Schneier on Security
NOVEMBER 8, 2024
The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.
Troy Hunt
NOVEMBER 8, 2024
This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the incident itself. It's a nothing-burger. Email addresses and usernames, that's it, and of course, their association with the service, which may lead to some very targeted spam or phishing attempts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
NOVEMBER 8, 2024
Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. “Palo Alto Networks is aware of a claim of a remote co
Security Boulevard
NOVEMBER 8, 2024
The chief information security officer (CISO) role has changed dramatically from just a few short years ago. Once confined to technical security, CISOs have emerged as key strategic partners in the C-suite. The post The CISO Evolution: From Tactical Defender to Strategic Business Partner appeared first on Security Boulevard.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
NOVEMBER 8, 2024
Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source.
Security Boulevard
NOVEMBER 8, 2024
Cyber resilience is all about how well an organization can withstand attacks and operate successfully, even while navigating cybersecurity incidents. The post Steps Organizations Can Take to Improve Cyber Resilience appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Malwarebytes
NOVEMBER 8, 2024
The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. Canada’s Minister of Innovation, Science and Industry stated: “As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national securit
Security Boulevard
NOVEMBER 8, 2024
The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense. And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only.
Penetration Testing
NOVEMBER 8, 2024
Cisco Talos Incident Response (Talos IR) has recently unveiled a concerning new threat in the cybersecurity landscape: Interlock ransomware. This attack, which Talos categorizes as “big-game hunting,” leverages both sophisticated... The post From Fake Updates to Data Exfiltration: Inside Interlock Ransomware’s Operations appeared first on Cybersecurity News.
Security Boulevard
NOVEMBER 8, 2024
How observability empowers security and explore the continuous monitoring, automated response mechanisms and deep insights it provides to effectively address threats in real time. The post Observability in Security: Strategies for the Modern Enterprise appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
IT Security Guru
NOVEMBER 8, 2024
Data security has become critical to success in today’s complex, data-driven business environments. Companies must continually assess and strengthen their data security posture to maintain trust, stay compliant, and avoid expensive (and embarrassing) breaches. However, evaluating and improving this posture requires understanding where the organisation’s data security stands, what needs immediate attention, and how to sustain ongoing improvements.
Tech Republic Security
NOVEMBER 8, 2024
Discover the best vulnerability management tools of 2024. Compare top solutions, explore features and benefits, and find expert reviews to guide your choice.
Penetration Testing
NOVEMBER 8, 2024
A critical vulnerability, tagged as CVE-2024-10470, has been identified in WPLMS, a WordPress premium theme widely used for online course management. Security researcher István Márton at Wordfence reported that this... The post CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites appeared first on Cybersecurity News.
We Live Security
NOVEMBER 8, 2024
Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
NOVEMBER 8, 2024
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said.
Security Boulevard
NOVEMBER 8, 2024
CWEs and CVEs have similarities and differences. Understanding both can help you keep your organization secure. Staying ahead of vulnerabilities is critical for any cybersecurity pro tasked with protecting an organization’s assets and data in a constantly shifting threat landscape. The Common Vulnerabilities and Exposures (CVE) system and the Common Vulnerability Scoring System (CVSS) are.
The Hacker News
NOVEMBER 8, 2024
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.
Security Boulevard
NOVEMBER 8, 2024
Authors/Presenters: Jacob Shams Our sincere appreciation to [DEF CON][1] , and the Presenters/Authors for publishing their erudite [DEF CON 32][2] content. Originating from the conference’s events located at the [Las Vegas Convention Center][3] ; and via the organizations [YouTube][4] channel. Permalink The post DEF CON 32 – Securing CCTV Cameras Against Blind Spots – Jacob Shams appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
NOVEMBER 8, 2024
The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March.
Security Boulevard
NOVEMBER 8, 2024
The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on AI-enhanced Security Automation. The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on Security Boulevard.
The Hacker News
NOVEMBER 8, 2024
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.
Malwarebytes
NOVEMBER 8, 2024
The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of absence, Fakebat (AKA Eugenloader, PaykLoader) showed up on our radar again via a malicious Google ad for the productivity application Notion.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
NOVEMBER 8, 2024
High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony.
Zero Day
NOVEMBER 8, 2024
When you buy a new PC, you typically have a choice of only two Windows editions. But other specialized editions are available, and you might stumble across one of them if you look in the right places. Here's what you need to know.
The Hacker News
NOVEMBER 8, 2024
Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)?
Zero Day
NOVEMBER 8, 2024
The latest AirPods Pro come with several features to help care for your hearing. Here's how to use them.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
NOVEMBER 8, 2024
We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs).
Zero Day
NOVEMBER 8, 2024
Openvibe simplifies social media management with unified timelines, cross-posting, and customizable feeds for easier navigation of the digital landscape. Here's why you should try it.
Security Affairs
NOVEMBER 8, 2024
Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. “Palo Alto Networks is aware of a claim of a remote co
Zero Day
NOVEMBER 8, 2024
Part AI chatbot, part search engine, Google's experimental 'Learn About' tool is personalized to your learning needs. How to try it.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
336 
Let's personalize your content