Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

Firewall 310

Firewall Data breaches Malware Risk 310

Tech Republic Security

JULY 3, 2024

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 180

Software Information Security 180

Penetration Testing

JULY 3, 2024

Recently, a critical local privilege escalation vulnerability has been identified in MSI Center, a popular system management application for Windows OS. Tracked as CVE-2024-37726, this vulnerability affects all versions of MSI Center up to... The post CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 3, 2024

Bitwarden vs KeePass: Who comes out on top? Dive into our 2024 analysis and make the best decision for your security needs!

Password Management 163

Password Management Passwords 163

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JULY 3, 2024

While it's unlikely that quantum computers are currently in the hands of cybercriminals or hostile nation-states, they will be. The post How to Achieve Crypto Resilience for a Post-Quantum World appeared first on Security Boulevard.

Security Awareness 141

Security Awareness Risk Government Cybersecurity 141

The Hacker News

JULY 3, 2024

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.

Accountability 139

Accountability 139

Security Boulevard

JULY 3, 2024

A survey of 706 IT and security professionals finds half are not very confident that they can stop a damaging security incident in the next 12 months, with 30% admitting they are less prepared to detect threats and respond to incidents than they were a year ago. The post Survey Surfaces Growing Lack of Cybersecurity Confidence appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity Security Awareness 123

The Hacker News

JULY 3, 2024

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”.

122

122

Security Boulevard

JULY 3, 2024

While SaaS apps enable better business operations, a secret threat is hiding in your SaaS stack: "Shadow IT.” The post The Secret Threat Hiding in Your SaaS Stack: Shadow IT appeared first on Security Boulevard.

Accountability 123

Accountability Security Awareness Risk Cybersecurity 123

The Hacker News

JULY 3, 2024

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms.

Artificial Intelligence 124

Artificial Intelligence Risk 124

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JULY 3, 2024

Man-in-the-middle attacks have increased in the age of digital connectivity and remote work, forcing companies to develop strategies to mitigate them. The post Man-In-The-Middle Attacks are Still a Serious Security Threat appeared first on Security Boulevard.

Social Engineering 122

Social Engineering Engineering Security Awareness Phishing 122

The Hacker News

JULY 3, 2024

The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif," the company said in a Tuesday analysis.

Malware 121

Malware 121

Security Affairs

JULY 3, 2024

The American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country. With more than $9 billion in assets, it is the 22nd largest credit union in the country.

Ransomware 128

Ransomware Banking Mobile Hacking 128

The Hacker News

JULY 3, 2024

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike. The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol.

Cybercrime 120

Cybercrime 120

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JULY 3, 2024

Life can be overwhelming. When you’re young, change is exciting, but as we grow older, it often brings uncertainty. In cyber security, our quest for certainty mirrors Albert Camus’ philosophy of the absurd. Let me break it down for you: we’re bombarded with CVEs and vulnerabilities, constant scans and assessments, and countless fixes to apply. […] The post Embracing the Absurd: Finding Freedom in Cyber Security appeared first on VERITI.

116

116

Bleeping Computer

JULY 3, 2024

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [.

DDOS 113

DDOS 113

We Live Security

JULY 3, 2024

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Scams 124

Scams Phishing 124

Bleeping Computer

JULY 3, 2024

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool.

Encryption 124

Encryption Software 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JULY 3, 2024

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […] The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on TuxCare.

Firmware 105

Firmware Mobile Cybersecurity 105

Bleeping Computer

JULY 3, 2024

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. [.

110

110

SecureWorld News

JULY 3, 2024

Organizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise. However, this trend also introduces significant data security risks that cannot be overlooked.

Risk 86

Risk Data breaches Penetration Testing Encryption 86

Bleeping Computer

JULY 3, 2024

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [.

Government 101

Government Data breaches Hacking Phishing 101

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Malwarebytes

JULY 3, 2024

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K , submitted to the Securities and Exchange Commission (SEC), Affirm states: “Because the Company [Affirm Holdings, Inc] shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the

Data breaches 86

Data breaches Banking Passwords Phishing 86

Bleeping Computer

JULY 3, 2024

Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. [.

Malware 93

Malware 93

Graham Cluley

JULY 3, 2024

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast.

Cryptocurrency 80

Cryptocurrency Cybersecurity 80

Bleeping Computer

JULY 3, 2024

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [.

Data breaches 91

Data breaches Healthcare Accountability 91

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Trend Micro

JULY 3, 2024

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.

Banking 90

Banking Cyber threats Malware 90

Security Boulevard

JULY 3, 2024

With new frameworks for cyber metrics and reporting being implemented globally, regulators have effectively elevated risk to the same level of board awareness as financial risks. The post Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations appeared first on Security Boulevard.

Risk 75

Risk Cyber Risk CISO Security Awareness 75

WIRED Threat Level

JULY 3, 2024

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps.

Encryption 84

Encryption 84

Security Boulevard

JULY 3, 2024

As businesses continue to expand their reliance on cloud security and privileged access management, the imperative to implement least privilege access in a manner both effective and efficient cannot be overstated. Yet, with the increasing complexity of information systems and the proliferation of privileged accounts, manually administering and enforcing the least privilege principle poses substantial […] The post The Role of Automation in Enforcing the Principle of Least Privilege appeared first

Accountability 69

Accountability 69

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government