Schneier on Security
JANUARY 9, 2024
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The Last Watchdog
JANUARY 9, 2024
Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience. AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
JANUARY 9, 2024
In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. However, not all organisations have had the means to invest in and manage the staffing and infrastructure required for a Security Operations Centre (SOC). This is where Managed Detection & Response (MDR) providers come in.
Tech Republic Security
JANUARY 9, 2024
ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 9, 2024
Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday security updates for January 2024 fixed 49 flaws in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; and Internet Explorer.
Security Boulevard
JANUARY 9, 2024
Cybersecurity context is the missing puzzle piece that can transform a jumble of information into a clear and coherent picture of vulnerabilities. The post Deciphering Cybersecurity Vulnerabilities Requires Context appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 9, 2024
The LockBit ransomware gang claimed responsibility for the cyber attack on the Capital Health hospital network. The LockBit ransomware operation has claimed responsibility for the cyberattack that hit the Capital Health hospital network in November 2023. Capital Health Regional Medical Center is a member of Capital Health System. Located in Trenton, New Jersey, Capital Health Regional Medical Center, is a regional academic medical center and state-designated trauma center that cares for both com
Bleeping Computer
JANUARY 9, 2024
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. [.
Security Boulevard
JANUARY 9, 2024
Entering a new year, the cybersecurity landscape is poised for significant shifts, driven by the dynamic interplay between technological advancements and persistent threats. In this blog, industry experts share their insights and predictions, offering a nuanced perspective on the cybersecurity… The post 2024 Cybersecurity Predictions appeared first on LogRhythm.
We Live Security
JANUARY 9, 2024
Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Let’s briefly look at some of the pros and cons that developing a “relationship” with an AI companion may involve.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JANUARY 9, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524 , to its Known Exploited Vulnerabilities (KEV) catalog. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework.
Security Boulevard
JANUARY 9, 2024
The issues of outside interference in U.S. elections and the security of the systems behind them have been talked and debate for at least a decade and promise to be at the forefront again as the country gears up for what promises to be a pivotal election year in 2024. However, local and state government. The post Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats appeared first on Security Boulevard.
Bleeping Computer
JANUARY 9, 2024
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [.
Digital Guardian
JANUARY 9, 2024
Switzerland's revised data protection law took effect September 2023. What are the implications of the law and how can organizations comply with what it asks? We dig into it in today's blog.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
JANUARY 9, 2024
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. [.
The Hacker News
JANUARY 9, 2024
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma.
GlobalSign
JANUARY 9, 2024
Let’s explore the DevOps security skills gap and how a security coaching program can assist in addressing the issue.
WIRED Threat Level
JANUARY 9, 2024
The US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Veracode Security
JANUARY 9, 2024
Veracode has recently introduced a new feature called Dynamic Analysis MFA, which provides automated support for multi-factor authentication (MFA) setups during dynamic analysis scans. This eliminates the need for you to disable or manually support your MFA configurations when conducting security testing. Understanding Dynamic Analysis MFA When we log into applications, we usually use a username and password, which is considered one-factor authentication.
Penetration Testing
JANUARY 9, 2024
The AI Engine plugin, a popular AI-related WordPress plugin with over 50,000 active installations, recently experienced a significant security vulnerability. This vulnerability tracked as CVE-2023-51409, classified as an “unauthenticated arbitrary file upload” issue, posed... The post CVE-2023-51409: The Severe Vulnerability Threatening 50,000 WordPress Sites appeared first on Penetration Testing.
The Hacker News
JANUARY 9, 2024
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access.
Bleeping Computer
JANUARY 9, 2024
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
JANUARY 9, 2024
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days.
Bleeping Computer
JANUARY 9, 2024
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [.
SecureWorld News
JANUARY 9, 2024
In a historic moment for the U.S. Marine Corps and the field of cybersecurity, Major General Lorna M. Mahlock has assumed command of the Cyber National Mission Force (CNMF). The appointment not only marks a significant milestone in the military's leadership but also underscores the increasing importance of cyber capabilities in national defense. A trailblazer in cybersecurity: Maj.
Bleeping Computer
JANUARY 9, 2024
Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
JANUARY 9, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
Bleeping Computer
JANUARY 9, 2024
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [.
Penetration Testing
JANUARY 9, 2024
In a significant breakthrough in the fight against cybercrime, Cisco Talos, in cooperation with Dutch Police and Avast, has recovered a crucial decryptor for systems affected by the Babuk ransomware variant known as Tortilla.... The post Avast Unveils Updated Babuk Decryptor in Collaboration with Cisco Talos and Dutch Police appeared first on Penetration Testing.
Bleeping Computer
JANUARY 9, 2024
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
275 
Let's personalize your content