Schneier on Security

JANUARY 11, 2024

Add pharmacies to the list of industries that are giving private data to the police without a warrant.

Healthcare 282

Healthcare Data privacy 282

Tech Republic Security

JANUARY 11, 2024

Looking for the best anonymous (no-log) VPN? Check out our comprehensive list to find the top VPN services that prioritize anonymity and security.

VPN 169

VPN 169

Malwarebytes

JANUARY 11, 2024

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password. Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue.

Accountability 145

Accountability Authentication Passwords Malware 145

Trend Micro

JANUARY 11, 2024

This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

Malware 138

Malware 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JANUARY 11, 2024

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. [.

Risk 133

Risk Authentication 133

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. The X account of the Google-owned firm Mandiant has over 120,000 followers.

Accountability 137

Accountability Hacking Cryptocurrency Cybersecurity 137

Security Boulevard

JANUARY 11, 2024

Federal regulators are banning OutLogic from selling or sharing sensitive location data to third parties, marking the latest effort by government officials to address the thorny issue of data brokers and what they do with the massive amounts of personal information they collect. In this case, the Federal Trade Commission (FTC), in its first settlement.

Government 126

Government Data privacy Mobile Risk 126

eSecurity Planet

JANUARY 11, 2024

When remote workers connect bring-your-own-device (BYOD) laptops, desktops, tablets, and phones to corporate assets, risk dramatically increases. These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics.

Ransomware 123

Ransomware Encryption IoT VPN 123

Security Boulevard

JANUARY 11, 2024

A Netskope report revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023. The post Netskope Report Surfaces Raft of Cybersecurity Challenges appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Phishing Social Engineering Engineering 126

Security Affairs

JANUARY 11, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 129

Authentication Hacking Cybersecurity Software 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Duo's Security Blog

JANUARY 11, 2024

Scaling a cybersecurity mountain is an arduous but essential task for organizations. It requires careful planning, thorough preparation, and the right gear. For years, Active Directory Federation Services (AD FS) has been the trusted climbing gear for many organizations. It has been a dependable tool, providing single sign-on access to systems and applications across organizational boundaries.

Authentication 120

Authentication Cybersecurity Architecture Accountability 120

Security Affairs

JANUARY 11, 2024

Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure. Software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways.

Authentication 126

Authentication VPN Mobile Hacking 126

Bleeping Computer

JANUARY 11, 2024

The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. [.

Passwords 115

Passwords Password Management 115

Security Boulevard

JANUARY 11, 2024

This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it is applicable, as well as […] The post Insufficient Internal Network Monitoring in Cybersecurity appeared first on TuxCare.

Cybersecurity 115

Cybersecurity Cyber threats 115

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

JANUARY 11, 2024

The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. [.

Backups 115

Backups Ransomware Cybersecurity 115

GlobalSign

JANUARY 11, 2024

In the fast-paced world of enterprise security the right partner for your digital security needs is non-negotiable. Here’s why you should choose GlobalSign.

122

122

Security Boulevard

JANUARY 11, 2024

Build your cybersecurity strategy on a solid foundation of asset visibility and segmentation On November 20, 2023, the Cybersecurity Infrastructure and Security Agency (CISA) issued guidance for healthcare delivery organizations (HDOs) struggling to secure their data and systems against a growing and pernicious onslaught of attacks from threat actors across the globe.

Healthcare 111

Healthcare Cybersecurity CISO 111

SecureWorld News

JANUARY 11, 2024

Cybersecurity threats are a growing menace, wreaking havoc on businesses and individuals alike. In this digital battlefield, cyber insurance has emerged as a crucial shield, offering financial protection against data breaches, ransomware attacks, and other cyber incidents. However, just as the threats evolve, so too does the cost of protection, with the global cyber insurance market projected to balloon to a staggering $90. 6 billion by 2033, according to a recent report from Market.us Scoop.

Cyber Insurance 105

Cyber Insurance Insurance Cyber Risk Data breaches 105

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JANUARY 11, 2024

Software development continues to swiftly advance and also to entail more complex dependencies, with continuous integration/continuous development (CI/CD) bringing faster code releases. Meanwhile, application security (AppSec) is struggling to keep up with its practices and tooling. The post The evolution of AppSec: 4 key changes required for a new era appeared first on Security Boulevard.

Software 108

Software 108

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, impacting its netfilter component. Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Security Boulevard

JANUARY 11, 2024

Read more » The post Prioritize Risk and Eliminate SCA Alert Fatigue with SCA 2.0 appeared first on Deepfactor. The post Prioritize Risk and Eliminate SCA Alert Fatigue with SCA 2.0 appeared first on Security Boulevard.

Risk 104

Risk 104

Penetration Testing

JANUARY 11, 2024

A new flaw has emerged, demanding immediate attention from IT professionals. Zoho‘s ManageEngine ADSelfService Plus, renowned for its integrated self-service password management and single sign-on capabilities for Active Directory and cloud applications, has been... The post CVE-2024-0252 (CVSS 9.9): Zoho ManageEngine ADSelfService RCE Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Password Management Passwords 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JANUARY 11, 2024

A major T-Mobile outage is preventing customers from logging into their accounts and using the company's mobile app.

Mobile 127

Mobile Accountability Technology 127

WIRED Threat Level

JANUARY 11, 2024

Crypto tracing firm Chainalysis found that sellers of child sexual abuse materials are successfully using “mixers” and “privacy coins” like Monero to launder their profits and evade law enforcement.

Cryptocurrency 102

Cryptocurrency 102

Penetration Testing

JANUARY 11, 2024

Multiple vulnerabilities were identified in Juniper Junos OS, posing a range of threats from denial of service to remote code execution. CVE-2024-21611: A memory leak and eventually an rpd crash Among these, a vulnerability has... The post CVE-2024-21591: Critical Pre-RCE Flaw Threatens Junos OS SRX and EX Series appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

The Hacker News

JANUARY 11, 2024

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio.

Hacking 108

Hacking Accountability 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

JANUARY 11, 2024

Software vendor Ivanti has warned customers about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Successful exploitation would give an attacker the ability to run arbitrary code on Ivanti’s Virtual Private Network (VPN) system. The warning is echoed by several international security agencies like CISA and the German BSI.

VPN 103

VPN Authentication Software Risk 103

Penetration Testing

JANUARY 11, 2024

In the ever-evolving landscape of cyber threats, GitLab, a renowned player in the DevOps field, has recently taken decisive steps to fortify its defenses against a series of critical vulnerabilities. CVE-2023-7028: Account Takeover via... The post CVE-2023-7028 & 5356: GitLab Addresses Account Takeover & Command Flaws appeared first on Penetration Testing.

Accountability 105

Accountability Penetration Testing Cyber threats 105

Bleeping Computer

JANUARY 11, 2024

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [.

Data breaches 99

Data breaches Phishing Accountability 99

Penetration Testing

JANUARY 11, 2024

ShellSweep “ShellSweep” is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and its suite of tools calculate the entropy of file contents to estimate the likelihood of a... The post ShellSweep: detect potential webshell files in a specified directory appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government