Schneier on Security
JUNE 19, 2024
There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.
The Last Watchdog
JUNE 19, 2024
The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
JUNE 19, 2024
As we emerge from an intense season of industry conferences like Infosec and RSA, I believe the cybersecurity community finds itself at a critical juncture. While hot topics like AI’s role in combating hacker threats has dominated discussions, an equally significant issue has remained— mental health and burnout. As an industry veteran, having spent over two decades in cybersecurity, I’ve been thinking a lot about the current state of the field—our relentless pursuit of productivity,
Security Boulevard
JUNE 19, 2024
While many businesses invest heavily in frontline defense tools to keep out bad actors, they spend far less time and money preparing for what happens when the criminals eventually get in. The post Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
JUNE 19, 2024
Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [.
Security Affairs
JUNE 19, 2024
Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JUNE 19, 2024
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
Security Boulevard
JUNE 19, 2024
The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure. The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.
The Hacker News
JUNE 19, 2024
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
Security Boulevard
JUNE 19, 2024
The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology. The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JUNE 19, 2024
AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the chip maker told media outlets. “We are working closely with law enforcement officials and a third-party hosting partner to i
Security Boulevard
JUNE 19, 2024
IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour. The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.
Security Affairs
JUNE 19, 2024
Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher.
The Hacker News
JUNE 19, 2024
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
JUNE 19, 2024
Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [.
The Hacker News
JUNE 19, 2024
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
Bleeping Computer
JUNE 19, 2024
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [.
Security Affairs
JUNE 19, 2024
A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
JUNE 19, 2024
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
WIRED Threat Level
JUNE 19, 2024
A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.
The Hacker News
JUNE 19, 2024
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.
Bleeping Computer
JUNE 19, 2024
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Graham Cluley
JUNE 19, 2024
There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce. All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.
WIRED Threat Level
JUNE 19, 2024
The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028.
The Hacker News
JUNE 19, 2024
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.
Identity IQ
JUNE 19, 2024
IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers IdentityIQ – Survey Finds Top Consumer Credit Concern is Not Knowing How to Effectively Strengthen Their Credit Profile – TEMECULA, Calif. – June 20, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, today released a report detailing consumer credit concerns voiced by mortgage, real estate, len
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Bleeping Computer
JUNE 19, 2024
Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [.
We Live Security
JUNE 19, 2024
Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat
Penetration Testing
JUNE 19, 2024
Fortra, the developer of the popular FileCatalyst file transfer solutions, has issued a critical security advisory warning users of a high-severity vulnerability (CVE-2024-5275) in both FileCatalyst Direct and FileCatalyst Workflow. The vulnerability, stemming from... The post Fortra Warns: Hard-Coded Password Vulnerability in FileCatalyst – CVE-2024-5275 appeared first on Cybersecurity News.
SecureBlitz
JUNE 19, 2024
This post will show you the best DNS, IP, and WebRTC leak test sites. Also, how to overcome the leaks. DNS, IP, and WebRTC leaks happen every day when we browse the internet; because we use local ISPs, we are bound to have these leaks. DNS leak is a problem that keeps your privacy on […] The post Best DNS, IP, and WebRTC Leaks Test Sites appeared first on SecureBlitz Cybersecurity.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
264 
Let's personalize your content