Schneier on Security

AUGUST 16, 2024

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

299

299

Tech Republic Security

AUGUST 16, 2024

NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.

Encryption 185

Encryption Artificial Intelligence Cybersecurity 185

The Last Watchdog

AUGUST 16, 2024

Cary, NC, Aug. 16, 2024, CyberNewsWire — The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions.

Cybersecurity 130

Cybersecurity Architecture Technology Network Security 130

Tech Republic Security

AUGUST 16, 2024

A new report from cyberthreat intelligence company Intel471 reveals that threat actors are increasingly targeting macOS.

Malware 159

Malware 159

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 16, 2024

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

Firewall 143

Firewall Engineering Hacking Information Security 143

Security Boulevard

AUGUST 16, 2024

Evolving threat actor tactics are capitalizing on business and technology consolidation to launch widespread ransomware attacks and requiring organizations to rethink how to address new vulnerabilities to stay secure and resilient. The post Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A appeared first on Security Boulevard.

Ransomware 136

Ransomware Cybersecurity Technology Security Awareness 136

Security Boulevard

AUGUST 16, 2024

Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity. The post Striking a Balance Between Business Growth, Risk Management and Cybersecurity appeared first on Security Boulevard.

Risk 132

Risk Cybersecurity Security Awareness 132

The Hacker News

AUGUST 16, 2024

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.

Risk 131

Risk Malware Software 131

WIRED Threat Level

AUGUST 16, 2024

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.

Data breaches 129

Data breaches Risk Hacking 129

Security Boulevard

AUGUST 16, 2024

Trust is vital to upholding the entire ecosystem in which all businesses operate, and the erosion of trust has considerable consequences for everyone. The post Holding Trust for Ransom: What’s at Stake as Business Trust Erodes appeared first on Security Boulevard.

Security Awareness 128

Security Awareness Risk Cybercrime Ransomware 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

AUGUST 16, 2024

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.

Architecture 127

Architecture Cryptocurrency Cybercrime Malware 127

Security Boulevard

AUGUST 16, 2024

A global survey of 1,850 IT and cybersecurity decision-makers finds more than half (51%) reporting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. The post Survey: Senior Executives Being Held More Accountable for Cybersecurity appeared first on Security Boulevard.

Accountability 119

Accountability Cybersecurity CISO Security Awareness 119

The Hacker News

AUGUST 16, 2024

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.

Media 124

Media Accountability 124

Security Boulevard

AUGUST 16, 2024

Two U.S. lawmakers are asking the Commerce Department to investigate whether the Wi-Fi routers built by Chinese company TP-Link could be used by Chinese-sponsored threat groups to infiltrate U.S. government and private networks, posing a security risk to the country. The post Lawmakers Ask for Probe of Chinese Router Maker TP-Link appeared first on Security Boulevard.

Government 119

Government Risk Malware Cybersecurity 119

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 16, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as CVE-2024-28986 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Government 130

Government Software Authentication Hacking 130

Security Boulevard

AUGUST 16, 2024

Crowdstrike’s update malfunction caused a global IT outage three weeks ago. Industry experts share the biggest lesson for IT leaders to learn. The post The Biggest Lesson From Crowdstrike’s Update Malfunction appeared first on Security Boulevard.

Security Awareness 118

Security Awareness Cybersecurity 118

Security Affairs

AUGUST 16, 2024

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace. The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on the dark web marketplace, Slilpp.

Banking 125

Banking Accountability Retail Mobile 125

Security Boulevard

AUGUST 16, 2024

In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant. The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Strobes Security. The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Security Boulevard.

117

117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

AUGUST 16, 2024

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election.

Accountability 118

Accountability 118

Security Boulevard

AUGUST 16, 2024

The post North Korean cyber attacks: How to educate your team on this new scam trend appeared first on Click Armor. The post North Korean cyber attacks: How to educate your team on this new scam trend appeared first on Security Boulevard.

Education 113

Education Cyber Attacks Scams CISO 113

The Hacker News

AUGUST 16, 2024

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.

Malware 118

Malware Cybersecurity 118

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claim it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 127

Malware Cryptocurrency Advertising Architecture 127

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

AUGUST 16, 2024

Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.

Malware 115

Malware 115

Penetration Testing

AUGUST 16, 2024

Researchers at Trend Micro’s Zero Day Initiative (ZDI) published the technical details for a vulnerability in Windows, identified as CVE-2024-38213, which has exposed a critical flaw in the operating system’s... The post ZDI Details Copy2Pwn: Zero-Day CVE-2024-38213 Evades Windows Security Measures appeared first on Cybersecurity News.

Cybersecurity 95

Cybersecurity 95

The Hacker News

AUGUST 16, 2024

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February.

Banking 115

Banking 115

Heimadal Security

AUGUST 16, 2024

“Multiple intrusion attempts” have been connected to an ongoing social engineering campaign purportedly tied to the Black Basta ransomware group, which aims to steal credentials and install a malware dropper named SystemBC. What Do We Know About the Operation? According to cybersecurity professionals, the approach is nothing out of the ordinary, following the usual pattern […] The post SystemBC Malware Used to Target Users by Black Basta-Linked Threat Actors appeared first on H

Malware 86

Malware Social Engineering Engineering Ransomware 86

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

AUGUST 16, 2024

SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited.

Risk 99

Risk 99

Security Boulevard

AUGUST 16, 2024

Cary, NC, Aug. 16, 2024, CyberNewsWire — The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity … (more…) The post News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training first appeared on The Last Watchdog.

Cybersecurity 78

Cybersecurity Architecture 78

We Live Security

AUGUST 16, 2024

A Luxembourg-based chemicals and manufacturing company has recently suffered one of the largest-ever business email compromise (BEC) attacks, during which an employee was tricked into wiring over $60 million.

Manufacturing 99

Manufacturing Scams 99

Security Boulevard

AUGUST 16, 2024

Reading Time: 6 min Frustrated with emails landing in spam? Learn how email deliverability testing helps you reach inboxes and boost campaign success. The post What is Email deliverability testing, and how can it help? appeared first on Security Boulevard.

Security Awareness 72

Security Awareness 72

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government