The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption Technology CISO IoT 311

Schneier on Security

DECEMBER 13, 2023

This is not about mass surveillance of mail , this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves : To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company, and, most damning of all, hid a camera inside one of the targeted blue post boxes which captured the suspect’s full face as they allegedly helped themselves to swathes of peoples’ mail.

Surveillance 266

Surveillance Data collection Technology 266

Tech Republic Security

DECEMBER 13, 2023

Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec.

Technology 171

Technology 171

IT Security Guru

DECEMBER 13, 2023

Have you ever wondered who keeps our online world safe from all the bad guys? The heroes who do this have a special kind of training – they have a Master’s degree in something called Cyber Security. It’s like being a detective in the digital world, where you need to solve online mysteries and catch cybercriminals. This field is expanding as corporations everywhere seek digital detectives to protect their data.

Banking 131

Banking Cyber threats Internet Internet 131

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

DECEMBER 13, 2023

Learn how to use Titan Security Keys with passkey support to enhance your online security. Follow these step-by-step instructions.

Mobile 147

Mobile Cybersecurity 147

Security Boulevard

DECEMBER 13, 2023

When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system. The post Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658 appeared first on Security Boulevard.

Hacking 131

Hacking Digital transformation Social Engineering Data privacy 131

Security Affairs

DECEMBER 13, 2023

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

Small Business 136

Small Business Technology VPN Manufacturing 136

Security Boulevard

DECEMBER 13, 2023

The use of generative AI systems has been spreading like wildfire, and if systems are not developed securely, the blaze could end up burning your organization. To help organizations tackle the problem, t he United Kingdom's National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released " Guidelines for Secure AI System Development.

Software 123

Software Cybersecurity 123

Security Affairs

DECEMBER 13, 2023

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS and DHCP server; and Microsoft Dynamic.

DNS 130

DNS Engineering Hacking 130

Security Boulevard

DECEMBER 13, 2023

A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission (FCC) is warning mobile phone service providers of their obligations to protect consumers against the growing threat. The FCC’s Enforcement Bureau will not only be aggressive in protecting consumers’ data and privacy but also “will hold accountable.

Mobile 122

Mobile Accountability Social Engineering Wireless 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

GlobalSign

DECEMBER 13, 2023

Explore why Qualified Trust Services and Qualified Electronic Signatures and Seals are a necessity, and their role in the Digital Identity Wallet.

128

128

Security Boulevard

DECEMBER 13, 2023

In this post, we’ll take a look at some of the trends and news from 2023, and see what insights they could hold for the years ahead. The post At a Glance: The Year in Cybersecurity 2023 appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity 122

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity and maintain access to applications even if they lose access to the initially compromised account.

Cryptocurrency 132

Cryptocurrency Phishing Accountability VPN 132

Graham Cluley

DECEMBER 13, 2023

The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021. Read more in my article on the Hot for Security blog.

Data breaches 113

Data breaches Risk 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

DECEMBER 13, 2023

A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. According to a parliamentary report published by the Joint Committee on the National Security Strategy (JCNSS) the UK government can face a ‘catastrophic ransomware attack at any moment.’ The report highlighted the superficial approach to cyber security of S

Ransomware 130

Ransomware Risk Government Cyber threats 130

Malwarebytes

DECEMBER 13, 2023

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. The AMD vulnerability sounds like something from back in the eighties: “A division by zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Software 114

Software Malware Risk Cybersecurity 114

eSecurity Planet

DECEMBER 13, 2023

Setting up a virtual local area network (VLAN) can be a complicated process, especially if you’re operating a large enterprise network, a network with legacy or hybrid architectures, or a network with specific workloads that require additional security and regulatory compliance safeguards. Each VLAN configuration process will look a little different, depending on the specifications you bring to the table, and some of these steps — particularly steps five through eight — may be completed simultan

Architecture 109

Architecture Software Network Security Authentication 109

Bleeping Computer

DECEMBER 13, 2023

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. [.

108

108

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

SecureList

DECEMBER 13, 2023

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

Ransomware 109

Ransomware Passwords Malware Encryption 109

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild.

Firmware 127

Firmware Firewall Internet Internet 127

Security Boulevard

DECEMBER 13, 2023

Here are just some of the top CISOs in Germany going into 2024 and some of their insights and experiences we can learn from. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Scytale. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Security Boulevard.

CISO 105

CISO 105

Penetration Testing

DECEMBER 13, 2023

LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be.... The post LDAPWordlistHarvester: generate a wordlist from the information present in LDAP appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Passwords Accountability 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

DECEMBER 13, 2023

Python 2 was officially maintained and supported until January 1, 2020. The system becomes highly vulnerable without Python 2 security updates. TuxCare’s ELS for Python provides security fixes for Python 2.7 versions. Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July […] The post Python 2 EOL: Coping with Legacy System Challenges appeared first on TuxCare.

Software 105

Software 105

WIRED Threat Level

DECEMBER 13, 2023

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

Mobile 103

Mobile Internet Internet Hacking 103

SecureWorld News

DECEMBER 13, 2023

Lazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, officially known as CVE-2021-44228 , continues to pose significant risks to organizations worldwide, with Lazarus demonstrating the persistence of cyber threats and the challenges associated with mitigating known vulnerabilities.

Software 99

Software Malware Manufacturing Risk 99

Bleeping Computer

DECEMBER 13, 2023

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. [.

Ransomware 104

Ransomware Scams 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

We Live Security

DECEMBER 13, 2023

TELCOs and ISPs, by exploring DNS protection in league with security vendors, can enable rapid deployment of more robust security measures where needed in an age of rapidly expanding online threats.

DNS 94

DNS 94

Bleeping Computer

DECEMBER 13, 2023

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. [.

Accountability 96

Accountability Cybercrime 96

The Hacker News

DECEMBER 13, 2023

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023.

101

101

Bleeping Computer

DECEMBER 13, 2023

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. [.

Cybercrime 102

Cybercrime Marketing 102

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government