Schneier on Security

FEBRUARY 13, 2024

Molly White—of “ Web3 is Going Just Great ” fame— reviews Chris Dixon’s blockchain solutions book: Read Write Own : In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider” He describes one project that &

Internet 286

Internet Internet 286

Krebs on Security

FEBRUARY 13, 2024

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits.

Engineering 248

Engineering Internet Internet Software 248

Schneier on Security

FEBRUARY 13, 2024

The paperback version of A Hacker’s Mind has just been published. It’s the same book, only a cheaper format. But—and this is the real reason I am posting this—Amazon has significantly discounted the hardcover to $15 to get rid of its stock. This is much cheaper than I am selling it for, and cheaper even than the paperback. So if you’ve been waiting for a price drop, this is your chance.

204

204

Tech Republic Security

FEBRUARY 13, 2024

The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.

Cybersecurity 217

Cybersecurity 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

FEBRUARY 13, 2024

Zoom, the popular video conferencing platform, has addressed several critical security vulnerabilities affecting its Windows, iOS, and Android clients. A total of 7 security flaws were fixed. IT teams and individual users should patch... The post CVE-2024-24691 (CVSS 9.6): Critical Zoom Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Tech Republic Security

FEBRUARY 13, 2024

The mixed public and private consortium will focus on safety, standards and skills-building for AI generally and generative AI in particular.

Digital transformation 159

Digital transformation Artificial Intelligence 159

The Hacker News

FEBRUARY 13, 2024

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity.

Software 142

Software 142

Digital Shadows

FEBRUARY 13, 2024

ReliaQuest has detected a variant of the SocGholish malware that uses Python instead of PowerShell for persistence, signaling an evolution in the TTPs of threat actors utilizing this malware.

Malware 138

Malware 138

Bleeping Computer

FEBRUARY 13, 2024

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. [.

Hacking 136

Hacking Mobile 136

Security Boulevard

FEBRUARY 13, 2024

Forget AI. The most immediate and threatening cybersecurity challenge is visibility into an organization’s encrypted cloud traffic. The post You Can’t Stop What You Can’t See: Addressing Encrypted Cloud Traffic appeared first on Security Boulevard.

Encryption 128

Encryption Cybersecurity Malware Network Security 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. Hipocrate Information System (HIS) is a software suite designed to manage the medical and administrative activities of hospitals and other healthcare institutions.

Ransomware 139

Ransomware Backups Encryption Healthcare 139

Security Boulevard

FEBRUARY 13, 2024

The 2023 ransomware attack report summarizes the major changes we saw in ransomware trends and tactics by geography, sector and variant. The post 2023 Ransomware Attack Report appeared first on Security Boulevard.

Ransomware 126

Ransomware 126

The Last Watchdog

FEBRUARY 13, 2024

San Mateo, Calif., Feb. 13, 2023 – The U.S. White House announced groundbreaking collaboration between OpenPolicy and leading innovation companies, including Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Artificial Intelligence Safety Institute Consortium (AISIC) will act as a collaborative platform where both public sector and

Artificial Intelligence 100

Artificial Intelligence Government Data privacy Risk 100

Security Boulevard

FEBRUARY 13, 2024

Hackers are increasingly deploying “ultra-evasive, highly aggressive” malware with the ability to find and shut down enterprise security tools in compromised systems, allowing the bad actor to go undetected longer, according to researchers with Picus Security. In its Picus Red Report 2024, the security validation firm said there was a 333% year-over-year increase in such.

Malware 124

Malware Ransomware Cybersecurity Network Security 124

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

FEBRUARY 13, 2024

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.

Malware 126

Malware Marketing Internet Internet 126

Bleeping Computer

FEBRUARY 13, 2024

Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [.

123

123

Tech Republic Security

FEBRUARY 13, 2024

RoboForm is a great solution for users who want a no-nonsense password manager with strong security and a straightforward user interface.

Password Management 129

Password Management Passwords 129

Security Affairs

FEBRUARY 13, 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). The bank has sent notification letters to 57,000 customers, informing them that their personal information has been compromised Infosys disclosed the security breach on November 3, 2023, in a filing with SEC the compa

Data breaches 138

Data breaches Banking Identity Theft Ransomware 138

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [.

Software 118

Software 118

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. A comprehensive report delving into the intricate landscape of ransomware threats during the last four months of 2023 is out, with a meticulous focus on the monitoring activities conducted by the OSINT Ransomfeed platform ( www.ransomfeed.it ).

Ransomware 133

Ransomware Data collection Hacking Technology 133

The Hacker News

FEBRUARY 13, 2024

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware.

Firmware 117

Firmware Malware 117

Security Boulevard

FEBRUARY 13, 2024

FCC FAIL: While Rome burns, Federal Communications Commission is once again behind the curve. The post ‘Incompetent’ FCC Fiddles With Data Breach Rules appeared first on Security Boulevard.

Data breaches 114

Data breaches Data privacy CISO Security Awareness 114

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). [.

Marketing 112

Marketing 112

Malwarebytes

FEBRUARY 13, 2024

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.

Phishing 112

Phishing Software Scams Banking 112

SecureWorld News

FEBRUARY 13, 2024

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. Technologies that synthesize realistic fake media, known as deepfakes, are among the newest tools being deployed to enable fraud. A finance clerk working at a Hong Kong branch of a large multinational corporation recently fell victim to an elaborate scam utilizing deepfake technology to impersonate senior executives and swindle more than $

Scams 111

Scams Artificial Intelligence Social Engineering Media 111

eSecurity Planet

FEBRUARY 13, 2024

Packet filtering is a firewall feature that allows or drops data packets based on simple, pre-defined rules regarding IP addresses, ports, or protocols. Once a type of firewall, packet filtering now provides a fundamental feature of nearly all firewalls and some network equipment (routers, smart switches, etc.). The feature involves key principles, as well as pros and cons, and there are four packet filtering types to be aware of, which determine its best use cases.

Firewall 109

Firewall DDOS Cybersecurity Security Defenses 109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

FEBRUARY 13, 2024

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware. The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), enabled cybercriminals to browse victims’ file systems, take screenshots, record keystrokes, steal victims’ usernames and passwords, and watch victims thr

Social Engineering 110

Social Engineering Internet Internet Malware 110

Security Boulevard

FEBRUARY 13, 2024

The post Patch Tuesday Update - February 2024 appeared first on Digital Defense. The post Patch Tuesday Update – February 2024 appeared first on Security Boulevard.

107

107

Penetration Testing

FEBRUARY 13, 2024

A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. This flaw allows attackers to execute commands remotely, potentially taking full control of vulnerable systems. Threat actors are already... The post CVE-2023-50358: A zero-day vulnerability affecting QNAP NAS devices appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

We Live Security

FEBRUARY 13, 2024

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

105

105

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government