Schneier on Security
AUGUST 14, 2024
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
Tech Republic Security
AUGUST 14, 2024
Cybersecurity professionals are experiencing high levels of stress, which can have both business and personal implications. Here’s how they can improve their mental health.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 14, 2024
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.
Tech Republic Security
AUGUST 14, 2024
Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
AUGUST 14, 2024
Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.
Tech Republic Security
AUGUST 14, 2024
CBA's x15ventures is transforming fintech AI with its Xccelerate program, boosting innovation and setting new industry benchmarks in AI technology.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
AUGUST 14, 2024
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.
Security Boulevard
AUGUST 14, 2024
See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste. The post August Patch Pileup: Microsoft’s Zero-Day Doozy Dump appeared first on Security Boulevard.
Security Affairs
AUGUST 14, 2024
Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak of their personal information by the ThreeAM (3AM) ransomware gang. Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center that provides a wide range of medical services, including emergency care, surgical services, cancer care, and specialized
Security Boulevard
AUGUST 14, 2024
Rather than rely only on GitOps, teams should first implement AI and analytics capabilities to reduce human configuration security errors. The post Will GitOps Solve Configuration Security Issues? appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Graham Cluley
AUGUST 14, 2024
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
The Hacker News
AUGUST 14, 2024
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments.
Penetration Testing
AUGUST 14, 2024
MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing in the System... The post CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published appeared first on Cybersecurity News.
Graham Cluley
AUGUST 14, 2024
Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His Royal Highness Prince William to reach an estimated 890,000 people via Meta's social media platforms.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
AUGUST 14, 2024
By pushing past the hurdles that can make threat modeling challenging, business leaders can take full advantage of threat models to give their organizations a leg up in the battle against cyberattacks. The post Putting Threat Modeling Into Practice: A Guide for Business Leaders appeared first on Security Boulevard.
The Hacker News
AUGUST 14, 2024
A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S.
Security Affairs
AUGUST 14, 2024
China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. Trend Micro researchers observed the APT targeting countries like Italy, Germany, UAE, and Qatar, and the group is suspected to have targeted also entities in Georgia and Romania.
Penetration Testing
AUGUST 14, 2024
For a long time, the iPhone’s NFC functionality was limited to Apple’s own Apple Pay for near-field communication payments. This restriction led to multiple complaints against Apple in the European... The post Apple Breaks the Mold: iPhone NFC Opens to Third-Party Payments appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
eSecurity Planet
AUGUST 14, 2024
OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. However, a recent discovery by Microsoft researchers has unveiled a critical flaw in this widely trusted software.
The Hacker News
AUGUST 14, 2024
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.
Penetration Testing
AUGUST 14, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities, which could allow attackers to execute... The post CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available appeared first on Cybersecurity News.
The Hacker News
AUGUST 14, 2024
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
AUGUST 14, 2024
DigiCert today announced it is acquiring Vercara, a provider of Domain Name System (DNS) and distributed denial-of-service (DDoS) security services delivered via the cloud. The post DigiCert Acquires Vercara to Extend Cybersecurity Services appeared first on Security Boulevard.
The Hacker News
AUGUST 14, 2024
A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524.
Security Boulevard
AUGUST 14, 2024
As data protection laws take hold across the world and the consequences of data loss become more severe, let’s take a closer look at the transformative potential that LLMs bring to the table. The post How LLMs are Revolutionizing Data Loss Prevention appeared first on Security Boulevard.
SecureWorld News
AUGUST 14, 2024
The U.S. National Institute of Standards and Technology (NIST) announced the finalization of three post-quantum cryptography standards, marking a significant milestone in the effort to secure digital communications against the looming threat of quantum computing. The new standards , developed over an eight-year period, are designed to withstand attacks from future quantum computers, which could potentially break current encryption methods within a decade.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Penetration Testing
AUGUST 14, 2024
In the intricate world of web technologies, a profound understanding of a website or host extends far beyond surface-level interactions. It involves delving into the underlying infrastructure, security protocols, and... The post Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment appeared first on Cybersecurity News.
Malwarebytes
AUGUST 14, 2024
Things have changed in cybersecurity. Gone are the days when our only worry was downloading a virus. Now, 71% of people say having their data leaked and identity stolen is one of their biggest fears about being online. Sadly, they’re right to be concerned: Fraud losses hit $10 billion in 2023 (up 14% from 2022). But as the threats have evolved, so have we, and over the last year we’ve added products that protect your entire digital life.
Penetration Testing
AUGUST 14, 2024
In a recent August Patch Tuesday, Microsoft urgently addressed a critical security vulnerability within the Windows TCP/IP stack, identified as CVE-2024-38063. With a CVSS score of 9.8, this flaw has... The post Windows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit Details Due to High Risk appeared first on Cybersecurity News.
WIRED Threat Level
AUGUST 14, 2024
APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
277 
Let's personalize your content