Mon.Jul 01, 2024

article thumbnail

New Tech Q&A: Adaptiva – CrowdStrike alliance highlights trend of blending IT and security systems

The Last Watchdog

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

article thumbnail

Model Extraction from Neural Networks

Schneier on Security

A new paper , “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

240
240
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code

Tech Republic Security

Security analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.

Software 195
article thumbnail

CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems

Penetration Testing

The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)... The post CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

The Hacker News

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

145
145
article thumbnail

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk

Security Boulevard

SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer. The post ‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk appeared first on Security Boulevard.

Risk 135

More Trending

article thumbnail

Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged

Malwarebytes

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.

Wireless 135
article thumbnail

Remote Rigor: Safeguarding Data in the Age of Digital Nomads

Security Boulevard

Digital nomads go where the wind takes them around the globe, often working from coffee shops, co-working locations or public libraries. They rely on connecting to their work life via their mobile hotspot or public wi-fi connections. The post Remote Rigor: Safeguarding Data in the Age of Digital Nomads appeared first on Security Boulevard.

Mobile 126
article thumbnail

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware

The Hacker News

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024.

Software 129
article thumbnail

New regreSSHion OpenSSH RCE bug gives root on Linux servers

Bleeping Computer

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.

135
135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical unauthenticated remote code execution flaw in OpenSSH server

Security Affairs

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the release of version 9.8 on July 01, 2024. “A critical vulnerability in sshd(8) was present

Internet 138
article thumbnail

What is the Role of Explainable AI (XAI) In Security?

Security Boulevard

While AI helps automatically detect and respond to rapidly evolving threats, XAI helps security professionals understand how these decisions are being made. The post What is the Role of Explainable AI (XAI) In Security? appeared first on Security Boulevard.

article thumbnail

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

The Hacker News

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

Scams 136
article thumbnail

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

Security Affairs

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure.

Passwords 133
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybersecurity Workforce Sustainability has a Problem. DEI Could be the Solution.

Security Boulevard

As employers scramble to find or train security talent, organizations that ignore the inclusive approach may weaken their competitive posture in the battle for talent and overall security. The post Cybersecurity Workforce Sustainability has a Problem. DEI Could be the Solution. appeared first on Security Boulevard.

article thumbnail

Hijacked: How hacked YouTube channels spread scams and malware

We Live Security

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Scams 124
article thumbnail

Cyber Trust Mark: The Impacts and Incentives of Early Adoption

Security Boulevard

The Cyber Trust Mark is a labeling initiative for consumer IoT devices in the United States that builds on work undertaken by the FCC and NIST, establishing data privacy and cybersecurity standards for connected devices. The post Cyber Trust Mark: The Impacts and Incentives of Early Adoption appeared first on Security Boulevard.

article thumbnail

Prudential Financial now says 2.5 million impacted by data breach

Bleeping Computer

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Juniper Networks fixed a critical authentication bypass flaw in some of its routers

Security Affairs

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. Juniper Networks has released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-2973 (CVSS score of 10.0), that could lead to an authentication bypass in some of its routers.

article thumbnail

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Bleeping Computer

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. [.

Malware 134
article thumbnail

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The Hacker News

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest.

Spyware 115
article thumbnail

AVG Secure VPN vs Surfshark (2024): Which VPN Is Better?

Tech Republic Security

Is Surfshark better than AVG? Is AVG Secure VPN worth it? Find out which VPN is better with our guide.

VPN 131
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Latest Intel CPUs impacted by new Indirector side-channel attack

Bleeping Computer

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. [.

106
106
article thumbnail

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

The Hacker News

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year.

105
105
article thumbnail

Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action

Penetration Testing

The Apache Software Foundation has issued an urgent security advisory, disclosing multiple vulnerabilities in its widely used Apache HTTP Server. These flaws range from denial-of-service (DoS) attacks to remote code execution and unauthorized access,... The post Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action appeared first on Cybersecurity News.

article thumbnail

Busted for book club? Why cops want to see what you’re reading, with Sarah Lamdan (Lock and Code S05E14)

Malwarebytes

This week on the Lock and Code podcast … More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans’ phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after terrorists attacked the United States on September 11, 2001, Congress responded with the passage of The USA Patriot Act.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Understanding SMiShing

Security Through Education

In the digital age, as our reliance on technology deepens, so does the creativity of malicious actors seeking to exploit vulnerabilities. One of the many growing threats to our security is SMiShing , a blend of SMS (Short Message Service) and phishing. SMiShing attacks utilize text messages to deceive individuals into divulging sensitive information or performing actions that compromise their security.

article thumbnail

Router maker's support portal responds with MetaMask phishing

Bleeping Computer

BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [.

article thumbnail

Why Switching Your TLS Provider to GlobalSign is the Best Decision You'll Make This Year

GlobalSign

Avoid disruptions to your business by switching to GlobalSign, and ensure that your certificates are publicly trusted by all major browsers.

111
111
article thumbnail

Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny

The Hacker News

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act (DMA).

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.