectural changes that can make switching later difficult and costly. The post 6 Questions to Answer Before Choosing an Identity Provider appeared first on Security Boulevard.

Architecture 109

Architecture Security Awareness Cybersecurity 109

Penetration Testing

SEPTEMBER 11, 2024

A critical SQL injection vulnerability has been discovered in LearnPress, a popular WordPress plugin used to create and manage online courses. The flaw, tracked as CVE-2024-8522, carries a maximum CVSS... The post CVE-2024-8522 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+ WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 111

Risk Cybersecurity Penetration Testing 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 11, 2024

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordless authentication.

Passwords 102

Passwords Authentication 102

Security Affairs

SEPTEMBER 11, 2024

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 103

Software Authentication IoT Hacking 103

Zero Day

SEPTEMBER 11, 2024

Try or gift Xbox Game Pass for three months for 28% off and play over 100 games including Starfield, Forza Motorsport, and Football Manager 2024 on your Xbox, PC, or mobile device.

Mobile 97

Mobile 97

Security Affairs

SEPTEMBER 11, 2024

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washington, it serves more than 18,000 students.

Cybercrime 103

Cybercrime Ransomware Education Technology 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

SEPTEMBER 11, 2024

In a recent security advisory, GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The patches address several vulnerabilities, including one classified... The post GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update appeared first on Cybersecurity News.

Cybersecurity 103

Cybersecurity 103

Security Affairs

SEPTEMBER 11, 2024

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 100

Software Authentication IoT Hacking 100

Penetration Testing

SEPTEMBER 11, 2024

Microsoft’s September 2024 security update addresses a zero-day vulnerability affecting Smart App Control and SmartScreen. This vulnerability, dubbed “LNK stomping” (CVE-2024-38217), has been actively exploited by hackers since at least... The post LNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

Zero Day

SEPTEMBER 11, 2024

Sony's new console sports a more powerful graphics card and a Super Resolution feature to improve visual fidelity greatly. Here's what else we know for now.

98

98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

SEPTEMBER 11, 2024

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details. Read more in my article on the Hot for Security blog.

Hacking 90

Hacking Data breaches 90

Zero Day

SEPTEMBER 11, 2024

The Apple Watch Series 10 has fresh features and a fresher design, but is it worth your money? Here's how it compares to last year's model.

98

98

SecureWorld News

SEPTEMBER 11, 2024

In a concerning development for the cybersecurity community, researchers at ReversingLabs have uncovered a new campaign by the notorious North Korean hacking group, Lazarus. This campaign, an evolution of the previously identified "VMConnect" operation, specifically targets developers with fake coding tests, potentially compromising critical infrastructure and sensitive data across various sectors.

Scams 84

Scams Social Engineering Cyber threats Cryptocurrency 84

Zero Day

SEPTEMBER 11, 2024

A leak reveals that future Apple earbuds may help you keep better track of your health; however, the pair won't be out for a while.

97

97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare