Schneier on Security
DECEMBER 15, 2023
In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).
Troy Hunt
DECEMBER 15, 2023
I'd say the balloon fetish segment was the highlight of this week's video. No, seriously, it's a moment of levity in an otherwise often serious industry. It's still a bunch of personal info exposed publicly and that suchs regardless of the nature of the site, but let's be honest, the subject matter did make for some humorous comments 🤣 References Sponsored by: Identity theft isn’t cheap.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 15, 2023
Learn about the different types of VPNs and when to use them. Find out which type of VPN suits your needs with this comprehensive guide.
The Hacker News
DECEMBER 15, 2023
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 15, 2023
Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE ( CVE-2023-42325 , CVE-2023-42327 , CVE-2023-42326 ).
Malwarebytes
DECEMBER 15, 2023
Google has announced that it will start rolling its Chrome web browser’s new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies completely in the second half of 2024. Third-party cookies, often referred to as non-essential cookies, can be used to track visitors as they move from one website to another, with the purpose of cr
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 15, 2023
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. [.
Security Affairs
DECEMBER 15, 2023
Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange between peers.
Malwarebytes
DECEMBER 15, 2023
During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. Criminals have found success in acquiring new victims thanks to search ads; we believe there are specialized services that help malware distributors and affiliates to bypass Google’s security measures and helpin
Security Affairs
DECEMBER 15, 2023
The Idaho National Laboratory (INL) announced that it has suffered a data breach impacting more than 45,000 individuals. In November, the hacktivist group SiegedSec claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. SiegedSec is a threat actor that last year carried out multiple attacks against U.S. organizations, especially U.S. municipalities.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
IT Security Guru
DECEMBER 15, 2023
For attackers, Sun Tzu’s “The Art of War” has guidance on war strategy. For starters, “All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” Another is: “In war, the way is to avoid what is strong and to strike at what is weak.
Security Affairs
DECEMBER 15, 2023
Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware. Based on a recent Digital Forensics & Incident Response (DFIR) engagement with a law enforcement agency (LEA) and one of the leading investment organizations in Singapore (and other victims), Resecurity (USA) has uncovered a meaningful link between three major ransomware groups.
Bleeping Computer
DECEMBER 15, 2023
Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [.
Security Boulevard
DECEMBER 15, 2023
A new multiplatform threat that uses the peer-to-peer (P2P) NKN network connectivity protocol as a communication channel for launching a range of threats, from distributed denial-of-service (DDoS) attacks to a remote access trojan (RAT). The multiple-threat malware, dubbed NKAbuse, appears to be targeting Linux desktops, though it also can infect Arm and MIPS systems, which.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
DECEMBER 15, 2023
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. [.
Security Boulevard
DECEMBER 15, 2023
Life comes at you fast, and that’s especially true for CISOs grappling with the many compliance risks in cybersecurity. From greater regulatory pressures and heightened privacy standards to increased personal liability, topped off with new rules for artificial intelligence — a lot happened in 2023. With these changes come implications for you in 2024.
Bleeping Computer
DECEMBER 15, 2023
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [.
Penetration Testing
DECEMBER 15, 2023
Two vulnerabilities in Microsoft SharePoint Server have recently come under the spotlight, thanks to the detailed work of STAR Labs researcher Nguyễn Tiến Giang (Jang). In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
DECEMBER 15, 2023
Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. [.
The Hacker News
DECEMBER 15, 2023
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon.
Bleeping Computer
DECEMBER 15, 2023
Cloud storage provider Box.com is suffering an outtage preventing customers from accessing their files. [.
The Hacker News
DECEMBER 15, 2023
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
DECEMBER 15, 2023
The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center (Fred Hutch) that resulted in patients receiving personalized extortion threats. [.
Heimadal Security
DECEMBER 15, 2023
Kyivstar, Ukraine’s main provider of telecommunication services, says that it’s been the target of a ‘powerful hacker attack’. The attack left customers without mobile or internet signal and caused the air raid sirens in the northeastern city of Sumy to malfunction as a result of the outage. Kyivstar has over 25 million mobile customers and […] The post Ukraine’s Largest Telecommunication Provider Paralysed by a Massive Cyberattack appeared first on Heimdal Security Blog.
InfoWorld on Security
DECEMBER 15, 2023
The arrival of ChatGPT in late 2022 and the ensuing cascade of large language models ensured that 2023 will forever be known as the year of generative AI (GenAI). With amazing speed, generative AI has rippled across the entire information technology landscape—from software development and devops tools, to data management platforms and analytics tools, to cloud security, compliance, and governance solutions.
The Hacker News
DECEMBER 15, 2023
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
DECEMBER 15, 2023
2024 almost here: Rollout begins Jan 4, but few trust Google’s motives. The post Happy New Year: Google Cookie Block Starts Soon, but Fear Remains appeared first on Security Boulevard.
Penetration Testing
DECEMBER 15, 2023
The blog title”Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023″ by Zero Day Engineering Insights, authored by Alisa Esage, delves into five kernel vulnerabilities in Qualcomm chipsets and... The post Researcher details 5 zero-day flaws in Qualcomm chipsets & ARM Mali GPU appeared first on Penetration Testing.
The Hacker News
DECEMBER 15, 2023
China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system.
Bleeping Computer
DECEMBER 15, 2023
The big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims the outages were caused by a hardware/hosting issue. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
302 
Let's personalize your content