Wed.Feb 14, 2024

article thumbnail

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Internet 349
article thumbnail

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Schneier on Security

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a lot about the security of these systems, and this paper is an example of that learning.

272
272
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google’s Threat Analysis Group’s Spyware Research: How CSVs Target Devices and Applications

Tech Republic Security

In a new report from Google's Threat Analysis Group, the researchers detail how commercial surveillance vendors particularly use spyware and target Google and Apple devices.

Spyware 180
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024.

256
256
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Protect Your Private Data With an iProVPN Lifetime Subscription for Under $30

Tech Republic Security

Maintaining security is important in business, and iProVPN uses AES 256-bit encryption to keep your data secure — even on public Wi-Fi networks.

article thumbnail

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

The Hacker News

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.

139
139

More Trending

article thumbnail

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Security Affairs

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.

Software 139
article thumbnail

LogMeOnce Review (2024): Is It a Safe & Reliable Password Manager?

Tech Republic Security

While LogMeOnce comes with a lot of the features we want in a password manager, it’s held back by an unpolished user interface and a half-baked mobile application.

article thumbnail

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Security Affairs

Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.

Software 140
article thumbnail

ALERT: Thieves??Wi-Fi Camera Jammers

Security Boulevard

I❤️POE: Does your home security need a rethink? Wireless cameras are kinda useless, say cops. The post ALERT: Thieves❤️Wi-Fi Camera Jammers appeared first on Security Boulevard.

Wireless 132
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Use LogMeOnce Step-by-Step Guide

Tech Republic Security

LogMeOnce has useful features that may be hard to navigate for some. Learn how to get the most out of LogMeOnce in this step-by-step guide.

article thumbnail

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

Security Affairs

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days. The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

article thumbnail

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

The Hacker News

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system.

article thumbnail

Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

Security Affairs

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’

Hacking 143
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

DuckDuckGo browser gets end-to-end encrypted sync feature

Bleeping Computer

The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [.

article thumbnail

Nation-state actors are using AI services and LLMs for cyberattacks

Security Affairs

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication.

article thumbnail

55% of Generative AI Inputs Include Sensitive Data: Menlo Security

Security Boulevard

The rapid growth in the number of generative AI tools and platforms and their expanding adoption by organizations are giving legs to long-held concerns about security and privacy threats from the technology. A report released today by Menlo Security gives legs to those concerns. The cybersecurity firm found that despite repeated warnings from their organizations, The post 55% of Generative AI Inputs Include Sensitive Data: Menlo Security appeared first on Security Boulevard.

article thumbnail

News alert: DigiCert taps tenured tech execs Jugnu Bhatia as its new CFO, Dave Packer as CRO

The Last Watchdog

Lehi, Utah – Feb. 14, 2024 – DigiCert, a leading global provider of digital trust, today announced new additions to its executive leadership team with the appointments of Jugnu Bhatia as Chief Financial Officer (CFO) and Dave Packer as Chief Revenue Officer (CRO). “DigiCert just closed its largest quarterly bookings in the company history, and I am thrilled to have such exceptional leaders joining our executive team at an important stage in our growth,” said Amit Sinha, CEO of DigiCert.

Marketing 100
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Is Love Better than Passion in Business & Cybersecurity?

Jane Frankland

Every Valentine’s Day, we’re inundated with imagery of passion. In the business world, too, passion is often heralded as a key ingredient for success. But I dare to offer a different perspective, one rooted in the virtues of love. You see, I believe in love. It’s always the answer to a problem. The antidote to fear. The source of inspiration.

article thumbnail

Incident Response Policy

Tech Republic Security

This policy from TechRepublic Premium provides information on defining an incident, assigning an incident response team, documenting a plan and conducting a response. It can be customized to meet the needs of your organization. Featured text from the policy: DOCUMENT AN INCIDENT RESPONSE PLAN Draw up a plan for incident response and start by including.

111
111
article thumbnail

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyberattacks

The Hacker News

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations.

article thumbnail

3 Ways Insider Threats Put Your Company at Risk in 2024

Security Boulevard

Employees are often heralded as a company's most valuable asset, but these insiders can also be an organization's biggest risk. The post 3 Ways Insider Threats Put Your Company at Risk in 2024 appeared first on Security Boulevard.

Risk 122
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

‘AI Girlfriends’ Are a Privacy Nightmare

WIRED Threat Level

Romantic chatbots collect huge amounts of data, provide vague information about how they use it, use weak password protections, and aren’t transparent, new research from Mozilla says.

Passwords 121
article thumbnail

Valentine’s Day Scams Woo the Lonely-Hearted

Security Boulevard

A quarter of Valentine’s Day-themed spam emails intercepted by Bitdefender's filters were identified as scams aimed at defrauding recipients. The post Valentine’s Day Scams Woo the Lonely-Hearted appeared first on Security Boulevard.

Scams 118
article thumbnail

Automation and Encryption: A Perfect Match

GlobalSign

In this blog, we review why automation and encryption are important in improving time efficiency and mitigating risks in digital certificate management workflows.

article thumbnail

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The Hacker News

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs.

Malware 119
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Microsoft: New critical Exchange bug exploited as zero-day

Bleeping Computer

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [.

115
115
article thumbnail

The art of digital sleuthing: How digital forensics unlocks the truth

We Live Security

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

120
120
article thumbnail

Ubuntu 'command-not-found' tool can be abused to spread malware

Bleeping Computer

A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [.

Malware 114
article thumbnail

See me speak at webinar about data security for financial services

Graham Cluley

Join me and Metomic CEO Richard Vibert for a discussion about some of the cybersecurity challenges faced by the financial services industry, and how you can best protect your organisations. Sign up now for the free event on February 29 2024.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.