Schneier on Security
JANUARY 23, 2024
Really interesting research: “ Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
Tech Republic Security
JANUARY 23, 2024
The Midnight Blizzard gang appears to have been looking for information about itself. See how organizations can protect their accounts from password spray attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
JANUARY 23, 2024
Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches” However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources.
Tech Republic Security
JANUARY 23, 2024
Australian organisations are so focused on preventing data breaches that they’re unaware that the concern of most of their customers has more to do with privacy.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JANUARY 23, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory warning of the escalating threat posed by Androxgh0st malware. Threat actors are using this Python-scripted malware to build a botnet focused on cloud credential theft, with the stolen information being leveraged to deliver additional malicious payloads.
Tech Republic Security
JANUARY 23, 2024
This policy from TechRepublic Premium provides guidelines for the reporting of information security incidents by company employees. The goal is to facilitate the security response and remediation process to ensure the least amount of potential damage to systems, networks, customers and business reputation. From the policy: STEPS TO TAKE IF YOU SUSPECT AN INFORMATION SECURITY.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 23, 2024
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. [.
Security Affairs
JANUARY 23, 2024
The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. Southern Water is a private utility company responsible for collecting and treating wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent, and for providing public water supply to approximately half of this area.
Malwarebytes
JANUARY 23, 2024
In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard (also known as APT29 or Cozy Bear), gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting it to a password spray attack, a type of brute force attack where the attacker tries a large amount of logins until they succeed.
Security Affairs
JANUARY 23, 2024
Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 million individuals. LoanDepot is a financial services company that primarily operates as a mortgage lender. It is one of the largest nonbank lenders in the United States. The company provides a range of mortgage and non-mortgage loan products and services. LoanDepot disclosed this week a data breach that impacted roughly 16.6 million individuals.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
JANUARY 23, 2024
Lacework and Securiti are partnering to integrate their respective DSPM and CNAPP platforms. The post Lacework and Securiti Ally to Better Secure Data appeared first on Security Boulevard.
Security Affairs
JANUARY 23, 2024
Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product. Fortra warns customers of a new authentication bypass vulnerability tracked as CVE-2024-0204 (CVSS score 9.8), impacting the GoAnywhere MFT (Managed File Transfer) product. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and compliance management.
Bleeping Computer
JANUARY 23, 2024
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. [.
Security Boulevard
JANUARY 23, 2024
After some stops and starts, U.S. federal agencies have issued guidance to help water and wastewater system operators better respond to cyberattacks, an important step as threat actors are increasingly targeting the sector. The document was put together by the Environmental Protection Agency (EPA), FBI, and Cybersecurity and Infrastructure Security Agency (CISA) and touches on.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
JANUARY 23, 2024
While artificial intelligence discourse and chatbots dominated 2023, the cybersecurity space still pulled our attention now and then with cyberattacks, reminding us that technology advancements without cybersecurity can be counterintuitive, an approach akin to setting the cart before the horse. With this in mind, TechRepublic Premium spoke with a wide range of experts to find.
Security Affairs
JANUARY 23, 2024
The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “This morning I can announce that Australia has use
Bleeping Computer
JANUARY 23, 2024
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. [.
Digital Guardian
JANUARY 23, 2024
Hiring a SOC analyst? Asking the right questions is key to identifying the best employee as well as helping determine what skills can best complement your organization.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JANUARY 23, 2024
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. [.
We Live Security
JANUARY 23, 2024
As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection
Bleeping Computer
JANUARY 23, 2024
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. [.
SecureWorld News
JANUARY 23, 2024
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told MSNBC's Andrea Mitchell in a January 19th segment that " the American people should have confidence in the election process" in 2024 and beyond, despite concerns over AI capabilities. In a LinkedIn post the day after her interview with Mitchell, Easterly said: "Enjoyed talking with Andrea Mitchell on MSNBC yesterday about the intersection of elections and AI, and importantly, why the American people
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
JANUARY 23, 2024
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. [.
Penetration Testing
JANUARY 23, 2024
As the digital landscape evolves, so too does the sophistication of threats that lurk within it. The Kasseika ransomware, identified amidst a surge in bring-your-own-vulnerable-driver (BYOVD) attacks in 2023, emerges as a formidable adversary.... The post Unpacking Kasseika: The Latest Ransomware to Exploit BYOVD Tactics appeared first on Penetration Testing.
WIRED Threat Level
JANUARY 23, 2024
The company says it wants to protect you from “viruses.” Experts are skeptical.
Security Boulevard
JANUARY 23, 2024
AKA APT29: Midnight Blizzard / Cozy Bear makes it look easy (and makes Microsoft look insecure). The post Russia Hacked Microsoft Execs — SolarWinds Hackers at it Again appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Bleeping Computer
JANUARY 23, 2024
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. [.
Duo's Security Blog
JANUARY 23, 2024
Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. These incidents have caused service disruptions, decreases in operating margins, lost confidence in brand names and fluctuating stock prices. Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues.
The Hacker News
JANUARY 23, 2024
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.
Penetration Testing
JANUARY 23, 2024
Researchers from ReversingLabs have recently illuminated the dark corners of npm, revealing two malicious packages that exploit GitHub’s infrastructure to orchestrate their clandestine operations. Named `warbeast2000` and `kodiak2k`, these packages represent a grave threat... The post ReversingLabs Exposes Malicious npm Packages Storing Stolen SSH Keys on GitHub appeared first on Penetration Testing.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
279 
Let's personalize your content