Schneier on Security
AUGUST 14, 2024
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
Tech Republic Security
AUGUST 14, 2024
Cybersecurity professionals are experiencing high levels of stress, which can have both business and personal implications. Here’s how they can improve their mental health.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 14, 2024
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.
Tech Republic Security
AUGUST 14, 2024
Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
AUGUST 14, 2024
Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.
Tech Republic Security
AUGUST 14, 2024
CBA's x15ventures is transforming fintech AI with its Xccelerate program, boosting innovation and setting new industry benchmarks in AI technology.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
AUGUST 14, 2024
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.
The Hacker News
AUGUST 14, 2024
A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S.
Penetration Testing
AUGUST 14, 2024
MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing in the System... The post CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published appeared first on Cybersecurity News.
The Hacker News
AUGUST 14, 2024
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
AUGUST 14, 2024
Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak of their personal information by the ThreeAM (3AM) ransomware gang. Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center that provides a wide range of medical services, including emergency care, surgical services, cancer care, and specialized
The Hacker News
AUGUST 14, 2024
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC.
Graham Cluley
AUGUST 14, 2024
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
Penetration Testing
AUGUST 14, 2024
For a long time, the iPhone’s NFC functionality was limited to Apple’s own Apple Pay for near-field communication payments. This restriction led to multiple complaints against Apple in the European... The post Apple Breaks the Mold: iPhone NFC Opens to Third-Party Payments appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Graham Cluley
AUGUST 14, 2024
Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His Royal Highness Prince William to reach an estimated 890,000 people via Meta's social media platforms.
Penetration Testing
AUGUST 14, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities, which could allow attackers to execute... The post CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available appeared first on Cybersecurity News.
Security Affairs
AUGUST 14, 2024
China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. Trend Micro researchers observed the APT targeting countries like Italy, Germany, UAE, and Qatar, and the group is suspected to have targeted also entities in Georgia and Romania.
Security Boulevard
AUGUST 14, 2024
See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste. The post August Patch Pileup: Microsoft’s Zero-Day Doozy Dump appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
AUGUST 14, 2024
A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524.
Security Boulevard
AUGUST 14, 2024
Rather than rely only on GitOps, teams should first implement AI and analytics capabilities to reduce human configuration security errors. The post Will GitOps Solve Configuration Security Issues? appeared first on Security Boulevard.
Trend Micro
AUGUST 14, 2024
This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.
Security Boulevard
AUGUST 14, 2024
By pushing past the hurdles that can make threat modeling challenging, business leaders can take full advantage of threat models to give their organizations a leg up in the battle against cyberattacks. The post Putting Threat Modeling Into Practice: A Guide for Business Leaders appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
AUGUST 14, 2024
Things have changed in cybersecurity. Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 (up 14% from 2022). But as the threats have evolved, so have we, and over the last year we’ve added products that protect your entire digital life.
eSecurity Planet
AUGUST 14, 2024
OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. However, a recent discovery by Microsoft researchers has unveiled a critical flaw in this widely trusted software.
Security Boulevard
AUGUST 14, 2024
DigiCert today announced it is acquiring Vercara, a provider of Domain Name System (DNS) and distributed denial-of-service (DDoS) security services delivered via the cloud. The post DigiCert Acquires Vercara to Extend Cybersecurity Services appeared first on Security Boulevard.
SecureWorld News
AUGUST 14, 2024
The U.S. National Institute of Standards and Technology (NIST) announced the finalization of three post-quantum cryptography standards, marking a significant milestone in the effort to secure digital communications against the looming threat of quantum computing. The new standards , developed over an eight-year period, are designed to withstand attacks from future quantum computers, which could potentially break current encryption methods within a decade.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
AUGUST 14, 2024
As data protection laws take hold across the world and the consequences of data loss become more severe, let’s take a closer look at the transformative potential that LLMs bring to the table. The post How LLMs are Revolutionizing Data Loss Prevention appeared first on Security Boulevard.
WIRED Threat Level
AUGUST 14, 2024
Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.
Penetration Testing
AUGUST 14, 2024
In the intricate world of web technologies, a profound understanding of a website or host extends far beyond surface-level interactions. It involves delving into the underlying infrastructure, security protocols, and... The post Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment appeared first on Cybersecurity News.
The Hacker News
AUGUST 14, 2024
Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
322 
Let's personalize your content