Troy Hunt
MAY 21, 2024
We often do that in this industry, the whole "1.0" thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an "employee" Over time, it grew (and I tell you what, nobody is more surprised by that than me!) and over the last few years, my wife Charlotte got more and more involved.
The Last Watchdog
MAY 21, 2024
There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter comes from messaging security vendor IRONSCALES. I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce an
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 21, 2024
From Slashdot : Apple and Google have launched a new industry standard called “ Detecting Unwanted Location Trackers ” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.
The Last Watchdog
MAY 21, 2024
New York, NY, May 21, 2024, CyberNewsWire — Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions to counter digital impersonation fraud, and that most only learn about attacks from their customers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Anton on Security
MAY 21, 2024
This is not a blog about the recent upheaval in the magical realm of SIEM. We have a perfectly good podcast / video about it (complete with hi-la-ri-ous XDR jokes, both human and AI created). This is about something that bothered me for a long time (since my Gartner days ) and I finally figured out how to solve this complicated problem. Of course, the answer is … A TWITTER POLL!
Penetration Testing
MAY 21, 2024
Veeam Software, a leading provider of backup and recovery solutions, has issued urgent security advisories regarding multiple critical vulnerabilities in its Veeam Backup Enterprise Manager (Enterprise Manager) component. These vulnerabilities could allow unauthorized access,... The post CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MAY 21, 2024
Atlassian, a leading provider of collaboration and productivity software, has urgently addressed a remote code execution (RCE) vulnerability in its Confluence Data Center and Server products. Tracked as CVE-2024-21683, this flaw could allow authenticated... The post CVE-2024-21683: Atlassian Patches RCE Flaw in Confluence Data Center and Server appeared first on Penetration Testing.
Bleeping Computer
MAY 21, 2024
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. [.
The Hacker News
MAY 21, 2024
Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system.
Security Boulevard
MAY 21, 2024
Reverse-engineering tools, rising jailbreaking activities, and the surging use of AI and ML to enhance malware development were among the worrying trends in a recent report. AI and ML are making life easier for developers. They’re also making life easier for threat actors. The post Hackers Leverage AI as Application Security Threats Mount appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
MAY 21, 2024
Trying to figure out how to install a VPN on your router? Read our step-by-step guide to help you get started.
Security Boulevard
MAY 21, 2024
There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising … (more…) The post RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes first appeared on The Last Watchdog.
The Hacker News
MAY 21, 2024
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.
Security Boulevard
MAY 21, 2024
Malicious actors are using AI to perpetrate phishing scams centered around website impersonation, a threat few businesses are prepared to combat. The post Digital Impersonation Fraud: a Growing Challenge for Brands appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
MAY 21, 2024
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the company said in a statement.
Security Affairs
MAY 21, 2024
Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor’s NAS products. An audit of QNAP QTS conducted by WatchTowr Labs revealed fifteen vulnerabilities, most of which have yet to be addressed. The most severe vulnerability is a flaw tracked as CVE-2024-27130. The issue is an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi,’ an unauthenticated attacker can exploit this issue
The Hacker News
MAY 21, 2024
A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads.
WIRED Threat Level
MAY 21, 2024
A WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery events.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
MAY 21, 2024
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.
Security Boulevard
MAY 21, 2024
During RSAC 2024, Synack and Nasdaq hosted a lineup of cyber leaders who shared their varied paths to the industry, building teams, and managing bad days. The post Many Stumble Into Cybersecurity, But Leadership is By Design appeared first on Security Boulevard.
The Hacker News
MAY 21, 2024
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.
Security Affairs
MAY 21, 2024
CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-43208 , is a Deserialization of Untrusted Data Vulnerability.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
The Hacker News
MAY 21, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Bleeping Computer
MAY 21, 2024
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. [.
The Hacker News
MAY 21, 2024
A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.
Digital Shadows
MAY 21, 2024
Explore how fileless malware and LotL techniques dominated 2023's cyber threats, and discover ReliaQuest's mitigation strategies for 2024.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
MAY 21, 2024
The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show.
SecureWorld News
MAY 21, 2024
On May 19, 2024, Minnesota officially joined the ranks of states enacting robust data privacy protections for consumers. The Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) was approved by the state legislature and is headed to the governor's desk for expected signature into law. The landmark legislation grants Minnesota residents a sweeping set of rights regarding how companies collect and use their personal data.
The Hacker News
MAY 21, 2024
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience.
GlobalSign
MAY 21, 2024
Remote Hiring has become a normality of many businesses, but it poses some unique security risks, find out what they are and how to combat them.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
303 
Let's personalize your content