Fri.Jun 14, 2024

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

259
259
article thumbnail

CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub

Penetration Testing

Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub. The vulnerability could allow attackers to gain SYSTEM privileges,... The post CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Demo of AES GCM Misuse Problems

Schneier on Security

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

article thumbnail

5 Tips for Making the Most Out of Your Next Business Trip

Tech Republic Security

From saving on flights and hotels to protecting your data when working online, these tips could save you money in the long run.

VPN 148
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Chinese Threats Aim for Government Sector 

Security Boulevard

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years. The post Chinese Threats Aim for Government Sector appeared first on Security Boulevard.

article thumbnail

Microsoft Delays Recall Launch, Seeking Community Feedback First

Tech Republic Security

An upcoming blog post for members of the Windows Insider Program will explain how to get the AI-powered Recall feature.

More Trending

article thumbnail

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerabi

Firmware 130
article thumbnail

Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs

Security Boulevard

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink. The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

article thumbnail

Former IT employee gets 2.5 years for wiping 180 virtual servers

Bleeping Computer

A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. [.

121
121
article thumbnail

SASE Market Growth Continues, Led by Cisco, Zscaler 

Security Boulevard

Companies are achieving revenue growth by addressing the needs of mid-market enterprises, offering tailored solutions that provide high value at a competitive price point. The post SASE Market Growth Continues, Led by Cisco, Zscaler appeared first on Security Boulevard.

Marketing 119
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

London hospitals cancel over 800 operations after ransomware attack

Bleeping Computer

NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. [.

article thumbnail

DORA Compliance Strategy for Business Leaders

Security Affairs

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and any organizations that do business with them must comply with the Digital Operation Resilience Act, also known as DORA. This regulation from the European Union (EU) is intended to both strengthen IT security and enhance the digital resilience of the European financial market.

Insurance 124
article thumbnail

Ensuring Data-Centric Security on IBM z Series: comforte’s Customer Success Stories and Best Practices

Security Boulevard

In today's rapidly evolving digital landscape, the importance of data security cannot be overstated. Organisations across the globe are increasingly seeking robust solutions to protect their sensitive information from cyber threats. Among the leaders in providing such solutions is comforte AG, a company renowned for its expertise in data-centric security.

article thumbnail

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

The Hacker News

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Mozilla Firefox can now secure access to passwords with device credentials

Bleeping Computer

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [.

Passwords 114
article thumbnail

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

The Hacker News

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users.

article thumbnail

Microsoft removes Copilot app ‘incorrectly’ added on Windows PCs

Bleeping Computer

Microsoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. [.

116
116
article thumbnail

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

The Hacker News

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CISA warns of Windows bug exploited in ransomware attacks

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. [.

article thumbnail

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

The Hacker News

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI.

103
103
article thumbnail

Truist bank confirms data breach

Malwarebytes

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets, it is in the top 10 of US banks. In 2020, Truist provided financial services to about 12 million consumer households.

article thumbnail

Keytronic confirms data breach after ransomware gang leaks stolen files

Bleeping Computer

PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Honest Kaspersky Antivirus Review

SecureBlitz

In this post, we will show you the Kaspersky Antivirus review. In an age where our digital lives are constantly under threat, antivirus software has become an essential tool for protecting our devices and personal information. Among the myriad of options available, Kaspersky Antivirus has consistently stood out for its robust security features and user-friendly […] The post Honest Kaspersky Antivirus Review appeared first on SecureBlitz Cybersecurity.

article thumbnail

Scattered Spider hackers switch focus to cloud apps for data theft

Bleeping Computer

The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. [.

article thumbnail

A New Tactic in the Rapid Evolution of QR Code Scams

Security Boulevard

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same. The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Scams 83
article thumbnail

Crypter Specialist Involved in the Conti and LockBit Attack Arrested

Heimadal Security

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least one attack personally. The Dutch police, who responded to a ransomware attack and subsequent data […] The post Crypter Specialist Involved in the Conti and LockBit Attack Arrested appeared first on Heimdal Security Blog.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe

Security Boulevard

Whether it be purely text-based social engineering, or advanced, image-based attacks, one thing's for certain — generative AI is fueling a whole new age of advanced phishing. The post The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe appeared first on Security Boulevard.

article thumbnail

Insurance giant Globe Life investigating web portal breach

Bleeping Computer

American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. [.

article thumbnail

Friday Five: Elaborate Vishing, Microsoft's Security Woes, & More

Digital Guardian

In this week's Friday Five, read about the good and bad news regarding government-targeted cyberattacks, Microsoft President Brad Smith's recent testimony in front of Congress, a vishing campaign impersonating CISA staff, & more.

article thumbnail

The Top 7 Unified Endpoint Management Tools in 2024

Heimadal Security

In the last decade, cybersecurity has come a long way. Once upon a time, keeping your IT environment secure largely required passwords, firewalls, and antivirus. In the days since, the move to cloud technology has thrown up a whole range of advanced tools and defenses to protect organizations that have employees and data distributed around […] The post The Top 7 Unified Endpoint Management Tools in 2024 appeared first on Heimdal Security Blog.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.