Schneier on Security
JANUARY 18, 2024
After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.
Joseph Steinberg
JANUARY 18, 2024
Over the past year I have experimented to see how various retailers handle personal information that they collect from customers, especially when such information is collected as part of a purchase made by the customer in what appears, at first glance, to be some “amazing deal.” As I have warned for decades, just as they are in the physical world, “too good to be true” prices found online are often scams; one should be especially careful when dealing with retailers who advertise such prices but
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 18, 2024
The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.
Joseph Steinberg
JANUARY 18, 2024
Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business Human society is increasingly dependent on computer systems and the data housed and utilized within IT (information technology) infrastructure. While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JANUARY 18, 2024
Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.
Joseph Steinberg
JANUARY 18, 2024
In today’s digitally driven world, in which businesses heavily rely on computer systems and the information living within such systems, the importance of cybersecurity cannot be overstated. As organizations embrace digital transformation, and delver further and further along the path towards such, they open themselves up to a myriad of cyber threats.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Joseph Steinberg
JANUARY 18, 2024
In today’s digitally driven world, in which businesses heavily rely on computer systems and the information living within such systems, the importance of cybersecurity cannot be overstated. As organizations embrace digital transformation, and delver further and further along the path towards such, they open themselves up to a myriad of cyber threats.
Malwarebytes
JANUARY 18, 2024
Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.
Bleeping Computer
JANUARY 18, 2024
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [.
Security Affairs
JANUARY 18, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
JANUARY 18, 2024
A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.
Security Affairs
JANUARY 18, 2024
Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015.
Bleeping Computer
JANUARY 18, 2024
Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.
Security Affairs
JANUARY 18, 2024
Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
JANUARY 18, 2024
Have I been pwned? Yes, you probably have. Stop reusing passwords, already. Here’s what else you should do. The post Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy appeared first on Security Boulevard.
Anton on Security
JANUARY 18, 2024
New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of the SOC paper “Future of the SOC: Evolution or Optimization — Choose Your Path” ( alternative URL ) As a reminder (and I promise you do need it; it has been years), the previous 3 papers are: “New Paper: “Future of the SOC: Forces shaping modern security operations” (Paper 1 of 4)” “New Paper: “Future of
Security Boulevard
JANUARY 18, 2024
By: Gary Perkins, Chief Information Security Officer As we keep a close eye on trends impacting businesses this year, it is impossible to ignore the impacts of Artificial Intelligence and its evolving relationship with technology. One of the key areas experiencing this transformational change is cybersecurity. The integration of AI with cybersecurity practices is imperative, […] The post AI & Cybersecurity: Navigating the Digital Future appeared first on CISO Global.
Bleeping Computer
JANUARY 18, 2024
Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
We Live Security
JANUARY 18, 2024
Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims
Penetration Testing
JANUARY 18, 2024
In the realm of cybersecurity, the emergence of sophisticated botnets poses a perennial challenge. One such formidable entity is the 7777-Botnet, a network of compromised devices that has piqued the interest of security experts... The post The 7777-Botnet Exploit: A New Threat to TP-Link, Xiongmai, and Hikvision appeared first on Penetration Testing.
eSecurity Planet
JANUARY 18, 2024
Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.
Security Boulevard
JANUARY 18, 2024
Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. It can feel like crossing a major highway while blindfolded. Many never see the catastrophe about to happen, until it occurs. Cybersecurity predictions offer a glimpse at the dangerous oncoming traffic and help leaders develop strategies to navigate their journey safely.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JANUARY 18, 2024
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. [.
Penetration Testing
JANUARY 18, 2024
In a recent discovery, Varonis Threat Labs has unveiled three new ways that cyber attackers can exploit to access NTLM v2 hashed passwords, putting countless systems and user data at risk. Among these vulnerabilities,... The post New Outlook Exploit Unveiled: CVE-2023-35636 Leads to NTLM v2 Password Breach appeared first on Penetration Testing.
Malwarebytes
JANUARY 18, 2024
Malwarebytes continues to add value to its ThreatDown Bundles with the inclusion of Application Block as free for all ThreatDown Nebula accounts (excluding Mobile only accounts). Users don’t need to activate this new feature: the policy has been enabled in their account by default. For as many applications out there that help you keep business running as usual, there are just as many that can spell big trouble for your network security.
The Hacker News
JANUARY 18, 2024
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Malwarebytes
JANUARY 18, 2024
“Spend smarter, not harder” is the mantra for 2024, as Gartner forecasts a 14.3% jump in global security and risk management spending—an uptick which brings a renewed focus on the need for cost-effective cybersecurity investments. Inefficient cybersecurity spending, a known problem, becomes even more pressing with increased budgets—especially since inefficient spending often results in buying disparate security tools, which can create more security gaps and increase breach risks.
The Hacker News
JANUARY 18, 2024
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers.
Penetration Testing
JANUARY 18, 2024
Evernote is a popular note-taking and task-management application that helps you capture ideas, organize information, and stay productive. It’s like a digital filing cabinet for your brain, but way more powerful and versatile. However,... The post CVE-2023-50643: Evernote Remote Code Execution Flaw, PoC Published appeared first on Penetration Testing.
The Hacker News
JANUARY 18, 2024
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
286 
Let's personalize your content