GCHQ Christmas Codebreaking Challenge
Schneier on Security
DECEMBER 20, 2023
Looks like fun. Details here.
Schneier on Security
DECEMBER 20, 2023
Looks like fun. Details here.
Tech Republic Security
DECEMBER 20, 2023
The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
IT Security Guru
DECEMBER 20, 2023
As 2023 draws to a close, it’s time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. In the first part of our predictions round-up experts at My1Login, i-confidential, and OSP Cyber Academy reveal what they believe will be the biggest trends in the year ahead. Mike Newman, CEO of My1Login: Cloud migration will expand the attack surface “In the last year organisations have continued to transform by moving more of
Tech Republic Security
DECEMBER 20, 2023
Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
DECEMBER 20, 2023
Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.
Bleeping Computer
DECEMBER 20, 2023
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 20, 2023
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [.
Security Affairs
DECEMBER 20, 2023
The German police seized the dark web marketplace Kingdom Market as a result of an international law enforcement operation. The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in the seizure of the dark web marketplace Kingdom Market.
Security Boulevard
DECEMBER 20, 2023
Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale. The post Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored appeared first on Security Boulevard.
Security Affairs
DECEMBER 20, 2023
An international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets. Interpol this week announced that an international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
We Live Security
DECEMBER 20, 2023
You may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google Play
Penetration Testing
DECEMBER 20, 2023
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using... The post PoolParty: A set of fully-undetectable process injection techniques appeared first on Penetration Testing.
The Hacker News
DECEMBER 20, 2023
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution.
Bleeping Computer
DECEMBER 20, 2023
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Graham Cluley
DECEMBER 20, 2023
The FBI has disrupted the operations of the ALPHV ransomware group, and seized decryption keys that could help 500 victims unscramble their files without having to pay a ransom. Read more in my article on the Hot for Security blog.
Bleeping Computer
DECEMBER 20, 2023
Microsoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates. [.
The Hacker News
DECEMBER 20, 2023
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns.
Penetration Testing
DECEMBER 20, 2023
In an era where mobile banking has become the norm, a new threat looms large, especially in India’s banking sector – Android phishing. Neil Tyagi and Fernando Ruiz from McAfee Labs have uncovered a... The post One Click, Bankrupt: Android Trojan Steals Through WhatsApp appeared first on Penetration Testing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
eSecurity Planet
DECEMBER 20, 2023
Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud. That makes ASM’s ambitions much greater than legacy vulnerability management tools.
Bleeping Computer
DECEMBER 20, 2023
The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs. [.
The Hacker News
DECEMBER 20, 2023
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.
Bleeping Computer
DECEMBER 20, 2023
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. [.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Veracode Security
DECEMBER 20, 2023
In the fast-paced world of software development, too often security takes a backseat to meeting strict deadlines and delivering new features. Discovering software has accrued substantial security debt that will take months to fix can rip up the schedules of even the best development teams. An AI-powered tool that assists developers in remediating flaws becomes an invaluable asset in this context.
Bleeping Computer
DECEMBER 20, 2023
Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. [.
The Hacker News
DECEMBER 20, 2023
A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server.
Penetration Testing
DECEMBER 20, 2023
In the ever-evolving landscape of cyber threats, a new malevolent force emerged in 2022, known as MetaStealer. This potent malware, built on the foundational code of RedLine, quickly became a coveted tool in the... The post MetaStealer Malware Spreads via Crack Software, Targets Google Ad Clicks appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Graham Cluley
DECEMBER 20, 2023
Piers Morgan is less than happy after a judgement that there is "no doubt" he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Penetration Testing
DECEMBER 20, 2023
Proof-of-concept (PoC) exploit code has been published for a Windows vulnerability tracked as CVE-2023-36424. This high-severity Windows vulnerability, scoring 7.8, opens a gateway for attackers to elevate privileges from Medium to High Integrity Level.... The post Windows Common Log File System Driver EoP Flaw Gets PoC Exploit appeared first on Penetration Testing.
Identity IQ
DECEMBER 20, 2023
2023: A Year of Record-Breaking Data Breaches IdentityIQ This past year has been an eye-opening year in the realm of digital security. Data breaches reached an all-time high, leaving a trail of identity theft cases. From corporate giants to public hospitals, cybercriminal activity has continued to snowball across several industries. This has left victims scrambling to understand the extent of the damage and how to help protect themselves against the evolving threat of identity theft.
Penetration Testing
DECEMBER 20, 2023
In the world of WordPress themes, Porto has carved out a reputable niche for itself, known for its multipurpose functionality and WooCommerce integration. With over 95,000 active installations, it’s a go-to choice for businesses... The post 95,000 Users at Risk: SQL Injection Lurks in Porto Theme Plugin appeared first on Penetration Testing.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Let's personalize your content