Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

IoT 277

IoT Software Manufacturing Internet 277

Tech Republic Security

JANUARY 12, 2024

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 171

VPN Cybersecurity Network Security 171

Bleeping Computer

JANUARY 12, 2024

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

142

142

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

Authentication 144

Authentication Software Passwords Hacking 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JANUARY 12, 2024

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [.

Firewall 140

Firewall 140

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 132

Passwords Firewall Marketing Authentication 132

The Last Watchdog

JANUARY 12, 2024

Washington, DC, Jan. 12, 2024 – Trimarc Security , the professional services company with extensive expertise in securing Active Directory for enterprise organizations, today announced the early access availability of its new product, Trimarc Vision. Trimarc Vision is a powerful security posture analysis product that provides visibility into the most important security components of Active Directory.

Risk 100

Risk Media 100

Security Affairs

JANUARY 12, 2024

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches.

Firewall 134

Firewall Hacking Software Information Security 134

Security Boulevard

JANUARY 12, 2024

Here's how osquery can empower security teams, enabling them to respond effectively and efficiently to the constant stream of cyberattacks. The post Improving Cybersecurity Response With Open Source Endpoint Visibility appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Malware 119

eSecurity Planet

JANUARY 12, 2024

Cloud log management is the comprehensive processing of log data, including generation, aggregation, storage, analysis, archive, and disposal. The top log management services offer troubleshooting and operational efficiency through seamless integration, secure log handling, advanced security analytics, and more. To help you select an ideal cloud log management solution, we’ve evaluated the top options and their use cases.

Technology 117

Technology Encryption Threat Detection Marketing 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JANUARY 12, 2024

The post How to Recover After Failing a Cybersecurity Audit appeared first on Digital Defense. The post How to Recover After Failing a Cybersecurity Audit appeared first on Security Boulevard.

Cybersecurity 118

Cybersecurity 118

Bleeping Computer

JANUARY 12, 2024

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. [.

Accountability 115

Accountability 115

Security Affairs

JANUARY 12, 2024

Investigators from Resecurity’s HUNTER (HUMINT) warn that Indonesia is increasingly being targeted by cyber-threat actors. Investigators from Resecurity’s HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the country’s elections.

Identity Theft 132

Identity Theft Cyber threats Marketing Risk 132

Hacker Combat

JANUARY 12, 2024

If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and. The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.

111

111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JANUARY 12, 2024

The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Click Armor. The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Security Boulevard.

Security Awareness 111

Security Awareness CISO 111

Hacker Combat

JANUARY 12, 2024

If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for. The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.

110

110

Penetration Testing

JANUARY 12, 2024

A new security vulnerability was found in Apache Solr, an open-source enterprise-search platform renowned for its robust full-text search, real-time indexing, and seamless integration with databases and NoSQL systems. This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing 119

Malwarebytes

JANUARY 12, 2024

Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some of them can have some adverse effects on your privacy, and sometimes even your safety.

Manufacturing 105

Manufacturing Wireless VPN Advertising 105

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Hacker Combat

JANUARY 12, 2024

If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if. The post How to See Who Blocked You on Facebook appeared first on Hacker Combat.

99

99

Bleeping Computer

JANUARY 12, 2024

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [.

Malware 98

Malware 98

Hacker Combat

JANUARY 12, 2024

iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to. The post How To Access Your Photos On iCloud appeared first on Hacker Combat.

96

96

The Hacker News

JANUARY 12, 2024

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

Ransomware 102

Ransomware 102

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

WIRED Threat Level

JANUARY 12, 2024

The US Securities and Exchange Commission and security firm Mandiant both had their X accounts breached, possibly due to changes to X’s two-factor authentication settings. Here’s how to fix yours.

Accountability 91

Accountability Hacking Authentication 91

The Hacker News

JANUARY 12, 2024

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

VPN 98

VPN Malware Authentication 98

Security Boulevard

JANUARY 12, 2024

As 2024 kicks off, here's where cloud-native supply chain security stands and what to expect in the immediate future. The post The State of Open Source Cloud-Native Security appeared first on Security Boulevard.

Software 86

Software Mobile Risk Government 86

The Hacker News

JANUARY 12, 2024

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address.

Accountability 95

Accountability Passwords 95

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

JANUARY 12, 2024

Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark ? A benchmark was run across... The post Subdominator: CLI tool for detecting subdomain takeovers appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing 98

The Hacker News

JANUARY 12, 2024

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity.

Cybersecurity 92

Cybersecurity 92

InfoWorld on Security

JANUARY 12, 2024

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the right direction. However, it’s rarely discussed as a path to enhanced security. The links to cloud security Effective cloud finops requires a strong understanding of cloud usage patterns.

Accountability 81

Accountability 81

Security Boulevard

JANUARY 12, 2024

Under active exploitation since last year—but still no patch available. The post Ivanti VPN Zero-Day Combo Chained ‘by China’ appeared first on Security Boulevard.

VPN 83

VPN Data privacy Security Awareness Mobile 83

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government