Schneier on Security
JUNE 19, 2024
There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.
The Last Watchdog
JUNE 19, 2024
The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JUNE 19, 2024
Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.
The Hacker News
JUNE 19, 2024
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
JUNE 19, 2024
AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the chip maker told media outlets. “We are working closely with law enforcement officials and a third-party hosting partner to i
The Hacker News
JUNE 19, 2024
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
JUNE 19, 2024
Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [.
Security Affairs
JUNE 19, 2024
A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open.
The Hacker News
JUNE 19, 2024
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
Security Affairs
JUNE 19, 2024
Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
JUNE 19, 2024
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
Security Boulevard
JUNE 19, 2024
The constant vigilance required to protect against evolving threats, and the sheer volume of routine tasks that demand attention contribute significantly to burnout. The post Cybersecurity Worker Burnout Costing Businesses Big appeared first on Security Boulevard.
Jane Frankland
JUNE 19, 2024
As we emerge from an intense season of industry conferences like Infosec and RSA, I believe the cybersecurity community finds itself at a critical juncture. While hot topics like AI’s role in combating hacker threats has dominated discussions, an equally significant issue has remained— mental health and burnout. As an industry veteran, having spent over two decades in cybersecurity, I’ve been thinking a lot about the current state of the field—our relentless pursuit of productivity,
Security Boulevard
JUNE 19, 2024
The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure. The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JUNE 19, 2024
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
Security Boulevard
JUNE 19, 2024
The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology. The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.
WIRED Threat Level
JUNE 19, 2024
A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.
Bleeping Computer
JUNE 19, 2024
Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JUNE 19, 2024
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.
Security Boulevard
JUNE 19, 2024
IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour. The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.
We Live Security
JUNE 19, 2024
Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat
The Hacker News
JUNE 19, 2024
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
JUNE 19, 2024
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [.
Trend Micro
JUNE 19, 2024
Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.
Bleeping Computer
JUNE 19, 2024
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [.
Identity IQ
JUNE 19, 2024
IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers IdentityIQ – Survey Finds Top Consumer Credit Concern is Not Knowing How to Effectively Strengthen Their Credit Profile – TEMECULA, Calif. – June 20, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, today released a report detailing consumer credit concerns voiced by mortgage, real estate, len
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
JUNE 19, 2024
Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [.
SecureBlitz
JUNE 19, 2024
This post will show you the best DNS, IP, and WebRTC leak test sites. Also, how to overcome the leaks. DNS, IP, and WebRTC leaks happen every day when we browse the internet; because we use local ISPs, we are bound to have these leaks. DNS leak is a problem that keeps your privacy on […] The post Best DNS, IP, and WebRTC Leaks Test Sites appeared first on SecureBlitz Cybersecurity.
Graham Cluley
JUNE 19, 2024
There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce. All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.
SecureBlitz
JUNE 19, 2024
Today, we will show you the top music streaming services you should go for. Music streaming is the best way to listen to music for relaxation, workouts, partying, or keeping yourself occupied at work. Moreover, Music streaming services have grown tremendously over the years, replacing the physical album. Numerous music streaming services offer you tons […] The post 5 Top Music Streaming Services In The World appeared first on SecureBlitz Cybersecurity.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
304 
Let's personalize your content