Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Internet 351

Internet Internet Wireless Government 351

Schneier on Security

FEBRUARY 14, 2024

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a lot about the security of these systems, and this paper is an example of that learning.

293

293

Tech Republic Security

FEBRUARY 14, 2024

In a new report from Google's Threat Analysis Group, the researchers detail how commercial surveillance vendors particularly use spyware and target Google and Apple devices.

Spyware 194

Spyware Surveillance Mobile Cybersecurity 194

Schneier on Security

FEBRUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024.

277

277

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

FEBRUARY 14, 2024

Maintaining security is important in business, and iProVPN uses AES 256-bit encryption to keep your data secure — even on public Wi-Fi networks.

Encryption 183

Encryption VPN 183

The Hacker News

FEBRUARY 14, 2024

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.

145

145

Security Affairs

FEBRUARY 14, 2024

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’

Hacking 144

Hacking Cybersecurity Information Security 144

Tech Republic Security

FEBRUARY 14, 2024

While LogMeOnce comes with a lot of the features we want in a password manager, it’s held back by an unpolished user interface and a half-baked mobile application.

Password Management 158

Password Management Passwords Mobile 158

WIRED Threat Level

FEBRUARY 14, 2024

Romantic chatbots collect huge amounts of data, provide vague information about how they use it, use weak password protections, and aren’t transparent, new research from Mozilla says.

Passwords 144

Passwords 144

Tech Republic Security

FEBRUARY 14, 2024

A passkey is a security measure used to grant access to a protected system. This guide explains how it works, and provides more information on its uses and benefits.

Password Management 158

Password Management Passwords 158

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

FEBRUARY 14, 2024

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system.

Cybersecurity 144

Cybersecurity 144

Security Affairs

FEBRUARY 14, 2024

Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.

Software 143

Software Authentication Ransomware 143

The Hacker News

FEBRUARY 14, 2024

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations.

Artificial Intelligence 142

Artificial Intelligence Cyber Attacks 142

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.

Software 142

Software Authentication Mobile Hacking 142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 14, 2024

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs.

Malware 140

Malware Phishing 140

Security Affairs

FEBRUARY 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days. The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

Information Security 139

Information Security Internet Internet Ransomware 139

The Hacker News

FEBRUARY 14, 2024

The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete.

Banking 136

Banking Cybersecurity Financial Services Technology 136

Security Affairs

FEBRUARY 14, 2024

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication.

Social Engineering 139

Social Engineering Artificial Intelligence Phishing Engineering 139

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

FEBRUARY 14, 2024

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency’s catalog of Known Exploited Vulnerabilities , based on evidence of active exploitation.

Internet 134

Internet Internet Cybersecurity Technology 134

Security Boulevard

FEBRUARY 14, 2024

I❤️POE: Does your home security need a rethink? Wireless cameras are kinda useless, say cops. The post ALERT: Thieves❤️Wi-Fi Camera Jammers appeared first on Security Boulevard.

Wireless 132

Wireless Social Engineering Internet Internet 132

We Live Security

FEBRUARY 14, 2024

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

130

130

Bleeping Computer

FEBRUARY 14, 2024

The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [.

Encryption 130

Encryption Backups Passwords Software 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

FEBRUARY 14, 2024

This policy from TechRepublic Premium provides information on defining an incident, assigning an incident response team, documenting a plan and conducting a response. It can be customized to meet the needs of your organization. Featured text from the policy: DOCUMENT AN INCIDENT RESPONSE PLAN Draw up a plan for incident response and start by including.

126

126

Security Boulevard

FEBRUARY 14, 2024

The rapid growth in the number of generative AI tools and platforms and their expanding adoption by organizations are giving legs to long-held concerns about security and privacy threats from the technology. A report released today by Menlo Security gives legs to those concerns. The cybersecurity firm found that despite repeated warnings from their organizations, The post 55% of Generative AI Inputs Include Sensitive Data: Menlo Security appeared first on Security Boulevard.

Technology 125

Technology Cybersecurity Data privacy Phishing 125

GlobalSign

FEBRUARY 14, 2024

In this blog, we review why automation and encryption are important in improving time efficiency and mitigating risks in digital certificate management workflows.

Encryption 122

Encryption Risk 122

Security Boulevard

FEBRUARY 14, 2024

Employees are often heralded as a company's most valuable asset, but these insiders can also be an organization's biggest risk. The post 3 Ways Insider Threats Put Your Company at Risk in 2024 appeared first on Security Boulevard.

Risk 122

Risk Data breaches Security Awareness Government 122

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

WIRED Threat Level

FEBRUARY 14, 2024

Prominent advocates for the rights of pregnant people are urging members of Congress to support legislation that would ban warrantless access to sensitive data as the White House fights against it.

Surveillance 121

Surveillance 121

Bleeping Computer

FEBRUARY 14, 2024

Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). [.

121

121

Malwarebytes

FEBRUARY 14, 2024

About a month ago, The PC Security Channel (TPSC) ran a test to check out the detection capabilities of Malwarebytes. They tested Malwarebytes by executing a repository of 2015 “malicious” files to see how many Malwarebytes would detect. This YouTube video shows how a script executes the files and Malwarebytes blocks and immediately quarantines the majority of them.

Malware 121

Malware Risk Cybersecurity 121

Security Boulevard

FEBRUARY 14, 2024

A quarter of Valentine’s Day-themed spam emails intercepted by Bitdefender's filters were identified as scams aimed at defrauding recipients. The post Valentine’s Day Scams Woo the Lonely-Hearted appeared first on Security Boulevard.

Scams 118

Scams Phishing Mobile Risk 118

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity