Schneier on Security
DECEMBER 10, 2024
This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.
Krebs on Security
DECEMBER 10, 2024
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138 , a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 10, 2024
TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.
Penetration Testing
DECEMBER 10, 2024
Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
DECEMBER 10, 2024
The E.U. Cyber Resilience Act is now in effect. The legislation affects manufacturers, distributors, and importers of software and hardware.
WIRED Threat Level
DECEMBER 10, 2024
The design of the gun police say they found on the alleged United Healthcare CEO's killerthe FMDA or Free Men Dont Askwas released by a libertarian group.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
DECEMBER 10, 2024
SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say. The post Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down appeared first on Security Boulevard.
Penetration Testing
DECEMBER 10, 2024
The Apache Software Foundation has announced the release of Apache Superset 4.1.0, an important update that addresses three significant security vulnerabilities affecting the widely used open-source business intelligence platform. These... The post Apache Superset Patches Multi Security Flaws in Latest Release appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 10, 2024
Auguria today at the Black Hat Europe conference, in addition to providing five additional integrations with other platforms, revealed it has added an explainability graph capability that makes it simple to understand why log data collected is either irrelevant or warrants further investigation. The post Auguria Streamlines Management of Security Log Data appeared first on Security Boulevard.
Security Affairs
DECEMBER 10, 2024
Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf of Dubai Police officers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 10, 2024
Microsoft is calling out to researchers to participate in a competition that is aimed at testing the latest protections in LLMs against prompt injection attacks, which OWASP is calling the top security risk facing the AI models as the industry rolls into 2025. The post Microsoft Challenge Will Test LLM Defenses Against Prompt Injections appeared first on Security Boulevard.
Penetration Testing
DECEMBER 10, 2024
Jamf Threat Labs has identified a vulnerability in Apples Transparency, Consent, and Control (TCC) security framework. Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and... The post Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 10, 2024
Cybersecurity companies traditionally considered pioneers of data innovation are often the ones struggling to unlock the full potential of the data they collect within their own organizations. The post Cybersecurity Companies Must Practice What They Preach to Avoid the Data Paradox appeared first on Security Boulevard.
The Hacker News
DECEMBER 10, 2024
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
DECEMBER 10, 2024
GitGuardian today extended the reach of its ability to manage applications secrets into the realm of non-human identities (NHI) associated with machines and software components. The post GitGuardian Extends Reach to Manage Non-Human Identities appeared first on Security Boulevard.
WIRED Threat Level
DECEMBER 10, 2024
Several recent schemes were uncovered involving poker players at casinos allegedly using miniature cameras, concealed in personal electronics, to spot cards. Should players everywhere be concerned?
Security Boulevard
DECEMBER 10, 2024
Although AI can enhance threat detection and response capabilities, it also introduces sophisticated attack vectors that require a rethink of traditional security models. The post Defending Against AI-Powered Attacks in a Spy vs. Spy World appeared first on Security Boulevard.
Fox IT
DECEMBER 10, 2024
Author: Guus Beckers Back in2022Fox-IT decided to open source its proprietary incident response tooling known as Dissect. Since then it has been adopted by many different companies in their regular workflow. For those of you who are not yet familiar with Dissect, it is an incident response framework built with incident response engagements of any scale in mind.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
DECEMBER 10, 2024
For too long, architecting for cyber recovery and resiliency was on the vision board for a distant future. Unfortunately, that distant future is here, but many companies have not started this critical effort. The post Given Todays Data Complexity, a Platform Mindset is Crucial for Cyber Recovery appeared first on Security Boulevard.
Penetration Testing
DECEMBER 10, 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security advisory (CERT-UA#12414) detailing a sophisticated phishing campaign targeting organizations within Ukraine’s defense industrial base. The attacks, attributed to... The post UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base appeared first on Cybersecurity News.
The Hacker News
DECEMBER 10, 2024
Zero Day
DECEMBER 10, 2024
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
DECEMBER 10, 2024
Penetration Testing
DECEMBER 10, 2024
Microsoft has released its December 2024 Patch Tuesday security update, addressing a total of 73 vulnerabilities across its product portfolio. This comprehensive update includes fixes for 16 critical and 54... The post Microsoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in December Patch Tuesday appeared first on Cybersecurity News.
Zero Day
DECEMBER 10, 2024
SecureWorld News
DECEMBER 10, 2024
Supervisory control and data acquisition (SCADA) systems are at the heart of modern industrial operations. It includes systems that provide real-time monitoring, control, and analysis of critical processes. To increase operational efficiency and guarantee and enable scalability, selecting the right SCADA software is mandatory. My article below will guide you through comparing SCADA software and help you understand the features to select the most appropriate software for your organization.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
DECEMBER 10, 2024
The Hacker News
DECEMBER 10, 2024
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
239 
Let's personalize your content