Mon.Oct 21, 2024

article thumbnail

AI and the SEC Whistleblower Program

Schneier on Security

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue, they have no problem abusing taxpayers and making things worse for them in the long term.

article thumbnail

ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

Tech Republic Security

CISA advisor Nicole Perlroth closed out ISC2 Security Congress’ keynotes with a wake-up call for security teams to watch for nation-state-sponsored attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The end of the i386 kernel and images

Kali Linux

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Images and releases will no longer be created for this platform. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. These terms apply more generally to any Debian-based Linux distribution. amd64 refers to the x86-64 architecture, ie. the 64-bit version of the x86 instructi

article thumbnail

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

The Hacker News

The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The 6 Best Antivirus Software Providers for Mac in 2024

Tech Republic Security

Macs may need additional antivirus protection in a business environment or high-risk use case. Bitdefender is the best overall Mac antivirus provider when it comes to protection, usability, and performance.

Antivirus 126
article thumbnail

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Doc

More Trending

article thumbnail

Internet Archive was breached twice in a month

Security Affairs

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from people who received replies to their old Internet Archive removal requests, warning that the organization

Internet 129
article thumbnail

Australia’s New Scam Prevention Laws: What You Need to Know

Tech Republic Security

Australia's Scam Prevention Framework aims to protect consumers by holding tech, banking, and telecom sectors accountable, with fines up to $50 million.

Scams 128
article thumbnail

Phishing Attacks Snare Security, IT Leaders

Security Boulevard

Despite 80% of IT leaders expressing confidence that their organization won’t fall for phishing attacks, nearly two-thirds admitted they’ve clicked on phishing links themselves. This overconfidence is coupled with concerning behaviors, as 36% of IT leaders have disabled security measures on their systems, undermining organizational defenses. These were among the chief results of an Arctic.

Phishing 122
article thumbnail

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’

Security Boulevard

Chinese researchers used a D-Wave quantum computer to crack a 22-bit encryption key, which can be used as a cautionary tale for what may lie ahead with future quantum systems but doesn't threaten the classical encryption being widely used today. The post Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’ appeared first on Security Boulevard.

article thumbnail

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

The Hacker News

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time.

article thumbnail

DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications

Security Boulevard

Authors/Presenters: Peiyu Wang Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely []DEF CON 32] 2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications appeared first on Security Boulevard.

Hacking 109
article thumbnail

What Is Secure Access Service Edge?

Tech Republic Security

There has been plenty of hype around secure access service edge. Some even say it is replacing legacy network and security architectures. Drew Robb, writing for TechRepublic Premium, lays out what it is, how it fits within the security and networking landscape, whether it is replacing SD-WAN, its benefits, its challenges, and how to implement.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybersecurity Action Month: When Awareness Must Lead to Action

IT Security Guru

October is widely regarded as Cybersecurity Awareness Month. While awareness is crucial in our increasingly perilous cyber landscape – where threats to both organisations and individuals are growing in scale and sophistication – action is now paramount. Recent research indicates that 95% of IT leaders believe cyber attacks are more advanced than ever, largely due to the accessibility of AI technologies.

article thumbnail

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

The Hacker News

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external.

article thumbnail

Google Voice scams: What are they and how do I avoid them?

We Live Security

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Scams 125
article thumbnail

Understanding the Zero Trust Security Model to Safeguard Digital Infrastructure

Digital Guardian

Zero Trust is a cybersecurity model requiring verification of all internal and external access attempts, eliminating trust to prevent breaches. Learn more about what goes into a zero trust security model and zero trust network access (ZTNA) in this blog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Data Breach Statistics [2024] : Penalties and Fines for Major regulations

Security Boulevard

In today’s data-driven world, data breaches are one of the most significant threats facing organizations, with the financial impact varying widely across industries. The cost of a data breach is often determined by the nature of the data involved and the regulatory landscape governing the industry. Sectors like healthcare and financial services, which handle highly […] The post Data Breach Statistics [2024] : Penalties and Fines for Major regulations first appeared on Accutive Security.

article thumbnail

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

Trend Micro

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

article thumbnail

The Amazon Fire TV Omni QLED is great for gaming and streaming, and still $150 off

Zero Day

The Amazon Fire TV Omni QLED offers great picture and audio quality for both streaming and console gaming. Save $150 on the 55-inch model, but you'll have to hurry because you might not see a deal this good again until Black Friday.

91
article thumbnail

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

SecureWorld News

Acquiring a security solution can be a complex process. Most organizations undergo a justification process to secure funding for the purchase. Some focus on the solution's problem-solving capabilities, suitability, and efficacy. In contrast, more mature organizations quantify risk, comparing the original risk against the cost of the solution and the residual risk after deployment to decide whether to proceed with the purchase.

Risk 93
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Stealer here, stealer there, stealers everywhere!

SecureList

Introduction Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked by information stealers in 2023.

article thumbnail

Survey Surfaces Depth and Scope of Identity Management Challenge

Security Boulevard

A survey of 510 IT security and risk practitioners finds 93% have access to a comprehensive inventory of human and non-human identities across their IT environments, with 85% having a clear line of visibility and monitoring into who is doing what. However, just under half (45%) also noted there has been some type of unauthorized. The post Survey Surfaces Depth and Scope of Identity Management Challenge appeared first on Security Boulevard.

Risk 93
article thumbnail

Cisco Faces Security Incident as Hacker Claims Breach of DevHub Portal

SecureWorld News

On October 15, 2024, Cisco issued a public statement acknowledging reports of an alleged security incident involving the unauthorized access of specific Cisco data and data belonging to its customers. While Cisco has maintained that no breach of its core systems occurred, the evolving situation highlights companies' persistent challenges in balancing transparency and security.

article thumbnail

US Government Says Relying on Chinese Lithium Batteries Is Too Risky

WIRED Threat Level

A new document shows the Department of Homeland Security is concerned that Chinese investment in lithium batteries to power energy grids will make them a threat to US supply chain security.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Quality is Priority Zero, Especially for Security

Cisco Security

Security software can be the first line of defense or the last, and the cost of failure is catastrophic. That's why quality is priority zero for Cisco. Security software can be the first line of defense or the last, and the cost of failure is catastrophic. That's why quality is priority zero for Cisco.

article thumbnail

My favorite iPhone car mount charger just got a cool upgrade (and it supports Qi2)

Zero Day

ESR's new Qi2 car mount can wirelessly charge your iPhone at 15W while staying cool, thanks to its CryoBoost feature.

article thumbnail

A new era in talent management: Transforming the government workforce

CompTIA on Cybersecurity

Explore the transformative impact of DoD 8140.03 on IT workforce strategies, emphasizing continuous development and skill standardization. Explore how CompTIA certifications can help elevate your cyber workforce.

article thumbnail

Red Hat reveals major enhancements to Red Hat Enterprise Linux AI

Zero Day

Only weeks after Red Hat released Red Hat Enterprise Linux AI, the company rolled out the next version: RHEL AI 1.2.

96
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.