Schneier on Security
NOVEMBER 29, 2023
They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.
Krebs on Security
NOVEMBER 29, 2023
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
NOVEMBER 29, 2023
The Guidelines for Secure AI System Development have been drawn up to help developers ensure security is baked into the heart of new artificial intelligence models.
Security Boulevard
NOVEMBER 29, 2023
You had one job: Last month’s sheer incompetence descends this week into UTTER FARCE. The post Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1% appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
NOVEMBER 29, 2023
Google has released an update to Chrome which includes seven security fixes including one for a vulnerability which is known to have already been exploited. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to update Chrome is to set it to update automatically, but you have to make sure to close your browser for the update to finish.
Security Affairs
NOVEMBER 29, 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
NOVEMBER 29, 2023
The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive health.
Security Boulevard
NOVEMBER 29, 2023
In today's digital age, businesses constantly face unprecedented cybersecurity challenges. The ever-evolving threat landscape, stringent regulatory requirements, and the growing volume of sensitive data make safeguarding your organization’s data a top priority. Fortunately, you can leverage advanced cybersecurity solutions to protect assets and customer data.
Malwarebytes
NOVEMBER 29, 2023
A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy. With the help of machine learning, they could see the consistency of length requirements and restrictions for numbers, upper- and lower-case letters, special symbols, combinations, and starting letters.
Security Boulevard
NOVEMBER 29, 2023
The very features that make responsive web design (RWD) so flexible can also introduce new security vulnerabilities if not properly managed. The post 5 Security Risks of Responsive Web Design appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
NOVEMBER 29, 2023
San Mateo, Calif., November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. The report outlines 12 predictions and strategies to help IT, security, risk management, and compliance leaders tackle data privacy and cyber-risk challenges for the coming year.
Security Affairs
NOVEMBER 29, 2023
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals. The Docker Hub store has at least 5,493 container images that contain secrets and could be considered as exposing sensitive information.
Bleeping Computer
NOVEMBER 29, 2023
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. [.
We Live Security
NOVEMBER 29, 2023
GPS jamming technology is both widely available and well developed, hence it's also poised to proliferate, especially in the hands of those wishing ill
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
NOVEMBER 29, 2023
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future
Security Boulevard
NOVEMBER 29, 2023
Here are three major reasons why workers should consider upskilling to a new career in the cybersecurity field. The post 3 Reasons to Consider Reskilling to a Role in Cybersecurity appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 29, 2023
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies. [.
Security Boulevard
NOVEMBER 29, 2023
Email Encryption allows you to jumble message content into an incomprehensible format that cannot be decoded by threat actors, preventing data breaches. The post What is Email Encryption and What are its Various Types? appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
SecureWorld News
NOVEMBER 29, 2023
Ardent Health Services, a Nashville-based healthcare provider, fell victim to a ransomware attack on Thanksgiving Day morning, November 23, that disrupted its IT operations and forced hospitals to divert emergency room patients to other facilities. The incident highlighted the growing threat of cyberattacks to healthcare organizations, which are increasingly reliant on technology to deliver care.
Security Boulevard
NOVEMBER 29, 2023
One way to characterize a cybersecurity strategy is by whether it takes action based on the definition of “known good” activity or “known bad” activity. The “known bad” approach attempts to identify threats by monitoring activity (network requests, user actions, application behavior, etc.) and watching for anything that matches a predefined set of malicious or unsafe actions.
WIRED Threat Level
NOVEMBER 29, 2023
Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.
Security Boulevard
NOVEMBER 29, 2023
In a digital realm characterized by rapidly evolving threats, organizations are in constant search of effective defense mechanisms. Managed Detection and Response, commonly referred to as MDR, has emerged as a pivotal solution in this context. This blog aims to explore the depths of MDR, its importance, and its limitations. What is MDR? Managed Detection.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
NOVEMBER 29, 2023
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. [.
Security Boulevard
NOVEMBER 29, 2023
Choosing office facilities involves far more than evaluating rent and location. In the current landscape of seemingly escalating workplace violence, prioritizing workplace safety has never been more important. Security teams play a pivotal role in shaping the work environment, strategically implementing security measures that align with the layout and available resources in each office location.… The post The Underestimated Value of Security in Selecting Corporate Real Estate appeared first on O
Bleeping Computer
NOVEMBER 29, 2023
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data. [.
Security Boulevard
NOVEMBER 29, 2023
San Mateo, Calif., November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. The report outlines 12 predictions … (more…) The post News alert: Kiteworks forecast lays out risk predictions, strategies for sensitive content in 2024 appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Google Security
NOVEMBER 29, 2023
Elie Bursztein, Cybersecurity & AI Research Director, and Marina Zhang, Software Engineer Systems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams. These types of texts are harder for machine learning models to classify because bad actors rely on adversarial text manipulations to actively attempt to evade the classifiers.
LRQA Nettitude Labs
NOVEMBER 29, 2023
As Red Teamers, we need an OPSEC safe method to execute shellcode via a range of initial access vectors. Things are getting more and more difficult with Endpoint Detection and Response (EDR) products improving, making it more challenging to get an implant. This post is going to present a slightly new method for bypassing EDR, commonly known as CreateThreadPoolWait.
GlobalSign
NOVEMBER 29, 2023
Boeing breaches, Anoymous attacks, critical concern for Critical Infrastructure and much more in this month’s NewsScam.
Bleeping Computer
NOVEMBER 29, 2023
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
306 
Let's personalize your content