Krebs on Security
AUGUST 15, 2024
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.
Schneier on Security
AUGUST 15, 2024
From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 15, 2024
ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.
WIRED Threat Level
AUGUST 15, 2024
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
AUGUST 15, 2024
A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator.
Security Boulevard
AUGUST 15, 2024
DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks. The post DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
AUGUST 15, 2024
There is an increased focus on how advances in artificial intelligence (AI) and machine learning (ML) can negatively impact network security. The post How to Maximize Network Security With AI and ML appeared first on Security Boulevard.
The Hacker News
AUGUST 15, 2024
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
Security Boulevard
AUGUST 15, 2024
ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language. The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.
The Hacker News
AUGUST 15, 2024
Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
AUGUST 15, 2024
Security is enhanced with the introduction of dynamic zero-trust security, a method that continuously assesses the security posture of devices and users on the network. The post Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security appeared first on Security Boulevard.
SecureWorld News
AUGUST 15, 2024
In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.
Security Boulevard
AUGUST 15, 2024
Recent research shows that human error can account for 95% of all cybersecurity incidents. What’s more shocking is that only one-third of all companies offer cybersecurity awareness training for their employees. The post Human Error – An Overlooked Aspect of Cyber Risk appeared first on Security Boulevard.
Malwarebytes
AUGUST 15, 2024
Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago* With a downgrade attack, the victim may have done all they can to keep their computer and software up t
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
AUGUST 15, 2024
The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments.
Penetration Testing
AUGUST 15, 2024
Google Chrome has begun automatically detecting and warning users on the extensions page that Manifest v2-based extensions are nearing deprecation. Although these extensions have not yet been fully disabled, Google... The post Save uBlock Origin: How to Bypass Google’s Chrome Update and Extend Support appeared first on Cybersecurity News.
Malwarebytes
AUGUST 15, 2024
In a previous blog , we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike.
Pen Test Partners
AUGUST 15, 2024
TL; DR Event Dates : August 8-11, 2024, in Las Vegas. PTP Presentations : Windows Hello : Our Ceri Coburn (with Outsider Security’s Dirk-Jan Mollema) revealed vulnerabilities in biometric authentication. Maritime Security : Paul Brownridge discussed vulnerabilities in maritime systems and regulations. GPS Spoofing : Ken Munro highlighted the impact of GPS time manipulation on various systems.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
AUGUST 15, 2024
A newly released report from Germany’s Federal Office for the Protection of the Constitution (BfV) unveils insights into the operations of the Chinese cybersecurity firm i-Soon. The second installment of... The post The i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese Cyber Espionage appeared first on Cybersecurity News.
Cisco Security
AUGUST 15, 2024
Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes. Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes.
Penetration Testing
AUGUST 15, 2024
A serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE-2024-42472 (CVSS 10), allows malicious... The post Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Zero Day
AUGUST 15, 2024
Malware is a constant threat to your safety and privacy, which means you need to protect your devices. We found the best antivirus software and apps that will help keep you safe and secure.
Security Boulevard
AUGUST 15, 2024
Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and
Thales Cloud Protection & Licensing
AUGUST 15, 2024
Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and
Security Boulevard
AUGUST 15, 2024
Along with 30,000+ of my closest friends, HYAS participated in both the Black Hat 2024 cyber security conference and others last week in Las Vegas. There have been a lot of articles published on the main themes, focus, and top keywords of BlackHat 2024; Chris Needs, the VP of Product Management at HYAS, published a HYAS view on the conference , so I didn’t see a reason to publish yet another one.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Penetration Testing
AUGUST 15, 2024
Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, rooted in the... The post Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
Did you know that 75% of people are already using Generative AI (GenAI) at work? GenAI tools are defined as any artificial intelligence that can generate content such as text, images, videos, code, and other data using generative models, often in response to prompts. Examples include Open AI’s ChatGPT, GitHub’s Copilot, Claude, Dall-E, Gemini, and […] The post Your Employees are Already Using GenAI.
Penetration Testing
AUGUST 15, 2024
Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, impact Zimbra Collaboration versions 9.0 and 10.0, potentially... The post CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
In 2019, most organizations already had digital transformation plans in place. These plans included migrating workloads to modern cloud architectures. However, the Covid-19 pandemic compelled organizations to expedite their modernization efforts due to practical reasons. For instance, setting up a kit (or pod) for an application using a legacy system requires a complex process involving […] The post What’s Different About Data Security in the Cloud?
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
342 
Let's personalize your content