Joseph Steinberg

JANUARY 18, 2024

Over the past year I have experimented to see how various retailers handle personal information that they collect from customers, especially when such information is collected as part of a purchase made by the customer in what appears, at first glance, to be some “amazing deal.” As I have warned for decades, just as they are in the physical world, “too good to be true” prices found online are often scams; one should be especially careful when dealing with retailers who advertise such prices but

Data collection 284

Data collection Retail Scams Artificial Intelligence 284

Schneier on Security

JANUARY 18, 2024

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 265

Passwords 265

Joseph Steinberg

JANUARY 18, 2024

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business Human society is increasingly dependent on computer systems and the data housed and utilized within IT (information technology) infrastructure. While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks.

Cybersecurity 268

Cybersecurity Computers and Electronics Cyber Risk Risk 268

Tech Republic Security

JANUARY 18, 2024

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.

Malware 183

Malware Cybersecurity 183

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Joseph Steinberg

JANUARY 18, 2024

In today’s digitally driven world, in which businesses heavily rely on computer systems and the information living within such systems, the importance of cybersecurity cannot be overstated. As organizations embrace digital transformation, and delver further and further along the path towards such, they open themselves up to a myriad of cyber threats.

Cybersecurity 169

Cybersecurity Education Cyber Attacks Risk 169

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 174

Artificial Intelligence 174

Anton on Security

JANUARY 18, 2024

New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of the SOC paper “Future of the SOC: Evolution or Optimization — Choose Your Path” ( alternative URL ) As a reminder (and I promise you do need it; it has been years), the previous 3 papers are: “New Paper: “Future of the SOC: Forces shaping modern security operations” (Paper 1 of 4)” “New Paper: “Future of

Technology 130

Technology Risk Architecture 130

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 149

Artificial Intelligence 149

Bleeping Computer

JANUARY 18, 2024

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [.

Ransomware 142

Ransomware 142

Security Boulevard

JANUARY 18, 2024

Have I been pwned? Yes, you probably have. Stop reusing passwords, already. Here’s what else you should do. The post Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy appeared first on Security Boulevard.

Passwords 132

Passwords Social Engineering Data privacy Authentication 132

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JANUARY 18, 2024

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.

Software 133

Software Technology 133

Security Affairs

JANUARY 18, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability.

Authentication 136

Authentication VPN Software Engineering 136

Security Boulevard

JANUARY 18, 2024

By: Gary Perkins, Chief Information Security Officer As we keep a close eye on trends impacting businesses this year, it is impossible to ignore the impacts of Artificial Intelligence and its evolving relationship with technology. One of the key areas experiencing this transformational change is cybersecurity. The integration of AI with cybersecurity practices is imperative, […] The post AI & Cybersecurity: Navigating the Digital Future appeared first on CISO Global.

Artificial Intelligence 130

Artificial Intelligence Cybersecurity CISO Technology 130

Bleeping Computer

JANUARY 18, 2024

Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. [.

Software 129

Software 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

JANUARY 18, 2024

Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

Engineering 130

Engineering Software Risk Cybersecurity 130

eSecurity Planet

JANUARY 18, 2024

Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.

Risk 125

Risk Backups Encryption DDOS 125

Security Affairs

JANUARY 18, 2024

Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI.

Firmware 131

Firmware DNS Advertising Architecture 131

Security Boulevard

JANUARY 18, 2024

Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. It can feel like crossing a major highway while blindfolded. Many never see the catastrophe about to happen, until it occurs. Cybersecurity predictions offer a glimpse at the dangerous oncoming traffic and help leaders develop strategies to navigate their journey safely.

Risk 115

Risk Cybersecurity CISO Technology 115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

JANUARY 18, 2024

In the realm of cybersecurity, the emergence of sophisticated botnets poses a perennial challenge. One such formidable entity is the 7777-Botnet, a network of compromised devices that has piqued the interest of security experts... The post The 7777-Botnet Exploit: A New Threat to TP-Link, Xiongmai, and Hikvision appeared first on Penetration Testing.

Penetration Testing 124

Penetration Testing Cybersecurity Malware 124

WIRED Threat Level

JANUARY 18, 2024

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

Scams 113

Scams 113

Security Affairs

JANUARY 18, 2024

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015.

Phishing 130

Phishing Malware Encryption Accountability 130

Penetration Testing

JANUARY 18, 2024

In a recent discovery, Varonis Threat Labs has unveiled three new ways that cyber attackers can exploit to access NTLM v2 hashed passwords, putting countless systems and user data at risk. Among these vulnerabilities,... The post New Outlook Exploit Unveiled: CVE-2023-35636 Leads to NTLM v2 Password Breach appeared first on Penetration Testing.

Passwords 111

Passwords Penetration Testing Cyber Attacks Risk 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Identity IQ

JANUARY 18, 2024

How Utility Payment Reporting Can Help You Meet Your New Year Financial Goals IdentityIQ As the New Year continues to roll out, many of us have financial New Year’s resolutions that aim to seek the next level of financial strength. There’s a transformative tool that can help meet these goals that many are unaware of – utility payment reporting.

Accountability 105

Accountability Education 105

Security Boulevard

JANUARY 18, 2024

In the evolving landscape of healthcare cybersecurity, the recent data breach at HealthEC LLC has sent shockwaves through the industry, affecting nearly 4.5 million individuals who received care through the company’s diverse clientele. This incident, which unfolded between July 14 and 23, 2023, highlights the critical need for robust cybersecurity measures in managing sensitive healthcare […] The post HealthEC Data Breach Impacts 4.5 Million Patients appeared first on TuxCare.

Data breaches 105

Data breaches Healthcare Cybersecurity Cyber threats 105

Bleeping Computer

JANUARY 18, 2024

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. [.

Malware 112

Malware Hacking 112

NetSpi Technical

JANUARY 18, 2024

This article is co-authored by Gabe Rust. Welcome to the Battlefield Staring at the soft glow of a monitor, a hacker sipped coffee and watched the minutes tick by. The credentials had been obtained. The code needed to brute force the TOTP code had been written, and now it was just a matter of time. With each unsuccessful attempt, he could feel the tension in the room building.

Authentication 104

Authentication Passwords Accountability Penetration Testing 104

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JANUARY 18, 2024

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. [.

Hacking 110

Hacking 110

Penetration Testing

JANUARY 18, 2024

Evernote is a popular note-taking and task-management application that helps you capture ideas, organize information, and stay productive. It’s like a digital filing cabinet for your brain, but way more powerful and versatile. However,... The post CVE-2023-50643: Evernote Remote Code Execution Flaw, PoC Published appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Bleeping Computer

JANUARY 18, 2024

Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. [.

VPN 105

VPN Cybersecurity Education 105

Penetration Testing

JANUARY 18, 2024

Recently, Cado Security Labs researchers have uncovered a striking and innovative campaign that specifically targets vulnerable Docker services. This campaign marks a significant development in the world of cyber threats, as it deploys not... The post Unveiling a Novel Malware Campaign: Attackers Targeting Vulnerable Docker Services appeared first on Penetration Testing.

Penetration Testing 106

Penetration Testing Malware Cyber threats 106

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government