Schneier on Security
DECEMBER 12, 2023
Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.
The Last Watchdog
DECEMBER 12, 2023
A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Related: Adopting an assume-breach mindset With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on two questions that all company leaders should have top of mind: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 12, 2023
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete c
Tech Republic Security
DECEMBER 12, 2023
Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
DECEMBER 12, 2023
As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.
Tech Republic Security
DECEMBER 12, 2023
Mozilla VPN’s fast performance may not be enough to make up for its small server network and lack of features. Learn more about it in our full review below.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 12, 2023
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over 197K app users and nearly 23K drivers were exposed.
Bleeping Computer
DECEMBER 12, 2023
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. [.
Security Boulevard
DECEMBER 12, 2023
Snyk's ASPM platform promises to bridge the divide between cybersecurity teams and application developers. The post Snyk Launches ASPM Platform to Secure Software Supply Chains appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 12, 2023
Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
DECEMBER 12, 2023
As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.
The Last Watchdog
DECEMBER 12, 2023
Stockhom, Sweden & Boston, Mass., Dec. 12, 2023 – Detectify , the External Attack Surface Management platform powered by elite ethical hackers, has today released its “ State of EASM 2023 ” report. The research incorporates insights from Detectify’s customer base and provides a snapshot of the threat landscape faced by core industries and regions that Detectify serves.
Security Affairs
DECEMBER 12, 2023
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code execution.
Security Boulevard
DECEMBER 12, 2023
By following some of the top CISOs in the USA, you can gain valuable insights into developing a robust cybersecurity strategy. The post Top CISOs in the USA to Follow in 2024 appeared first on Scytale. The post Top CISOs in the USA to Follow in 2024 appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 12, 2023
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar , the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine.
We Live Security
DECEMBER 12, 2023
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds
Bleeping Computer
DECEMBER 12, 2023
Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. [.
Graham Cluley
DECEMBER 12, 2023
A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Read more in my article on the Tripwire State of Security blog.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
DECEMBER 12, 2023
The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency's database and backup copies. [.
Security Affairs
DECEMBER 12, 2023
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.
Security Boulevard
DECEMBER 12, 2023
A new threat has emerged, sending shockwaves through the cybersecurity industry – the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing a serious risk to the booting process. LogoFAIL is not just another cybersecurity buzzword; it represents a tangible threat to the integrity of […] The post LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities appeared first on TuxCare.
Security Affairs
DECEMBER 12, 2023
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). The military intelligence service said that the hack was the result of a successful special operation on the territory of Russia.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
DECEMBER 12, 2023
As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, and those involved cloud-conscious bad actors almost tripled. “As cloud integration continues to increase across business environments, adversaries.
Bleeping Computer
DECEMBER 12, 2023
Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system. [.
Security Boulevard
DECEMBER 12, 2023
Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” that a serious Struts bug […] The post Understanding the Impact of the new Apache Struts File Upload Vulnerability appeared first on Praetorian.
Bleeping Computer
DECEMBER 12, 2023
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
DECEMBER 12, 2023
In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC). Need proof? In the last three years alone, we’ve witnessed a surge of high-profile supply chain attacks including SolarWinds, the Codecov, and the breach of Nissan’s Global Network.
Bleeping Computer
DECEMBER 12, 2023
Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.
Malwarebytes
DECEMBER 12, 2023
Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents. Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said that on May 9, 2023, it discovered an “external system breach.
SecureList
DECEMBER 12, 2023
Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023). But are we really conscious of the true scale of the threat? To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
322 
Let's personalize your content