Schneier on Security
MAY 20, 2024
IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar. That was what seemed to be the problem at IBM.
The Last Watchdog
MAY 20, 2024
The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance. Related: Browser attacks mount Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
MAY 20, 2024
A recent report from Positive Technologies Expert Security Center (PT ESC) reveals a concerning security breach impacting Microsoft Exchange Servers. The incident response team discovered a sophisticated keylogger embedded in the main page of... The post Keylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide appeared first on Penetration Testing.
Bleeping Computer
MAY 20, 2024
Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
MAY 20, 2024
GitHub, the world’s leading software development platform, has disclosed a critical security vulnerability (CVE-2024-4985) in its self-hosted GitHub Enterprise Server (GHES) product. The vulnerability, which carries a maximum severity rating of 10 on the... The post CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server appeared first on Penetration Testing.
Security Affairs
MAY 20, 2024
Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. CSC ServiceWorks is a company that provides laundry services and air vending solutions for multifamily housing, academic institutions, hospitality, and other commercial sectors. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance suppor
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
MAY 20, 2024
Web application development and usage are at an all-time high, but businesses aren’t sure which APIs to monitor or how to protect them. The post Shifting the Security Mindset: From Network to Application Defense appeared first on Security Boulevard.
The Hacker News
MAY 20, 2024
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.
IT Security Guru
MAY 20, 2024
Cybersecurity has never been more critical for businesses. In 2023, an astonishing 50 per cent of companies in the UK reported experiencing some form of cybersecurity breach or attack. This number highlights the widespread nature of digital threats. Today, common cyber threats include phishing, ransomware, and malware attacks, each capable of significantly disrupting operations and compromising sensitive data.
Bleeping Computer
MAY 20, 2024
A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
MAY 20, 2024
Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. Recorded Future’s Insikt Group discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). The attackers, tracked as GitCaught, used a GitHub profile to impersonate legitimate software applications, including 1Password, Bartender 5, and Pixelmator Pro, to distribute malware such as
Security Boulevard
MAY 20, 2024
Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach.
Malwarebytes
MAY 20, 2024
The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. Malwarebytes’ free version tackles and reactively resolves threats already on your system, but the real-time protection you get with Malwarebytes Premium Security goes one step further and actively monitors your computer’s files, processes, and system memory in real time to bloc
Bleeping Computer
MAY 20, 2024
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Malwarebytes
MAY 20, 2024
The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used in the event of a breach. The requirement is an adoption of amendments to Regulation S-P, which was enacted in 2000 to safeguard the financial information of consumers, requiring financial institution
The Hacker News
MAY 20, 2024
An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively.
Security Boulevard
MAY 20, 2024
You click on a cool-looking video on YouTube. It l ooks l egit, with a well-known spokesperson and everything. It may be worth checking out. However, it just so happens it lists a link to a m alicious landing page. The post YouTube, The Backdrop Of A Scammer’s Play | Avast appeared first on Security Boulevard.
The Hacker News
MAY 20, 2024
Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
MAY 20, 2024
In recent developments concerning WordPress security, a significant vulnerability has come to light in the widely used LiteSpeed Cache plugin. This LiteSpeed cache bug, labeled CVE-2023-40000, poses a substantial risk to WordPress site owners, as it allows threat actors to exploit websites, gaining unauthorized access and control. Let’s delve into the details of this vulnerability, […] The post LiteSpeed Cache Bug Exploit For Control Of WordPress Sites appeared first on TuxCare.
The Hacker News
MAY 20, 2024
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days.
SecureWorld News
MAY 20, 2024
The tragic accident involving the container vessel Dali that struck a road bridge in Baltimore, Maryland, last month, killing six people, has taken a turn into the cyber realm. At a U.S. House Transportation Committee hearing on Thursday, lawmakers grilled federal investigators over the possibility of malicious code contributing to the disaster. Congressman Brandon Williams (R-NY) was particularly adamant that the National Transportation Safety Board (NTSB) needs to conduct an extremely thorough
Bleeping Computer
MAY 20, 2024
The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Cisco Security
MAY 20, 2024
Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture. Discover how Cisco XDR's MITRE ATT&CK mapping strengthens your security operations. Learn to identify security gaps and improve your cybersecurity posture.
Bleeping Computer
MAY 20, 2024
The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. [.
Malwarebytes
MAY 20, 2024
Last week on Malwarebytes Labs: Deleted iPhone photos show up again after iOS update Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it Notorious data leak site BreachForums seized by law enforcement Apple and Google join forces to stop unwanted tracking Update Chrome now! Google releases emergency security patch Why car location tracking needs an overhaul Last week on ThreatDown: Wi-Fi design flaw makes networks vulnerable to hijacking Black Basta ransomwar
Thales Cloud Protection & Licensing
MAY 20, 2024
Thales & LuxTrust: A Partnership for Data Sovereignty and Compliance madhav Tue, 05/21/2024 - 06:08 With the recent publication of Regulatory Technical Standards (RTS) under Digital Operational Resilience Act (DORA) by the European Supervisory Authorities (ESAs), the critical role of robust cryptography management in mitigating ICT risk has been firmly established.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Heimadal Security
MAY 20, 2024
A recent study by Cybersecurity Dive shows that nearly all companies (98%) use software integrations with third-party vendors that have suffered breaches in the past two years. Since not a single company can maintain ops integrity by solely relying on in-house developed software, the stakes are higher than ever. In this article, we’re going to […] The post Guide to Third Party Risk Management: Dealing with Vendor Vulnerabilities appeared first on Heimdal Security Blog.
Malwarebytes
MAY 20, 2024
This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and scroll. Over the years, the internet was accessible from increasingly more devices, like smartphones, smartwatches, and even smart fridges.
InfoWorld on Security
MAY 20, 2024
I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing applications, game-changing analytics capabilities, and more automated workflows. Let’s just say my team and I did a lot of teaching on agile development and nimble architectures.
Security Boulevard
MAY 20, 2024
How safe is your data? With the increasing reliance on online services, this question weighs heavily on everyone’s mind. The recent cyber incident serves as a wake-up call, exposing a vulnerability we often overlook: the security of APIs. A recent data breach at a well-renowned American technology company affected 49 million consumers and highlights an […] The post 49 Million Customers Impacted by API Security Flaw appeared first on Kratikal Blogs.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
260 
Let's personalize your content