Schneier on Security
DECEMBER 4, 2023
I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew.
Tech Republic Security
DECEMBER 4, 2023
The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Kali Linux
DECEMBER 4, 2023
With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.
Tech Republic Security
DECEMBER 4, 2023
An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Graham Cluley
DECEMBER 4, 2023
Ransomware hits firm that providing cloud services to credit unions in order ensure that their business activities could "operate without interruption, even when nothing else seems to be going well." Read more in my article on the Tripwire State of Security blog.
Bleeping Computer
DECEMBER 4, 2023
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
DECEMBER 4, 2023
A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.
Bleeping Computer
DECEMBER 4, 2023
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [.
Malwarebytes
DECEMBER 4, 2023
In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission (SEC) has provided some more insight into the data theft. The filed amendment supplements the original Form 8-K submitted by 23andMe.
Security Affairs
DECEMBER 4, 2023
The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
DECEMBER 4, 2023
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [.
Security Affairs
DECEMBER 4, 2023
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other malware for initial access after the takedown of the Qakbot infrastructure.
Security Boulevard
DECEMBER 4, 2023
Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering user confidence and trust. One of the vital security measures taken in this direction is the use of code signing certificates to prove […] The post Beware of Expired or Compromised Code Signing Certificates appeared first on Security Boulevard.
Malwarebytes
DECEMBER 4, 2023
Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited. Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 4, 2023
Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.
Security Boulevard
DECEMBER 4, 2023
The expanding IoT landscape demands a collaborative approach to PKI, ensuring seamless security across diverse domains. The post Building a Collaborative Approach to Secure the Connected World appeared first on Security Boulevard.
NSTIC
DECEMBER 4, 2023
5G will eventually impact every single industry—from healthcare to financial to even agriculture and transportation.and its impact is only increasing over time. Despite its benefits, it comes with privacy and security risks. An increasing number of interconnected devices increases the attack surface. In addition, there are also increased supply chain vulnerabilities and network visibility issues (companies may have issues identifying attacks since there may be a lot of new web traffic from mobil
Digital Guardian
DECEMBER 4, 2023
In cybersecurity, privilege refers to the authority that certain accounts have; what they can and can't perform. When it comes to privileged accounts, there's a handful of different types, and with them, no shortage of challenges for managing and securing them.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
DECEMBER 4, 2023
Apache OFBiz is a popular open-source enterprise resource planning (ERP) software that provides a comprehensive suite of business applications for various industries. Recently, a critical vulnerability, designated as CVE-2023-49070, has been discovered in Apache... The post CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz appeared first on Penetration Testing.
Veracode Security
DECEMBER 4, 2023
Stepping in 2024, the dynamics of open source vulnerability management are shifting. Rapid changes to software development demand a more nuanced approach to open source security from practitioners. From redefining risk to the cautious integration of auto-remediation, here are the pivotal recommendations for successful open source vulnerability management in 2024 and beyond. 1.
SecureList
DECEMBER 4, 2023
All statistics in this report come from the Kaspersky Security Network (KSN) global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity.
Penetration Testing
DECEMBER 4, 2023
MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on... The post metahub: open-source security tool for context-based security vulnerability management appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
SecureWorld News
DECEMBER 4, 2023
Fidelity National Financial (FNF), one of the largest title insurance providers in the United States, announced on November 21 that it fell victim to a sophisticated cyberattack. The incident caused widespread disruptions to FNF's operations, affecting title insurance, escrow, and other title-related services, as well as mortgage transactions and technology for the real estate and mortgage industries.
WIRED Threat Level
DECEMBER 4, 2023
Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.
Security Boulevard
DECEMBER 4, 2023
The significance of cloud computing in today’s world is unmistakable. Companies not using cloud technology are becoming rarer compared to those that do. A. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on OpsCanvas. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 4, 2023
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
DECEMBER 4, 2023
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers.
Bleeping Computer
DECEMBER 4, 2023
Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. [.
The Hacker News
DECEMBER 4, 2023
New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.
Bleeping Computer
DECEMBER 4, 2023
Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
361 
Let's personalize your content