Schneier on Security
SEPTEMBER 27, 2024
NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
Troy Hunt
SEPTEMBER 27, 2024
The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more specific: should they disclose to impacted individuals, or simply never let them know? I'm writing this after many recent such discussions with breached organisations where I've found myself wishing I had this blog post to point them to, so, here it is.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 27, 2024
Fishermen are catching more squid as other fish are depleted. Blog moderation policy.
Anton on Security
SEPTEMBER 27, 2024
Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Dall-E via Copilot, prompt “security blog quarterly, steampunk” Top 7 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then and Now: A Sad Truth About SIEM (2019!
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 27, 2024
Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review.
Security Boulevard
SEPTEMBER 27, 2024
While the FTC has been a pivotal player in advancing data privacy and security standards, the evolving legal landscape underscores the need for clearer statutory guidance. The post Supreme Court Ruling May Question FTC Authority to Regulate Privacy and Security appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
SEPTEMBER 27, 2024
The Tor Project and Tails OS have joined forces and merged operations to counter a growing number of digital threats. The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts to protect users globally from digital surveillance and censorship. The two organizations aim to better counter growing digital threats, and the merger between them will enhance protections for users needing both network and sys
Tech Republic Security
SEPTEMBER 27, 2024
Setting up a conference bridge isn't hard, but you don’t want to get it wrong for important calls. Learn how to bridge calls securely.
The Hacker News
SEPTEMBER 27, 2024
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.
Tech Republic Security
SEPTEMBER 27, 2024
Explore cloud fax security and compliance. Learn about encryption, HIPAA, and records management for better document protection.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
SEPTEMBER 27, 2024
Enter ALPR’s. Automated License Plate Readers have been a boon to law enforcement agencies and a bane to privacy advocates. The post An Unexamined Life – Virginia Court Strikes Down Automated License Plate Readers (ALPRs) appeared first on Security Boulevard.
Malwarebytes
SEPTEMBER 27, 2024
In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.” How was this possible?
Security Affairs
SEPTEMBER 27, 2024
A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution. The popular cybersecurity researcher Simone Margaritelli ( @evilsocket ) disclosed technical details of an unpatched vulnerability impacting Linux systems. On September 23, Margaritelli announced plans to disclose an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems within two weeks.
Security Boulevard
SEPTEMBER 27, 2024
Financial services face growing risks from shadow IT and SaaS usage. Learn how SaaS identity risk management helps secure data and ensure regulatory compliance. The post When Innovation Outpaces Financial Services Cybersecurity appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
SEPTEMBER 27, 2024
Cybersecurity firm RedTeam Pentesting GmbH has disclosed two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, in WatchGuard’s Authentication Gateway (also known as Single Sign-On Agent) and Single Sign-On Client software, potentially impacting... The post Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593 appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 27, 2024
Congress decided who was required to compensate for fraudulent consumer transactions, and banks should never require their customers to waive their rights as a condition precedent for the bank doing its job. The post See No Evil – NY AG Letitia James Cracks Down on Banks Refusing to Foot the Bill for Consumer Phishing and Fraud appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 27, 2024
The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline. The cyber attack also impacted the Ministry of Health website, which is still offline, and Kuwait’s Sahel healthcare app. “Kuwaiti Health Ministry announced on Wednesday that many essential features are back and running after a
The Hacker News
SEPTEMBER 27, 2024
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
WIRED Threat Level
SEPTEMBER 27, 2024
A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?
The Hacker News
SEPTEMBER 27, 2024
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals.
Graham Cluley
SEPTEMBER 27, 2024
The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official, in what was an apparent attempt at election interference. Read more in my article on the Hot for Security blog.
Security Affairs
SEPTEMBER 27, 2024
UK police are investigating a cyberattack that disrupted Wi-Fi networks at several train stations across the country. U.K. transport officials and police are investigating a cyber attack on public Wi-Fi networks at the country’s biggest railway stations. Following the ‘cyber-security incident,’ passengers trying to log onto the Wi-Fi at several stations on Wednesday evening were displayed a page with the message “We love you, Europe,” followed by an anti-Islam message listing a serie
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
SEPTEMBER 27, 2024
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling.
Security Affairs
SEPTEMBER 27, 2024
The U.S. government sanctioned the virtual currency exchanges Cryptex and PM2BTC for facilitating cybercrime and money maundering. The U.S. government sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, and indicted a Russian national for allegedly facilitating cybercriminal activities and money laundering. The authorities believe that these exchanges facilitate the laundering of proceeds from cybercrime. “The Justice Department today announced actions coordinated with the Departm
The Hacker News
SEPTEMBER 27, 2024
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks.
SecureWorld News
SEPTEMBER 27, 2024
Today, Senate Finance Committee Chair Ron Wyden (D-Ore.) and Senator Mark Warner (D-Va.) announced new legislation aimed at bolstering cybersecurity within the U.S. healthcare system. The legislation is a direct response to a surge in cyberattacks targeting healthcare providers, breaching patient privacy, and disrupting care delivery across the nation.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
SEPTEMBER 27, 2024
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.
Heimadal Security
SEPTEMBER 27, 2024
In their latest advisory, CISA warns about the dangers of threat actors trying to breach the networks of critical infrastructure by targeting Internet-exposed industrial devices using ‘unsophisticated’ methods such as brute force attacks and default credentials. Details From the Advisory The cybersecurity agency claims that water and wastewater systems are being impacted by these continuous […] The post CISA Warns: Industrial Systems Targeted by Threat Actors Using Unsophisticated Methods
The Hacker News
SEPTEMBER 27, 2024
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.
Zero Day
SEPTEMBER 27, 2024
Most users were able to install Wear OS 5 successfully, but an unlucky few ended up with blank screens after attempting to update.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
285 
Let's personalize your content