Schneier on Security
JANUARY 9, 2024
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The Last Watchdog
JANUARY 9, 2024
Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience. AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 9, 2024
ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.
Jane Frankland
JANUARY 9, 2024
In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. However, not all organisations have had the means to invest in and manage the staffing and infrastructure required for a Security Operations Centre (SOC). This is where Managed Detection & Response (MDR) providers come in.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JANUARY 9, 2024
The US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.
Security Affairs
JANUARY 9, 2024
Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday security updates for January 2024 fixed 49 flaws in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; and Internet Explorer.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 9, 2024
The LockBit ransomware gang claimed responsibility for the cyber attack on the Capital Health hospital network. The LockBit ransomware operation has claimed responsibility for the cyberattack that hit the Capital Health hospital network in November 2023. Capital Health Regional Medical Center is a member of Capital Health System. Located in Trenton, New Jersey, Capital Health Regional Medical Center, is a regional academic medical center and state-designated trauma center that cares for both com
Bleeping Computer
JANUARY 9, 2024
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. [.
Security Affairs
JANUARY 9, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524 , to its Known Exploited Vulnerabilities (KEV) catalog. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework.
GlobalSign
JANUARY 9, 2024
Let’s explore the DevOps security skills gap and how a security coaching program can assist in addressing the issue.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JANUARY 9, 2024
Cybersecurity context is the missing puzzle piece that can transform a jumble of information into a clear and coherent picture of vulnerabilities. The post Deciphering Cybersecurity Vulnerabilities Requires Context appeared first on Security Boulevard.
Bleeping Computer
JANUARY 9, 2024
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [.
Malwarebytes
JANUARY 9, 2024
Ransomware groups are liars, yes, but even when these dangerous cybercriminals would ransack organizations and destroy entire companies, a few select groups espoused a sort of “honor among thieves.” According to those few groups, their cybercriminal actions would never include organizations actively involved in healthcare, such as hospitals. But, as can be expected from ransomware groups, these were nothing but lies.
Security Boulevard
JANUARY 9, 2024
Entering a new year, the cybersecurity landscape is poised for significant shifts, driven by the dynamic interplay between technological advancements and persistent threats. In this blog, industry experts share their insights and predictions, offering a nuanced perspective on the cybersecurity… The post 2024 Cybersecurity Predictions appeared first on LogRhythm.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
JANUARY 9, 2024
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma.
Bleeping Computer
JANUARY 9, 2024
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [.
Security Boulevard
JANUARY 9, 2024
The issues of outside interference in U.S. elections and the security of the systems behind them have been talked and debate for at least a decade and promise to be at the forefront again as the country gears up for what promises to be a pivotal election year in 2024. However, local and state government. The post Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats appeared first on Security Boulevard.
The Hacker News
JANUARY 9, 2024
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
JANUARY 9, 2024
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. [.
The Hacker News
JANUARY 9, 2024
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days.
Penetration Testing
JANUARY 9, 2024
The AI Engine plugin, a popular AI-related WordPress plugin with over 50,000 active installations, recently experienced a significant security vulnerability. This vulnerability tracked as CVE-2023-51409, classified as an “unauthenticated arbitrary file upload” issue, posed... The post CVE-2023-51409: The Severe Vulnerability Threatening 50,000 WordPress Sites appeared first on Penetration Testing.
The Hacker News
JANUARY 9, 2024
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Digital Guardian
JANUARY 9, 2024
Switzerland's revised data protection law took effect September 2023. What are the implications of the law and how can organizations comply with what it asks? We dig into it in today's blog.
The Hacker News
JANUARY 9, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
Penetration Testing
JANUARY 9, 2024
In a significant breakthrough in the fight against cybercrime, Cisco Talos, in cooperation with Dutch Police and Avast, has recovered a crucial decryptor for systems affected by the Babuk ransomware variant known as Tortilla.... The post Avast Unveils Updated Babuk Decryptor in Collaboration with Cisco Talos and Dutch Police appeared first on Penetration Testing.
The Hacker News
JANUARY 9, 2024
A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Veracode Security
JANUARY 9, 2024
Veracode has recently introduced a new feature called Dynamic Analysis MFA, which provides automated support for multi-factor authentication (MFA) setups during dynamic analysis scans. This eliminates the need for you to disable or manually support your MFA configurations when conducting security testing. Understanding Dynamic Analysis MFA When we log into applications, we usually use a username and password, which is considered one-factor authentication.
The Hacker News
JANUARY 9, 2024
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere.
Bleeping Computer
JANUARY 9, 2024
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [.
Penetration Testing
JANUARY 9, 2024
The start of 2024 marked a significant milestone for Microsoft as it launched its first Patch Tuesday update of the year. This release was a comprehensive attempt to fortify the digital ramparts, addressing 49... The post CVE-2024-20674 & 20700: Two Critical Flaws in Microsoft Patch Tuesday January 2024 appeared first on Penetration Testing.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
296 
Let's personalize your content