Schneier on Security

FEBRUARY 5, 2024

A deepfake video conference call—with everyone else on the call a fake— fooled a finance worker into sending $25M to the criminals’ account.

Accountability 308

Accountability 308

The Last Watchdog

FEBRUARY 5, 2024

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communicatio

Risk 264

Risk Backups Software Education 264

Penetration Testing

FEBRUARY 5, 2024

Google, a titan in the digital realm, has once again demonstrated its commitment to user security with the release of its February 2024 security updates for Android. This latest security bulletin brings to the... The post CVE-2024-0031: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Tech Republic Security

FEBRUARY 5, 2024

Enpass’ offline password storage and support for third-party cloud services are two feature offerings you won’t find in many other password managers today.

Password Management 138

Password Management Passwords 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

FEBRUARY 5, 2024

Secureworks threat score capability leverages artificial intelligence (AI) within its Taegris extended detection and response (XDR) platform. The post Secureworks Applies Multiple Forms of AI to Assess Threat Risks appeared first on Security Boulevard.

Artificial Intelligence 134

Artificial Intelligence Risk Malware Cybersecurity 134

Tech Republic Security

FEBRUARY 5, 2024

Learn how to set up your account, store and secure your passwords and maximize the features of Enpass with this step-by-step guide.

Passwords 150

Passwords Accountability Password Management 150

Security Affairs

FEBRUARY 5, 2024

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.

Scams 142

Scams Technology Banking Hacking 142

Security Boulevard

FEBRUARY 5, 2024

Bad hoax blood: Spearphish pivots to deepfake Zoom call, leads to swift exit of cash. The post CFO Deepfake Fools Staff — Fakers Steal $26M via Video appeared first on Security Boulevard.

Digital transformation 130

Digital transformation Social Engineering Data privacy Engineering 130

Anton on Security

FEBRUARY 5, 2024

This is cross-posted from Google Cloud Community site , and written jointly with Dave Herrald. If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). SIEMs are used for collecting and analyzing security data from across your organization to help you identify and respond to threats quickly and effectively.

Threat Detection 100

Threat Detection Engineering Artificial Intelligence Risk 100

IT Security Guru

FEBRUARY 5, 2024

What Is Nanotechnology? Nanotechnology is concerned with nano-scale materials and structures. Nano-scale refers to particles and devices that are less than 100 microns in size. A sheet of paper has a thickness of 100,000 nano-meters, while a person who stands six feet tall has a thickness of 2 billion nano-meters! The properties of materials at the nanoscale can vary significantly, providing unique functionalities and applications for technology.

Computers and Electronics 119

Computers and Electronics Technology Manufacturing Healthcare 119

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

FEBRUARY 5, 2024

Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. [.

Hacking 119

Hacking 119

Security Boulevard

FEBRUARY 5, 2024

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union (EU) introduced an innovative legislative tool called the General Data Protection Regulation (GDPR), unveiled on May 25, 2018. This regulation highlights the EU's unified approach to bolster the control of its citizens over their personal details, [.

Cybersecurity 118

Cybersecurity 118

Security Affairs

FEBRUARY 5, 2024

Hewlett Packard Enterprise (HPE) is investigating a new data breach after a threat actor claimed to have stolen data on a hacking forum. Hewlett Packard Enterprise (HPE) is investigating a new data breach, following the discovery of an offer on a hacking forum where a threat actor claimed to be selling the allegedly stolen data. According to Bleeping Computer , the company has yet to find any evidence suggesting a new security breach.

Data breaches 138

Data breaches Marketing Hacking Cybersecurity 138

Bleeping Computer

FEBRUARY 5, 2024

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. [.

117

117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 5, 2024

These two examples of of core principles should help any SecOps team improve their cloud security operations. The post Two Practical Examples of Modern Cloud SecOps appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity 117

Bleeping Computer

FEBRUARY 5, 2024

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks. [.

Retail 114

Retail 114

Security Affairs

FEBRUARY 5, 2024

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. Last week Ivanti warned of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (

Software 128

Software Authentication Internet Internet 128

eSecurity Planet

FEBRUARY 5, 2024

Critical multi-platform vulnerabilities impacting diverse systems dominated the past week’s cybersecurity headlines. Juniper Networks released updates for the high-severity flaws in SRX and EX Series. A coding vulnerability in Microsoft’s Azure Pipelines affected 70,000 open-source projects. Linux distros faced a heap-based buffer overflow issue.

Risk 113

Risk Penetration Testing Authentication Software 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 5, 2024

Airbus Navblue Flysmart+ Manager allowed attackers to tamper with the engine performance calculations and intercept data. Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights. Researchers from Pen Test Partners discovered a vulnerability in Navblue Flysmart+ Manager that can be exploited to tamper with the engine performance calculations.

Hacking 130

Hacking Engineering Encryption Software 130

Bleeping Computer

FEBRUARY 5, 2024

Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. [.

Spyware 108

Spyware 108

Malwarebytes

FEBRUARY 5, 2024

Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident resulted in wide-scale disruptions to the company’s operations throughout the quarter, which ended September 30, 2023.

Backups 109

Backups Ransomware CISO Malware 109

Google Security

FEBRUARY 5, 2024

Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and other Google products. Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code.

Engineering 106

Engineering Government Technology Software 106

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

FEBRUARY 5, 2024

In January 2024, FortiGuard Labs uncovered a disturbing Excel document that served as the initial gateway to a sinister malware campaign. This campaign, tied to a Vietnamese-based hacking group previously identified in August and... The post Behind the Mask: Dissecting the Latest VBA Script Cyber Espionage appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Malware Hacking 108

Veracode Security

FEBRUARY 5, 2024

The Critical of Role of Dynamic Application Security Testing (DAST) Web applications are one of the most common vectors for attacks, accounting for over 40% of breaches, according to Verizon's Data Breach Report. Dynamic application security testing (DAST) is a crucial technique used by development teams and security professionals to secure web applications in the software development lifecycle.

Data breaches 98

Data breaches Software Accountability 98

Bleeping Computer

FEBRUARY 5, 2024

Microsoft is investigating an issue that triggers Outlook security alerts when trying to open.ICS calendar files after installing December 2023 Patch Tuesday Office security updates. [.

96

96

SecureWorld News

FEBRUARY 5, 2024

A United States federal judge has sentenced Joshua Adam Schulte, a former CIA employee, to 40 years in prison for one of the largest disclosures of classified information in U.S. history. Schulte worked as a software developer for the CIA's cyber operations division from 2012 to 2016, where he built hacking tools for intelligence gathering. According to the U.S.

Engineering 95

Engineering Media Encryption Hacking 95

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

FEBRUARY 5, 2024

Fortinet, a renowned name in the cybersecurity realm, recently alerted its customers to two critical OS command injection vulnerabilities in its FortiSIEM supervisor. These vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109, have sent shockwaves through... The post CVE-2024-23108 & CVE-2024-23109 (CVSS 10): Critical Command Injection Flaws in Fortinet FortiSIEM appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing Cybersecurity 105

We Live Security

FEBRUARY 5, 2024

With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing a lotmore than your heart.

108

108

The Hacker News

FEBRUARY 5, 2024

A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others.

VPN 97

VPN 97

Penetration Testing

FEBRUARY 5, 2024

In a significant move to fortify its line of Office/Small Office Multifunction Printers and Laser Printers, Canon, the Japanese imaging and optical product heavyweight, has disclosed the discovery of seven critical security vulnerabilities. These... The post Canon Warns of Critical Vulnerabilities in Printers: RCE & DoS Attacks appeared first on Penetration Testing.

Penetration Testing 100

Penetration Testing 100

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government