Krebs on Security
AUGUST 15, 2024
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.
Schneier on Security
AUGUST 15, 2024
From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 15, 2024
ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.
The Hacker News
AUGUST 15, 2024
A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
WIRED Threat Level
AUGUST 15, 2024
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
The Hacker News
AUGUST 15, 2024
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
AUGUST 15, 2024
Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.
Malwarebytes
AUGUST 15, 2024
Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago* With a downgrade attack, the victim may have done all they can to keep their computer and software up t
The Hacker News
AUGUST 15, 2024
The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments.
Security Boulevard
AUGUST 15, 2024
DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks. The post DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
SecureWorld News
AUGUST 15, 2024
In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.
Security Boulevard
AUGUST 15, 2024
There is an increased focus on how advances in artificial intelligence (AI) and machine learning (ML) can negatively impact network security. The post How to Maximize Network Security With AI and ML appeared first on Security Boulevard.
Cisco Security
AUGUST 15, 2024
Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes. Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes.
Security Boulevard
AUGUST 15, 2024
ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language. The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Malwarebytes
AUGUST 15, 2024
In a previous blog , we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page. Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike.
Security Boulevard
AUGUST 15, 2024
Security is enhanced with the introduction of dynamic zero-trust security, a method that continuously assesses the security posture of devices and users on the network. The post Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security appeared first on Security Boulevard.
Penetration Testing
AUGUST 15, 2024
Google Chrome has begun automatically detecting and warning users on the extensions page that Manifest v2-based extensions are nearing deprecation. Although these extensions have not yet been fully disabled, Google... The post Save uBlock Origin: How to Bypass Google’s Chrome Update and Extend Support appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
Recent research shows that human error can account for 95% of all cybersecurity incidents. What’s more shocking is that only one-third of all companies offer cybersecurity awareness training for their employees. The post Human Error – An Overlooked Aspect of Cyber Risk appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
AUGUST 15, 2024
A newly released report from Germany’s Federal Office for the Protection of the Constitution (BfV) unveils insights into the operations of the Chinese cybersecurity firm i-Soon. The second installment of... The post The i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese Cyber Espionage appeared first on Cybersecurity News.
Pen Test Partners
AUGUST 15, 2024
TL; DR Event Dates : August 8-11, 2024, in Las Vegas. PTP Presentations : Windows Hello : Our Ceri Coburn (with Outsider Security’s Dirk-Jan Mollema) revealed vulnerabilities in biometric authentication. Maritime Security : Paul Brownridge discussed vulnerabilities in maritime systems and regulations. GPS Spoofing : Ken Munro highlighted the impact of GPS time manipulation on various systems.
Penetration Testing
AUGUST 15, 2024
A serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE-2024-42472 (CVSS 10), allows malicious... The post Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox appeared first on Cybersecurity News.
Zero Day
AUGUST 15, 2024
Malware is a constant threat to your safety and privacy, which means you need to protect your devices. We found the best antivirus software and apps that will help keep you safe and secure.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
AUGUST 15, 2024
Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, rooted in the... The post Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability appeared first on Cybersecurity News.
Zero Day
AUGUST 15, 2024
The mobile version of your license can be used at certain airports and convenience stores and should mean quicker age verification.
Penetration Testing
AUGUST 15, 2024
Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, impact Zimbra Collaboration versions 9.0 and 10.0, potentially... The post CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
AUGUST 15, 2024
Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data, including service account... The post Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and
Penetration Testing
AUGUST 15, 2024
SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate networks. It was... The post Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways appeared first on Cybersecurity News.
Security Boulevard
AUGUST 15, 2024
Along with 30,000+ of my closest friends, HYAS participated in both the Black Hat 2024 cyber security conference and others last week in Las Vegas. There have been a lot of articles published on the main themes, focus, and top keywords of BlackHat 2024; Chris Needs, the VP of Product Management at HYAS, published a HYAS view on the conference , so I didn’t see a reason to publish yet another one.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
349 
Let's personalize your content