Schneier on Security

JULY 24, 2024

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t

Internet 322

Internet Internet Computers and Electronics Media 322

Troy Hunt

JULY 24, 2024

Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was

Data breaches 249

Data breaches 249

Tech Republic Security

JULY 24, 2024

The hybrid multicloud strategies that many Australian enterprises have adopted over the last decade could be made more complex by new AI applications. The only solutions could be rationalisation or an abstraction layer.

Artificial Intelligence 158

Artificial Intelligence 158

Security Boulevard

JULY 24, 2024

Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas. The post CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates appeared first on Security Boulevard.

IoT 144

IoT Security Awareness Software Risk 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JULY 24, 2024

Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.

eCommerce 198

eCommerce Malware 198

WIRED Threat Level

JULY 24, 2024

A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.

Data collection 144

Data collection Engineering 144

Heimadal Security

JULY 24, 2024

Summary The European Union is experiencing a surge in brute-force cyberattacks on corporate and institutional networks, mostly originating from Russia, according to a Heimdal investigation. These attackers exploit Microsoft infrastructure, particularly in Belgium and the Netherlands, to avoid detection. Heimdal’s data reveals that the attacks date back to May 2024, but evidence suggests they may […] The post Russia-Linked Brute-Force Campaign Targets EU via Microsoft Infrastructure appeare

Malware 131

Malware 131

Penetration Testing

JULY 24, 2024

A critical vulnerability, designated CVE-2024-39700, has been discovered in the widely-used JupyterLab extension template. This flaw could enable attackers to remotely execute code on affected systems, potentially leading to widespread compromise and data breaches.... The post CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered appeared first on Cybersecurity News.

Data breaches 132

Data breaches Cybersecurity 132

Bleeping Computer

JULY 24, 2024

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [.

143

143

Security Affairs

JULY 24, 2024

A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients.

Data breaches 136

Data breaches Insurance Accountability Cyber Attacks 136

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

The Hacker News

JULY 24, 2024

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.

Cybersecurity 129

Cybersecurity 129

Security Boulevard

JULY 24, 2024

Identifying and addressing underlying issues and the root cause of them can lead to risk reduction, cost savings and better overall performance of a vulnerability management program. The post The Value in Root Cause Analysis for Vulnerability Management appeared first on Security Boulevard.

Risk 124

Risk CISO Cybersecurity 124

Bleeping Computer

JULY 24, 2024

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [.

Authentication 120

Authentication Engineering 120

Security Boulevard

JULY 24, 2024

Exim is a widely used, open-source mail transfer agent (MTA) for Unix and Unix-like operating systems. A critical vulnerability has been discovered in Exim that could allow attackers to bypass security filters and deliver executable attachments directly to user inboxes. Successful exploitation could lead to compromised systems, data breaches, and a range of other security […] The post Critical Exim Vulnerability Threatens Millions of Email Servers appeared first on TuxCare.

Data breaches 123

Data breaches Cyber threats Security Awareness Cybersecurity 123

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JULY 24, 2024

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [.

Software 116

Software 116

The Hacker News

JULY 24, 2024

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.

Engineering 127

Engineering 127

Security Boulevard

JULY 24, 2024

Virtualization is a cornerstone of modern IT-driven business processes primarily due to its resource optimization capabilities. The data flowing through virtualized environments can be critical for organizations to function properly and support production and services. When the stability and revenue generation of your organization have that severe dependence on data and virtual infrastructure nodes, performing […] The post Linux KVM Backup and Recovery: Expert Tips appeared first on TuxCare.

Backups 116

Backups 116

The Hacker News

JULY 24, 2024

A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.

Malware 125

Malware Mobile 125

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JULY 24, 2024

The shift to the cloud and the accelerated adoption of critical software as a service (SaaS) data applications has proven to be a security challenge for many chief information officers (CIOs) and chief information security officers (CISOs). The post CISOs, CIOs Struggle with Data Protection Challenges in AI, Cloud Era appeared first on Security Boulevard.

CISO 115

CISO Information Security Software Security Awareness 115

Bleeping Computer

JULY 24, 2024

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [.

Accountability 109

Accountability Malware 109

Security Boulevard

JULY 24, 2024

Recent media reports have shed light on GitLab rolling out another round of updates. These GitLab security updates are for the pipeline jobs security flaw with the software. In this article, we’ll focus on understanding what the security flaw actually is and what the updates cover. Let’s begin! GitLab Security Updates: CVE-2024-6385 The most recent […] The post Unauthorized Pipeline Jobs Flaw Patched By GitLab appeared first on TuxCare.

Media 114

Media Software Cybersecurity 114

The Hacker News

JULY 24, 2024

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.

Passwords 115

Passwords 115

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

JULY 24, 2024

Taking a risk-based approach to cyber risk and quantifying cyber risk empowers businesses to truly focus on mitigating the risks that really matter. The post Cyber Insurance Market Evolves as Threat Landscape Changes appeared first on Security Boulevard.

Cyber Insurance 108

Cyber Insurance Insurance Marketing Cyber Risk 108

Bleeping Computer

JULY 24, 2024

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [.

Passwords 104

Passwords 104

GlobalSign

JULY 24, 2024

Security risk management is no longer optional for businesses in today’s digital world. Learn about the role of risk management and how to implement it.

Risk 111

Risk 111

WIRED Threat Level

JULY 24, 2024

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.

Malware 112

Malware Accountability Ransomware Cybersecurity 112

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

JULY 24, 2024

Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app!

Encryption 96

Encryption Risk 96

Bleeping Computer

JULY 24, 2024

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. [.

Engineering 95

Engineering Software Cybersecurity 95

The Hacker News

JULY 24, 2024

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week.

Cyber Attacks 106

Cyber Attacks Software 106

Penetration Testing

JULY 24, 2024

Sekoia.io, in collaboration with Intrinsec, conducted an in-depth analysis of the Quad7 (7777) botnet, which utilizes TCP port 7777 on infected routers and carries out brute-force attacks on Microsoft 365 accounts worldwide. Experts detected... The post Researchers Uncover Massive Quad7 Botnet Targeting Microsoft 365 appeared first on Cybersecurity News.

Accountability 103

Accountability Cybersecurity Malware 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk