Tech Republic Security
DECEMBER 20, 2023
The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.
Schneier on Security
DECEMBER 20, 2023
Looks like fun. Details here.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 20, 2023
Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors.
IT Security Guru
DECEMBER 20, 2023
As 2023 draws to a close, it’s time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. In the first part of our predictions round-up experts at My1Login, i-confidential, and OSP Cyber Academy reveal what they believe will be the biggest trends in the year ahead. Mike Newman, CEO of My1Login: Cloud migration will expand the attack surface “In the last year organisations have continued to transform by moving more of
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 20, 2023
Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.
Bleeping Computer
DECEMBER 20, 2023
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 20, 2023
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [.
Security Affairs
DECEMBER 20, 2023
The German police seized the dark web marketplace Kingdom Market as a result of an international law enforcement operation. The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in the seizure of the dark web marketplace Kingdom Market.
Security Boulevard
DECEMBER 20, 2023
Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale. The post Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored appeared first on Security Boulevard.
eSecurity Planet
DECEMBER 20, 2023
Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud. That makes ASM’s ambitions much greater than legacy vulnerability management tools.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 20, 2023
An international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets. Interpol this week announced that an international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets.
Graham Cluley
DECEMBER 20, 2023
The FBI has disrupted the operations of the ALPHV ransomware group, and seized decryption keys that could help 500 victims unscramble their files without having to pay a ransom. Read more in my article on the Hot for Security blog.
Penetration Testing
DECEMBER 20, 2023
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using... The post PoolParty: A set of fully-undetectable process injection techniques appeared first on Penetration Testing.
The Hacker News
DECEMBER 20, 2023
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
DECEMBER 20, 2023
The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs. [.
The Hacker News
DECEMBER 20, 2023
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns.
Bleeping Computer
DECEMBER 20, 2023
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. [.
Graham Cluley
DECEMBER 20, 2023
Piers Morgan is less than happy after a judgement that there is "no doubt" he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
DECEMBER 20, 2023
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [.
Veracode Security
DECEMBER 20, 2023
In the fast-paced world of software development, too often security takes a backseat to meeting strict deadlines and delivering new features. Discovering software has accrued substantial security debt that will take months to fix can rip up the schedules of even the best development teams. An AI-powered tool that assists developers in remediating flaws becomes an invaluable asset in this context.
Bleeping Computer
DECEMBER 20, 2023
Microsoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates. [.
The Hacker News
DECEMBER 20, 2023
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
DECEMBER 20, 2023
​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. [.
Penetration Testing
DECEMBER 20, 2023
In an era where mobile banking has become the norm, a new threat looms large, especially in India’s banking sector – Android phishing. Neil Tyagi and Fernando Ruiz from McAfee Labs have uncovered a... The post One Click, Bankrupt: Android Trojan Steals Through WhatsApp appeared first on Penetration Testing.
Identity IQ
DECEMBER 20, 2023
2023: A Year of Record-Breaking Data Breaches IdentityIQ This past year has been an eye-opening year in the realm of digital security. Data breaches reached an all-time high, leaving a trail of identity theft cases. From corporate giants to public hospitals, cybercriminal activity has continued to snowball across several industries. This has left victims scrambling to understand the extent of the damage and how to help protect themselves against the evolving threat of identity theft.
The Hacker News
DECEMBER 20, 2023
A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Thales Cloud Protection & Licensing
DECEMBER 20, 2023
2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business madhav Thu, 12/21/2023 - 05:15 People always want to comprehend what the future brings. Ancient Greeks, for example, were famous for consulting with Oracle before making a crucial decision. The same is true for today’s business leaders. In an era where technology evolves at a blistering pace, business leaders must stay ahead of the curve. 2024 promises to be a pivotal year, bringing transformative advancements and new cha
Security Boulevard
DECEMBER 20, 2023
Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches. The post SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 20, 2023
Cryptocurrency scammers are abusing a legitimate X "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [.
SecureBlitz
DECEMBER 20, 2023
In this post, I will be exploring security considerations for Fax APIs. As the digital transformation era continues to shape various aspects of the corporate landscape, businesses need to keep abreast with existing technological advancements. One such innovation involves leveraging Fax Application Programming Interfaces (APIs) to streamline and fortify business communication systems.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
179 
Let's personalize your content