Schneier on Security

JULY 24, 2024

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t

Internet 288

Internet Internet Computers and Electronics Media 288

Troy Hunt

JULY 24, 2024

Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was

Data breaches 249

Data breaches 249

Tech Republic Security

JULY 24, 2024

The hybrid multicloud strategies that many Australian enterprises have adopted over the last decade could be made more complex by new AI applications. The only solutions could be rationalisation or an abstraction layer.

Artificial Intelligence 145

Artificial Intelligence 145

Security Boulevard

JULY 24, 2024

Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas. The post CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates appeared first on Security Boulevard.

IoT 144

IoT Security Awareness Software Risk 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 24, 2024

Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.

eCommerce 187

eCommerce Malware 187

WIRED Threat Level

JULY 24, 2024

A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.

Data collection 136

Data collection Engineering 136

Heimadal Security

JULY 24, 2024

Summary The European Union is experiencing a surge in brute-force cyberattacks on corporate and institutional networks, mostly originating from Russia, according to a Heimdal investigation. These attackers exploit Microsoft infrastructure, particularly in Belgium and the Netherlands, to avoid detection. Heimdal’s data reveals that the attacks date back to May 2024, but evidence suggests they may […] The post Russia-Linked Brute-Force Campaign Targets EU via Microsoft Infrastructure appeare

Malware 133

Malware 133

The Hacker News

JULY 24, 2024

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.

Cybersecurity 131

Cybersecurity 131

Security Affairs

JULY 24, 2024

A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients.

Data breaches 145

Data breaches Insurance Accountability Cyber Attacks 145

The Hacker News

JULY 24, 2024

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.

Engineering 130

Engineering 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JULY 24, 2024

A critical vulnerability, designated CVE-2024-39700, has been discovered in the widely-used JupyterLab extension template. This flaw could enable attackers to remotely execute code on affected systems, potentially leading to widespread compromise and data breaches.... The post CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered appeared first on Cybersecurity News.

Data breaches 134

Data breaches Cybersecurity 134

The Hacker News

JULY 24, 2024

A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.

Malware 129

Malware Mobile 129

Security Boulevard

JULY 24, 2024

Identifying and addressing underlying issues and the root cause of them can lead to risk reduction, cost savings and better overall performance of a vulnerability management program. The post The Value in Root Cause Analysis for Vulnerability Management appeared first on Security Boulevard.

Risk 124

Risk CISO Cybersecurity 124

Bleeping Computer

JULY 24, 2024

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [.

143

143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 24, 2024

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. “The Daggerfly (aka Evasive Panda, Bronze Highland) espionage group has extensively updated its toolset, introducing sever

Malware 133

Malware DNS Hacking Information Security 133

Security Boulevard

JULY 24, 2024

Exim is a widely used, open-source mail transfer agent (MTA) for Unix and Unix-like operating systems. A critical vulnerability has been discovered in Exim that could allow attackers to bypass security filters and deliver executable attachments directly to user inboxes. Successful exploitation could lead to compromised systems, data breaches, and a range of other security […] The post Critical Exim Vulnerability Threatens Millions of Email Servers appeared first on TuxCare.

Data breaches 123

Data breaches Cyber threats Security Awareness Cybersecurity 123

Bleeping Computer

JULY 24, 2024

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [.

Authentication 120

Authentication Engineering 120

The Hacker News

JULY 24, 2024

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.

Passwords 119

Passwords 119

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JULY 24, 2024

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [.

Software 116

Software 116

Security Boulevard

JULY 24, 2024

Virtualization is a cornerstone of modern IT-driven business processes primarily due to its resource optimization capabilities. The data flowing through virtualized environments can be critical for organizations to function properly and support production and services. When the stability and revenue generation of your organization have that severe dependence on data and virtual infrastructure nodes, performing […] The post Linux KVM Backup and Recovery: Expert Tips appeared first on TuxCare.

Backups 116

Backups 116

Bleeping Computer

JULY 24, 2024

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [.

Accountability 109

Accountability Malware 109

Security Boulevard

JULY 24, 2024

The shift to the cloud and the accelerated adoption of critical software as a service (SaaS) data applications has proven to be a security challenge for many chief information officers (CIOs) and chief information security officers (CISOs). The post CISOs, CIOs Struggle with Data Protection Challenges in AI, Cloud Era appeared first on Security Boulevard.

CISO 115

CISO Information Security Software Security Awareness 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

JULY 24, 2024

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week.

Cyber Attacks 110

Cyber Attacks Software 110

Security Boulevard

JULY 24, 2024

Recent media reports have shed light on GitLab rolling out another round of updates. These GitLab security updates are for the pipeline jobs security flaw with the software. In this article, we’ll focus on understanding what the security flaw actually is and what the updates cover. Let’s begin! GitLab Security Updates: CVE-2024-6385 The most recent […] The post Unauthorized Pipeline Jobs Flaw Patched By GitLab appeared first on TuxCare.

Media 114

Media Software Cybersecurity 114

The Hacker News

JULY 24, 2024

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S.

DNS 109

DNS Software Cyber threats Internet 109

Security Boulevard

JULY 24, 2024

Taking a risk-based approach to cyber risk and quantifying cyber risk empowers businesses to truly focus on mitigating the risks that really matter. The post Cyber Insurance Market Evolves as Threat Landscape Changes appeared first on Security Boulevard.

Cyber Insurance 108

Cyber Insurance Insurance Marketing Cyber Risk 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Affairs

JULY 24, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability Below are the descriptions of the flaws a

Internet 111

Internet Internet Hacking Accountability 111

Bleeping Computer

JULY 24, 2024

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [.

Passwords 104

Passwords 104

GlobalSign

JULY 24, 2024

Security risk management is no longer optional for businesses in today’s digital world. Learn about the role of risk management and how to implement it.

Risk 111

Risk 111

Graham Cluley

JULY 24, 2024

Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app!

Encryption 101

Encryption Risk 101

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government