Schneier on Security
JANUARY 31, 2024
In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.
Tech Republic Security
JANUARY 31, 2024
Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JANUARY 31, 2024
In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization. Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.
Tech Republic Security
JANUARY 31, 2024
Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. Desktops are routinely stationary devices and laptops are harder to lose than smartphones or tablets, being more sizable. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JANUARY 31, 2024
It’s still relatively early in the year, but bad actors are already targeting accounting and finance organizations as well as filers in the United States with tax-related scams. Researchers at cybersecurity company Proofpoint wrote in a report this week that the return of tax season reliably brought the threat group TA576 back into action. “TA576. The post Tax Season is Upon Us, and So Are the Scammers appeared first on Security Boulevard.
Tech Republic Security
JANUARY 31, 2024
Get the ultimate online protection of privacy and security for up to five devices, including speedy servers, unlimited bandwidth, kill switch and more.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 31, 2024
This tutorial will guide you on how to use KeePass to manage and secure your passwords. Learn how to set it up and make the most of its features.
Pen Test Partners
JANUARY 31, 2024
We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights One of the iOS apps had ATS (application transport security) intentionally disabled, exposing the app to interception attacks over Wi-Fi This could enable
Tech Republic Security
JANUARY 31, 2024
Requesting the removal of your most confidential data from the internet is a complicated process unless you have Incogni, which can do it in a few clicks.
Security Boulevard
JANUARY 31, 2024
For all the benefits that SaaS provides, data protection and security is most often found wanting. The post Confronting the SaaS Data Protection and Security Crisis appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JANUARY 31, 2024
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). The software company also warned that one of these two vulnerabilities is under active exploitation in the wild.
The Last Watchdog
JANUARY 31, 2024
Tel Aviv, Israel, Jan. 31, 2024 — Oasis Security , the leading provider of Non-human Identity Management (NIM) solutions, announced today that it raised a total of $40 million funding led by Sequoia Capital (Doug Leone, Bogomil Balkansky), alongside Accel (Andrei Brasoveanu), Cyberstarts (Lior Simon) and Maple Capital. Guy Podjarny, founder of Snyk and Michael Fey, Co-Founder and CEO of Island, also participated in the financing.
Security Boulevard
JANUARY 31, 2024
The United States is hitting two Egyptian nationals with sanctions for allegedly creating and maintaining a platform used to train members of the ISIS terrorist group in cybersecurity and to support its funding and recruitment. The Treasury and State departments are accusing Mu’min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid of launching and managing the.
The Last Watchdog
JANUARY 31, 2024
San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners. The funding will be used for core research and development to build new AI technology and products to protect against generative AI threats, such as deepfake social engineering and autono
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
GlobalSign
JANUARY 31, 2024
There’s More than Water Leaking at Two Major Water Companies, LockBit Snacks on Subway, plus researchers discover the ‘Mother of all Breaches’ and more in the latest edition of NewsScam
Malwarebytes
JANUARY 31, 2024
On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the “ mother of all breaches ” (MOAB). Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup. Prevention platform SpyCloud compared the MOAB data with its own recaptured dataset and found at least 94% of the data was either public, old, or otherwise widely-known.
PCI perspectives
JANUARY 31, 2024
With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.
Security Affairs
JANUARY 31, 2024
Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripple’s co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP accounts, while the @Ripple was not impacted.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
JANUARY 31, 2024
Professional cyber threat hunters complement cybersecurity programs focusing on potential threats and vulnerabilities that may breach automated cybersecurity tools and traditional systems. These hunters proactively search for previously unknown or ongoing threats by using their deep understanding of cybersecurity and how cybercriminals operate. This hiring kit from TechRepublic Premium provides a workable framework you can.
Security Boulevard
JANUARY 31, 2024
The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration. The post Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations appeared first on Security Boulevard.
Security Affairs
JANUARY 31, 2024
German police seized 50,000 Bitcoin from the former operator of the now-defunct piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 billion at the current exchange rate) from the former operator of the now-defunct piracy site movie2k. “This is the most extensive security of Bitcoins by law enforcement authorities in the Federal Republic of Germany to date.” reads the press release published by the German police.
Malwarebytes
JANUARY 31, 2024
Italy’s Data Protection Authority (GPDP) has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence (AI) chatbot that can engage in conversations with users, and answer their questions. It does this using natural, human-like language, a trick which is accomplished by training the underlying algorithm with large amounts of data from t
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Affairs
JANUARY 31, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication.
Bleeping Computer
JANUARY 31, 2024
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. [.
Penetration Testing
JANUARY 31, 2024
WordPress, a titan in the world of content management systems, has once again demonstrated its commitment to cybersecurity with the release of version 6.4.3. This emergency security update, a beacon of proactive defense, addresses... The post WordPress Tackles PHP and RCE Flaws in Security Update appeared first on Penetration Testing.
Bleeping Computer
JANUARY 31, 2024
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
WIRED Threat Level
JANUARY 31, 2024
For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.
Bleeping Computer
JANUARY 31, 2024
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. [.
Penetration Testing
JANUARY 31, 2024
In December 2023, Elastic Security Labs uncovered a sophisticated cyber intrusion, dubbed REF0657, targeting a financial services organization in South Asia. This intrusion was notable for its utilization of a variety of open-source tools... The post Decoding REF0657: A Sophisticated Financial Cyber Attack Exposed appeared first on Penetration Testing.
Security Affairs
JANUARY 31, 2024
Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
273 
Let's personalize your content