Wed.Dec 06, 2023

article thumbnail

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Schneier on Security

Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.

article thumbnail

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Internet 267
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users

Tech Republic Security

Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support.

article thumbnail

GST Invoice Billing Inventory exposes sensitive data to threat actors

Security Affairs

GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously known as Book Keeper) app is one of the thousands of apps on the Google Play Store with sensitive data hard-coded into the client side of an app.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware

Tech Republic Security

Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.

Malware 184
article thumbnail

Navigating privacy: Should we put the brakes on car tracking?

We Live Security

Smart cars include many new functions that make our lives easier, but they also do so by intruding upon personal privacy through an incessant amount of tracking, which can make these cars targets of cyberattacks.

Phishing 139

More Trending

article thumbnail

New SLAM attack steals sensitive data from AMD, future Intel CPUs

Bleeping Computer

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [.

Passwords 130
article thumbnail

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

Security Affairs

Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue is not a flaw in the feature or an iOS vulnerability.

Malware 135
article thumbnail

Nissan is investigating cyberattack and potential data breach

Bleeping Computer

Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [.

article thumbnail

Atlassian addressed four new RCE flaws in its products

Security Affairs

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.

Software 134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

Security Boulevard

Security teams are wasting time and resources normalizing data to store and analyze it in a separate platform instead of relying on the same data IT teams use to manage operations. The post Survey Surfaces Wasted Efforts Collecting Cybersecurity Data appeared first on Security Boulevard.

article thumbnail

Police Can Spy on Your iOS and Android Push Notifications

WIRED Threat Level

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.

Mobile 118
article thumbnail

New macOS Trojan-Proxy piggybacking on cracked software

SecureList

Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch” They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into

Software 118
article thumbnail

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

WIRED Threat Level

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

10 Opportunities to Consider Security within the DevOps Workflow

GlobalSign

In this blog, we explore 10 steps to enabling better security and efficiency that DevOps environments should be considering

116
116
article thumbnail

Windows 10 gets its own extended security updates program

Malwarebytes

The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then. Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular.

Marketing 112
article thumbnail

$10 million up for grabs in fight against North Korean hackers

Graham Cluley

$10 million reward is focused on hackers working on behalf of the North Korean government, who are using cryptocurrency mixers to launder the funds they are stealing from financial institutions and businesses. Read more in my article on the Hot for Security blog.

article thumbnail

PipeViewer: shows detailed information about named pipes in Windows

Penetration Testing

PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed... The post PipeViewer: shows detailed information about named pipes in Windows appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ostrich Cyber-Risk Announces Partnership with C-Risk to Strengthen Cybersecurity Resilience and Innovation

Security Boulevard

SALT LAKE CITY, — Ostrich Cyber-Risk (Ostrich) , a pioneer and prestigious provider of cyber-risk management solutions, is excited to announce a partnership with C-Risk , a leading service provider of cyber risk management in Europe. Tom Callaghan, Co-Founder of C-Risk, commented, "C-Risk has built a portfolio of services which help our clients to unlock the value of quantitative risk management.

article thumbnail

3 Data Masking Techniques and How to Implement Them

Digital Guardian

Data masking or data obfuscation has become a popular way to modify data to make it difficult to ascertain what's authentic vs. what's been modified. In today's blog we look at three different data masking techniques.

article thumbnail

Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity

Security Boulevard

Defense-in-depth is a cybersecurity strategy that emphasizes deploying multiple layers of security controls and countermeasures to protect critical assets and mitigate the impact of potential attacks. The post Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.

article thumbnail

Navy contractor Austal USA confirms cyberattack after data leak

Bleeping Computer

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. [.

105
105
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Top Security Trends and Predictions for 2024

Security Boulevard

Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics , give us unique visibility into trends in mobile security. Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024.

Mobile 110
article thumbnail

Critical WordPress Vulnerability Patched: Remote Code Execution Possible

Penetration Testing

A critical security vulnerability patched in the recent WordPress 6.4.2 update could have allowed attackers to take full control of vulnerable websites. While the vulnerability itself resided within WordPress core, its potential for harm... The post Critical WordPress Vulnerability Patched: Remote Code Execution Possible appeared first on Penetration Testing.

article thumbnail

US senator: Govts spy on Apple, Google users via mobile notifications

Bleeping Computer

A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. [.

Mobile 102
article thumbnail

The Cybersecurity Perception Problem in 2023

Approachable Cyber Threats

It’s here! The 2023 update to our research on the perception of cybersecurity incident and data breach causes that’s helped organizations re-evaluate how they are at risk of a cybersecurity incident or data breach instead of what feels right. So what’s new this year, what was our methodology, and what was surprising? Keep reading below! Or download now!

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

The Hacker News

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet.

article thumbnail

Krasue RAT malware hides on Linux servers using embedded rootkits

Bleeping Computer

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. [.

article thumbnail

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

The Hacker News

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.

article thumbnail

2023 Review: Reflecting on Cybersecurity Trends

Trend Micro

Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics, from AI to human factors.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.