Schneier on Security
JANUARY 22, 2024
You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases.
Joseph Steinberg
JANUARY 22, 2024
Hacking et Cybersécurité Mégapoche pour les Nuls , a single-volume book containing French versions of the latest editions of both the best selling CyberSecurity for Dummies by Joseph Steinberg, and Hacking For Dummies by Kevin Beaver, is now available to the public. The new book, now available for purchase online worldwide and in stores throughout Europe, helps people stay cyber-safe regardless of their technical skill sets, and teaches readers how hackers attack systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 22, 2024
Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.
WIRED Threat Level
JANUARY 22, 2024
Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Trend Micro
JANUARY 22, 2024
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
Security Affairs
JANUARY 22, 2024
Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then there’s this.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 22, 2024
Researchers warn of a spike in attacks exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell. Trustwave researchers observed a surge in attacks exploiting a now-patched flaw in Apache ActiveMQ, in many cases aimed at delivering a malicious code that borrows the code from the open-source web shell Godzilla. Threat actors conceal the web shell within an unknown binary format evading security and signature-based scanners.
Graham Cluley
JANUARY 22, 2024
US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog.
Security Affairs
JANUARY 22, 2024
Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild. Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year.
Security Boulevard
JANUARY 22, 2024
In the modern landscape of cybersecurity risk management, one uncomfortable truth is clear — managing cyber risk across the enterprise is harder than ever. Keeping architectures and systems secure and compliant can seem overwhelming even for today’s most skilled teams. Dave Hatter, a cybersecurity consultant at Intrust IT and 30-year veteran of the industry, explains, The post Cybersecurity Risk Management: Frameworks, Plans, & Best Practices appeared first on Hyperproof.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JANUARY 22, 2024
Resecurity researchers warn of massive leak of stolen Thai personally identifiable information (PII) on the dark web by cybercriminals. Resecurity has detected a noticeable increase in data leaks from consumer-focused platforms in Thailand, confirming that threat actors are actively targeting the personal data of citizens now at the beginning of 2024.
Bleeping Computer
JANUARY 22, 2024
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. [.
Security Boulevard
JANUARY 22, 2024
A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware’s vCenter Server since at least late 2021, according to the Google-owned cybersecurity company. VMware patched the bug, tracked as CVE-2023-34048, in October 2023, but Mandiant researchers Alexander Marvi, Shawn.
The Last Watchdog
JANUARY 22, 2024
Tel Aviv, Israel – Jan. 23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. In a comprehensive research project, Sternum identified a potential vulnerability involving the reverse SSH tunnel and deprecated NTP client and HTTP servers. ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JANUARY 22, 2024
Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches. In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, public websites, and previous data breaches.
Security Boulevard
JANUARY 22, 2024
For the second time this month, the Federal Trade Commission is banning a data broker from selling or licensing precise location data without getting the consumer’s consent. Under the 14-page FTC order, Texas-based data aggregator InMarket Media also is prohibited from selling, licensing, or sharing any product or service that targets consumers or categorizes them.
SecureList
JANUARY 22, 2024
A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software.
Bleeping Computer
JANUARY 22, 2024
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. [.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
IT Security Guru
JANUARY 22, 2024
Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.
WIRED Threat Level
JANUARY 22, 2024
Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.
eSecurity Planet
JANUARY 22, 2024
This week’s vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. Citrix and Ivanti are seeing more problems, too, as more vulnerabilities have cropped up in Netscaler and Endpoint Manager Mobile. Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment.
Penetration Testing
JANUARY 22, 2024
GoAnywhere MFT is a secure managed file transfer (MFT) solution that helps organizations automate, centralize, and secure their file transfers. It’s a software platform that removes the hassle of moving data between different systems... The post CVE-2024-0204 (CVSS 9.8): Critical Authentication Bypass Flaw in GoAnywhere MFT appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Veracode Security
JANUARY 22, 2024
Implementation of a DevSecOps approach is the most impactful key factor in the total cost of a data breach. Successful DevSecOps in a cloud-native world is aided by the right tools. Here are a handful of the most essential cloud security tools and what to look for in them to aid DevSecOps. Top Essential Cloud Security Tool for DevSecOps: Software Composition Analysis Software Composition Analysis (SCA) is the bread and butter of cloud security tools for effective DevSecOps and securing the sof
Penetration Testing
JANUARY 22, 2024
Apple has unfurled security updates to confront the year’s inaugural zero-day vulnerability, a menacing shadow looming over iPhones, Macs, and Apple TVs alike. This zero-day, tracked as CVE-2024-23222, lies within WebKit, and if exploited,... The post CVE-2024-23222: Apple’s First Zero-Day Flaw of the Year appeared first on Penetration Testing.
Bleeping Computer
JANUARY 22, 2024
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [.
Penetration Testing
JANUARY 22, 2024
The Spring Framework is an open-source Java platform that provides comprehensive infrastructure support for developing enterprise applications. It’s essentially a toolkit that simplifies the development process by taking care of the boilerplate code and... The post CVE-2024-22233: A high-severity Spring Framework Vulnerability appeared first on Penetration Testing.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
JANUARY 22, 2024
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content.
GlobalSign
JANUARY 22, 2024
In this article, we look at the European Union and global countries different requirements regarding the mandatory elements in an invoice.
SecureWorld News
JANUARY 22, 2024
Microsoft disclosed that it recently fell victim to a cyberattack by Nobelium, the Russian state-sponsored hacking group infamously responsible for the 2020 SolarWinds supply chain attack. The breach, detected on January 12th, allowed the hackers to access email accounts belonging to members of Microsoft's senior leadership team. While details remain limited, Microsoft stated that Nobelium, also known as Midnight Blizzard, leveraged a simple password spray attack to compromise an unsecured legac
Bleeping Computer
JANUARY 22, 2024
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
276 
Let's personalize your content