Schneier on Security

SEPTEMBER 11, 2024

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

Artificial Intelligence 256

Artificial Intelligence 256

The Last Watchdog

SEPTEMBER 11, 2024

Torrance, Calif., Sept. 11, 2024, CyberNewsWire — Criminal IP , a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the internet. Through the integration, IPLocation.io , a prominent IP address geolocation tracker platform with a substantial user base, now offers more detailed insights

Engineering 162

Engineering VPN Risk Cyber threats 162

Tech Republic Security

SEPTEMBER 11, 2024

According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.

Cybersecurity 159

Cybersecurity 159

Security Affairs

SEPTEMBER 11, 2024

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45

Hacking 142

Hacking Software Information Security 142

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

SEPTEMBER 11, 2024

SpecterOps has added the ability to track attack paths across instances of Microsoft Azure Directory (AD) running in both on-premises and on the Microsoft Azure cloud service. The post SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks appeared first on Security Boulevard.

Security Awareness 130

Security Awareness Cybersecurity 130

Security Affairs

SEPTEMBER 11, 2024

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script

Ransomware 133

Ransomware Malware Security Defenses Hacking 133

The Last Watchdog

SEPTEMBER 11, 2024

Palo Alto, Calif., Sept.11, 2024, CyberNewsWire — Opus Security , the leader in unified cloud-native remediation, today announced the launch of its Advanced Multi-Layered Prioritization Engine , designed to revolutionize how organizations manage, prioritize and remediate security vulnerabilities. Leveraging AI-driven intelligence, deep contextual data and automated decision-making capabilities, this innovative engine helps organizations prioritize the most critical vulnerabilities, enhanci

Engineering 100

Engineering Risk Media Accountability 100

Trend Micro

SEPTEMBER 11, 2024

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

118

118

Security Boulevard

SEPTEMBER 11, 2024

Choosing the right identity provider is crucial, as it requires architectural changes that can make switching later difficult and costly. The post 6 Questions to Answer Before Choosing an Identity Provider appeared first on Security Boulevard.

Architecture 119

Architecture Security Awareness Cybersecurity 119

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

Social Engineering 130

Social Engineering IoT Engineering Authentication 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

SEPTEMBER 11, 2024

Once SBOM and IAM provisioning knit seamlessly with policy-driven data encryption and AI-powered monitoring, they will have a far stronger security posture. The post The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security appeared first on Security Boulevard.

IoT 118

IoT Encryption Risk Government 118

The Hacker News

SEPTEMBER 11, 2024

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said.

Malware 126

Malware Software Cybersecurity 126

Security Boulevard

SEPTEMBER 11, 2024

In recent months, the National Public Data (NPD) breach has been a topic of intense scrutiny, with cybersecurity experts like Brian Krebs highlighting the poor security practices that contributed to the breach’s magnitude. As we continue to analyze the aftermath, new findings have come to light that underscore the dangers posed by inadequate security measures … The post New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vecto

Data breaches 110

Data breaches Malware Cybersecurity 110

The Hacker News

SEPTEMBER 11, 2024

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia.

VPN 121

VPN Cybersecurity 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

SEPTEMBER 11, 2024

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 131

Software Authentication IoT Hacking 131

The Hacker News

SEPTEMBER 11, 2024

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations.

Cybercrime 116

Cybercrime 116

Penetration Testing

SEPTEMBER 11, 2024

A critical SQL injection vulnerability has been discovered in LearnPress, a popular WordPress plugin used to create and manage online courses. The flaw, tracked as CVE-2024-8522, carries a maximum CVSS... The post CVE-2024-8522 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+ WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 111

Risk Cybersecurity Penetration Testing 111

The Hacker News

SEPTEMBER 11, 2024

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024.

Authentication 116

Authentication Accountability Account Security 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

SEPTEMBER 11, 2024

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details. Read more in my article on the Hot for Security blog.

Hacking 104

Hacking Data breaches 104

Security Affairs

SEPTEMBER 11, 2024

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washington, it serves more than 18,000 students.

Cybercrime 126

Cybercrime Ransomware Education Technology 126

WIRED Threat Level

SEPTEMBER 11, 2024

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.

104

104

The Hacker News

SEPTEMBER 11, 2024

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.

Engineering 113

Engineering 113

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Zero Day

SEPTEMBER 11, 2024

Try or gift Xbox Game Pass for three months for 28% off and play over 100 games including Starfield, Forza Motorsport, and Football Manager 2024 on your Xbox, PC, or mobile device.

Mobile 96

Mobile 96

Security Affairs

SEPTEMBER 11, 2024

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 112

Software Authentication IoT Hacking 112

Penetration Testing

SEPTEMBER 11, 2024

Microsoft’s September 2024 security update addresses a zero-day vulnerability affecting Smart App Control and SmartScreen. This vulnerability, dubbed “LNK stomping” (CVE-2024-38217), has been actively exploited by hackers since at least... The post LNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

The Hacker News

SEPTEMBER 11, 2024

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordless authentication.

Authentication 104

Authentication Passwords 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

SEPTEMBER 11, 2024

In a recent security advisory, GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The patches address several vulnerabilities, including one classified... The post GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update appeared first on Cybersecurity News.

Cybersecurity 102

Cybersecurity 102

Zero Day

SEPTEMBER 11, 2024

Sony's new console sports a more powerful graphics card and a Super Resolution feature to improve visual fidelity greatly. Here's what else we know for now.

96

96

We Live Security

SEPTEMBER 11, 2024

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks.

Scams 106

Scams 106

Zero Day

SEPTEMBER 11, 2024

The Apple Watch Series 10 has fresh features and a fresher design, but is it worth your money? Here's how it compares to last year's model.

98

98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government