Schneier on Security
JULY 9, 2024
Interesting : By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
Krebs on Security
JULY 9, 2024
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 9, 2024
Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.
Security Boulevard
JULY 9, 2024
APT40, a threat group backed by China's government, quickly adapts POC exploits of popular software like Microsoft Exchange and Log4j to attack corporate and government networks in the U.S., Australia, and elsewhere, according to an alert issued by government security agencies around the world. The post China-Backed Threat Group Rapidly Exploits New Flaws: Agencies appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JULY 9, 2024
What are the best GRC tools and how much do they cost? Use our guide to compare pricing and features of our recommended GRC platforms.
Security Boulevard
JULY 9, 2024
Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? The post Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW? appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JULY 9, 2024
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling.
Tech Republic Security
JULY 9, 2024
Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to.
The Hacker News
JULY 9, 2024
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
Security Affairs
JULY 9, 2024
Avast developed and released a decryptor for the DoNex ransomware family that allows victims to recover their files for free. Avast researchers identified a cryptographic flaw in the DoNex ransomware and its predecessors that allowed them to develop a decryptor. The experts revealed the weakness during the Recon 2024 conference. Avast also released a decryptor that allows victims to recover their files for free since March 2024. “All brands of the DoNex ransomware are supported by the decr
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Graham Cluley
JULY 9, 2024
A ransomware attack by the BlackSuit gang against South Africa's National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country. Read more in my article on the Hot for Security blog.
The Hacker News
JULY 9, 2024
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
Security Affairs
JULY 9, 2024
The Lockbit ransomware attack on Evolve Bank has compromised the personal information of over 7.6 million individuals. At the end of June, the LockBit gang announced that it had breached the systems of the Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” Despite the announcement, data leaked data from the group belongs to the Arkansas-based financial organization Evolve Bank & Trust.
We Live Security
JULY 9, 2024
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
JULY 9, 2024
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. [.
Quick Heal Antivirus
JULY 9, 2024
Today, a quiet war is raging — a war against data breaches. From big names to important institutions. The post EXPOSED! The Terrifying Truth Behind 2022-2023 Data Breaches! How Safe Are You? appeared first on Quick Heal Blog.
Bleeping Computer
JULY 9, 2024
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [.
The Hacker News
JULY 9, 2024
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JULY 9, 2024
Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. [.
Graham Cluley
JULY 9, 2024
In episode six of The AI Fix, our hosts discover an unusual place to put a traffic cone, Mark learns why Americans should pretend to be from Brazil, and Graham discovers a way to make any situation much, much worse.
Tech Republic Security
JULY 9, 2024
Though cybersecurity is on every executive’s checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and it’s prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic.
The Hacker News
JULY 9, 2024
Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
JULY 9, 2024
Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H3, which includes up to thirty-two improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. [.
SecureList
JULY 9, 2024
Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for ideas on creating detection scenarios. With the number of scenarios becoming virtually unlimited, another question inevitably arises: “What do we detect first?
Bleeping Computer
JULY 9, 2024
An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. [.
The Hacker News
JULY 9, 2024
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Bleeping Computer
JULY 9, 2024
Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. [.
ZoneAlarm
JULY 9, 2024
The RockYou2024 password leak has emerged as the largest known data breach in history, exposing approximately 10 billion passwords. Named after the infamous RockYou breach of 2009, this latest incident significantly surpasses its predecessor. In July 2024, a hacker using the alias “ObamaCare” uploaded the RockYou2024.txt file to a popular crime forum.
Bleeping Computer
JULY 9, 2024
Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. [.
Malwarebytes
JULY 9, 2024
While cybercriminals are offering free tickets to Taylor Swift Eras Tour and other events , Ticketmaster is telling would-be purchasers that these tickets will prove to be worthless. Those who have claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour, and as proof have leaked 170k ticket barcodes.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
251 
Let's personalize your content