Schneier on Security
DECEMBER 11, 2023
It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.
Joseph Steinberg
DECEMBER 11, 2023
Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Washington, DC — December 11, 2023 — The International Association of Chiefs of Police (IACP) has appointed long-time information-security-industry veteran and cybersecurity expert witness, Joseph Steinberg, to the organization’s Computer Crime & Digital Evidence Committee.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 11, 2023
Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices.
We Live Security
DECEMBER 11, 2023
A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
DECEMBER 11, 2023
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. [.
Tech Republic Security
DECEMBER 11, 2023
Hotspot Shield’s speed-oriented features may not be enough to overcome its lack of testing and questionable data logs. Read more in our full review below.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 11, 2023
Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. [.
Security Affairs
DECEMBER 11, 2023
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.
Bleeping Computer
DECEMBER 11, 2023
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [.
Security Affairs
DECEMBER 11, 2023
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
DECEMBER 11, 2023
The post The top cyber security news stories of 2023 appeared first on Click Armor. The post The top cyber security news stories of 2023 appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 11, 2023
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. [.
Security Boulevard
DECEMBER 11, 2023
SMBs are low-hanging fruit for cybercriminals because they have limited IT resources, staff and cybersecurity defenses. The post Why Cybersecurity Needs To Be an SMB Priority appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 11, 2023
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
DECEMBER 11, 2023
Take a look at Fred’s must-reads for the holiday season. I always enjoy thinking back over the last year, remembering the new books that I’ve enjoyed and learned from, but also the books I’ve read in the past that resurfaced in life and work this year. When putting together a book and film recommendation list,… The post Fred Burton’s 2023 Holiday Reading List appeared first on Ontic.
Security Affairs
DECEMBER 11, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-41265 (CVSS score 9.6)- Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an atta
SecureList
DECEMBER 11, 2023
In the whirlwind of technological advancements and societal transformations, the term “AI” has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly securing a position as the Collins English Dictionary’s 2023 Word of the Year.
Bleeping Computer
DECEMBER 11, 2023
The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. [.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
We Live Security
DECEMBER 11, 2023
AI has been around for a while now, but governments are only starting to issue legislation to regulate it. Is it too late? Have we learned nothing from late IoT regulations that left the market swamped with old insecure devices?
Penetration Testing
DECEMBER 11, 2023
headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/headerpwn@v0.0.3 Use headerpwn allows you to test various headers on a target URL and analyze the... The post headerpwn: A fuzzer for analyzing how servers respond to different HTTP headers appeared first on Penetration Testing.
The Hacker News
DECEMBER 11, 2023
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
Penetration Testing
DECEMBER 11, 2023
In the shadowy world of cyber threats, PlugX stands out as a sophisticated and insidious malware, leaving a digital trail of espionage and evasion. Recently, the Splunk Threat Research Team (STRT) unraveled the mystery... The post PlugX malware: The Enigma of Cyber Espionage Unveiled appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
DECEMBER 11, 2023
The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.
GlobalSign
DECEMBER 11, 2023
In this blog we will discuss how outdated encryption methods can be detrimental to businesses and explore proactive solutions.
Bleeping Computer
DECEMBER 11, 2023
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [.
The Hacker News
DECEMBER 11, 2023
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
WIRED Threat Level
DECEMBER 11, 2023
Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.
The Hacker News
DECEMBER 11, 2023
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution.
SecureWorld News
DECEMBER 11, 2023
Have you been thinking about digital trust? How do you trust an algorithm that's making thousands of decisions a second when you don't even know how it works? And how do you trust a company that is silently tracking your movements every day, collecting data on you, and not telling you what they do with that data? With our digital global economy being founded on trust, we need to establish a meaningful definition of "digital trust.
WIRED Threat Level
DECEMBER 11, 2023
With its war against Russia raging on, Ukraine has begun raising funds to rebuild homes and structures one by one using its own crowdfunding platform.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
294 
Let's personalize your content