Fri.Sep 27, 2024

article thumbnail

NIST Recommends Some Common-Sense Password Rules

Schneier on Security

NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.

Passwords 305
article thumbnail

The Data Breach Disclosure Conundrum

Troy Hunt

The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Squid Fishing in Japan

Schneier on Security

Fishermen are catching more squid as other fish are depleted. Blog moderation policy.

216
216
article thumbnail

Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian

Tech Republic Security

Mimecast said a phishing campaign using Atlassian workspaces shows the growing sophistication of cyber threat actors.

Phishing 196
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

Malwarebytes

In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.” How was this possible?

article thumbnail

Is Google Password Manager Safe to Use in 2024?

Tech Republic Security

Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review.

More Trending

article thumbnail

Is Cloud Fax Secure? Yes. Compliant? It Depends.

Tech Republic Security

Explore cloud fax security and compliance. Learn about encryption, HIPAA, and records management for better document protection.

article thumbnail

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

The Hacker News

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.

138
138
article thumbnail

How to Use a Conference Bridge to Run a Smooth Meeting

Tech Republic Security

Setting up a conference bridge isn't hard, but you don’t want to get it wrong for important calls. Learn how to bridge calls securely.

Software 148
article thumbnail

The Tor Project and Tails have merged operations

Security Affairs

The Tor Project and Tails OS have joined forces and merged operations to counter a growing number of digital threats. The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts to protect users globally from digital surveillance and censorship. The two organizations aim to better counter growing digital threats, and the merger between them will enhance protections for users needing both network and sys

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

The Hacker News

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data.

article thumbnail

A cyberattack on Kuwait Health Ministry impacted hospitals in the country

Security Affairs

The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline. The cyber attack also impacted the Ministry of Health website, which is still offline, and Kuwait’s Sahel healthcare app. “Kuwaiti Health Ministry announced on Wednesday that many essential features are back and running after a

article thumbnail

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The Hacker News

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals.

article thumbnail

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

Security Affairs

UK police are investigating a cyberattack that disrupted Wi-Fi networks at several train stations across the country. U.K. transport officials and police are investigating a cyber attack on public Wi-Fi networks at the country’s biggest railway stations. Following the ‘cyber-security incident,’ passengers trying to log onto the Wi-Fi at several stations on Wednesday evening were displayed a page with the message “We love you, Europe,” followed by an anti-Islam message listing a serie

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

The Hacker News

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling.

Malware 133
article thumbnail

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

Security Affairs

The U.S. government sanctioned the virtual currency exchanges Cryptex and PM2BTC for facilitating cybercrime and money maundering. The U.S. government sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, and indicted a Russian national for allegedly facilitating cybercriminal activities and money laundering. The authorities believe that these exchanges facilitate the laundering of proceeds from cybercrime. “The Justice Department today announced actions coordinated with the Departm

article thumbnail

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The Hacker News

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks.

article thumbnail

Anton’s Security Blog Quarterly Q3 2024

Anton on Security

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Dall-E via Copilot, prompt “security blog quarterly, steampunk” Top 7 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then and Now: A Sad Truth About SIEM (2019!

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CUPS flaws allow remote code execution on Linux systems under certain conditions

Security Affairs

A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution. The popular cybersecurity researcher Simone Margaritelli ( @evilsocket ) disclosed technical details of an unpatched vulnerability impacting Linux systems. On September 23, Margaritelli announced plans to disclose an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems within two weeks.

DNS 127
article thumbnail

Supreme Court Ruling May Question FTC Authority to Regulate Privacy and Security

Security Boulevard

While the FTC has been a pivotal player in advancing data privacy and security standards, the evolving legal landscape underscores the need for clearer statutory guidance. The post Supreme Court Ruling May Question FTC Authority to Regulate Privacy and Security appeared first on Security Boulevard.

article thumbnail

Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593

Penetration Testing

Cybersecurity firm RedTeam Pentesting GmbH has disclosed two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, in WatchGuard’s Authentication Gateway (also known as Single Sign-On Agent) and Single Sign-On Client software, potentially impacting... The post Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593 appeared first on Cybersecurity News.

article thumbnail

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

The Hacker News

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.

Software 121
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

An Unexamined Life – Virginia Court Strikes Down Automated License Plate Readers (ALPRs)

Security Boulevard

Enter ALPR’s. Automated License Plate Readers have been a boon to law enforcement agencies and a bane to privacy advocates. The post An Unexamined Life – Virginia Court Strikes Down Automated License Plate Readers (ALPRs) appeared first on Security Boulevard.

article thumbnail

How to Plan and Prepare for Penetration Testing

The Hacker News

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.

article thumbnail

When Innovation Outpaces Financial Services Cybersecurity

Security Boulevard

Financial services face growing risks from shadow IT and SaaS usage. Learn how SaaS identity risk management helps secure data and ensure regulatory compliance. The post When Innovation Outpaces Financial Services Cybersecurity appeared first on Security Boulevard.

article thumbnail

Cybersecurity Certifications: The Gateway to Career Advancement

The Hacker News

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

See No Evil – NY AG Letitia James Cracks Down on Banks Refusing to Foot the Bill for Consumer Phishing and Fraud

Security Boulevard

Congress decided who was required to compensate for fraudulent consumer transactions, and banks should never require their customers to waive their rights as a condition precedent for the bank doing its job. The post See No Evil – NY AG Letitia James Cracks Down on Banks Refusing to Foot the Bill for Consumer Phishing and Fraud appeared first on Security Boulevard.

Banking 111
article thumbnail

Deepfake Ukrainian diplomat targeted US senator on Zoom call

Graham Cluley

The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official, in what was an apparent attempt at election interference. Read more in my article on the Hot for Security blog.

99
article thumbnail

Google shuts down WearOS update that was soft-bricking Pixel watches

Zero Day

Most users were able to install Wear OS 5 successfully, but an unlucky few ended up with blank screens after attempting to update.

98
article thumbnail

CVE-2024-43917 (CVSS 9.3): Unpatched SQLi Flaw in TI WooCommerce Wishlist Threatens 100,000+ Sites

Penetration Testing

A critical security vulnerability has been discovered in the widely-used WordPress plugin, TI WooCommerce Wishlist, potentially exposing over 100,000 websites to malicious attacks. The flaw, tracked as CVE-2024-43917 with a... The post CVE-2024-43917 (CVSS 9.3): Unpatched SQLi Flaw in TI WooCommerce Wishlist Threatens 100,000+ Sites appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.