Schneier on Security

JUNE 21, 2024

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom.

Engineering 273

Engineering 273

Tech Republic Security

JUNE 21, 2024

Immersing yourself in best practices for ethical hacking, pen-testing and information security can set you up for a career or better-protected business.

Hacking 178

Hacking Information Security 178

The Last Watchdog

JUNE 21, 2024

Dubai, UAE, June 20, 2024, CyberNewsWire — 1inch , a leading DeFi aggregator that provides advanced security solutions to users across the entire space, has announced today the launch of the 1inch Shield. This solution, that is offering enhanced protection against a wide range of potential threats, was completed in partnership with Blockaid , a major provider of Web3 security tools.

Marketing 147

Marketing Risk Cryptocurrency Scams 147

Tech Republic Security

JUNE 21, 2024

According to Gartner, there are gotchas that can impede an organization’s ability to embrace Copilot. Here’s what enterprises interested in implementing Copilot should keep in mind.

Artificial Intelligence 163

Artificial Intelligence Government 163

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

JUNE 21, 2024

The cybercriminal acting under the name “Sp1d3r” gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it happened to be the first major event that was shared on the resurrected BreachForums , and someone acting under the handle “ShinyHunters” offered the full details (name, address, e

Data breaches 145

Data breaches Phishing Passwords Password Management 145

Tech Republic Security

JUNE 21, 2024

In this TechRepublic exclusive, Gartner VP Analyst Dionisio Zumerle shares three leadership strategies for achieving cybersecurity platform consolidation.

Cybersecurity 160

Cybersecurity CISO 160

The Hacker News

JUNE 21, 2024

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023.

Government 141

Government Malware 141

Security Affairs

JUNE 21, 2024

A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. Firmware security firm Eclypsium discovered a vulnerability, tracked as CVE-2024-0762 (CVSS of 7.5), in the Phoenix SecureCore UEFI firmware. The issue, called UEFIcanhazbufferoverflow , potentially impacts hundreds of PC and server models that use Intel Core desktop and mobile processors.

Firmware 139

Firmware Mobile Technology Hacking 139

The Hacker News

JUNE 21, 2024

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing.

Software 141

Software Engineering 141

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. Despite the French agency linked the attacks to the cyberespionage group Nobelium (aka APT29 , SVR group , Cozy Bear , Midnight Blizzard , BlueBravo , and The Dukes ), ANSSI differentiates these groups i

Phishing 139

Phishing Accountability Information Security Cyber Attacks 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JUNE 21, 2024

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department.

Software 140

Software 140

Penetration Testing

JUNE 21, 2024

A critical vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads, has left countless web scrapers and applications exposed to remote code execution (RCE) attacks. The flaw, designated CVE-2024-28397 and... The post CVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE appeared first on Cybersecurity News.

Cybersecurity 136

Cybersecurity 136

The Hacker News

JUNE 21, 2024

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.

Software 139

Software 139

Malwarebytes

JUNE 21, 2024

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” (We’ve not heard of siloprograms, and can’t find a reference to them anywhere, so perhaps it’s a mistranslation or typo.

Mobile 134

Mobile Data breaches Authentication Software 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JUNE 21, 2024

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence.

Malware 137

Malware Scams Phishing Cybersecurity 137

Security Boulevard

JUNE 21, 2024

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again). The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.

Ransomware 133

Ransomware Hacking Digital transformation Data privacy 133

Bleeping Computer

JUNE 21, 2024

The Tor Project has released Tor Browser 13.5, bringing several improvements and enhancements for Android and desktop versions. [.

Software 106

Software 106

Security Boulevard

JUNE 21, 2024

Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers. In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of.

Software 116

Software Cybersecurity Government 116

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

JUNE 21, 2024

The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. [.

Accountability 105

Accountability Data breaches Hacking 105

The Last Watchdog

JUNE 21, 2024

Cary, NC, June 20, 2024, CyberNewsWire — 2024 is rapidly shaping up to be a defining year in generative AI. While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI into global technology, the need for AI-ready cybersecurity teams is more critical than ever.

Risk 100

Risk Technology Cyber threats Cybersecurity 100

Bleeping Computer

JUNE 21, 2024

CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon. [.

Software 99

Software 99

Security Boulevard

JUNE 21, 2024

Modern chief information security officers (CISOs) are navigating tough circumstances due to complex challenges and heightened regulatory pressures. The post It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever. appeared first on Security Boulevard.

CISO 96

CISO Information Security Risk Government 96

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JUNE 21, 2024

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for operating in the technology sector of Russia. [.

Technology 94

Technology 94

eSecurity Planet

JUNE 21, 2024

Keeper and Dashlane are top password managers prioritizing multi-layered encryption systems for secure password sharing. Keeper emphasizes extensive security measures and is a more affordable option, while Dashlane promotes a user-friendly interface and robust administrative tools perfect for streamlining logins. To assist you in making your decision, I’ve compared the two solutions, focusing on their distinctive features, use cases, benefits, pros, and cons.

Password Management 89

Password Management Passwords Encryption VPN 89

Bleeping Computer

JUNE 21, 2024

UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. [.

Healthcare 89

Healthcare Ransomware Data breaches 89

Security Boulevard

JUNE 21, 2024

The post The dos and don’ts of gamified cyber security training appeared first on Click Armor. The post The dos and don’ts of gamified cyber security training appeared first on Security Boulevard.

CISO 84

CISO Security Awareness 84

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

JUNE 21, 2024

Over 30,000 WooCommerce-powered online stores may be at risk of a serious data breach due to a critical security flaw in the popular “Themify – WooCommerce Product Filter” plugin. The vulnerability, tracked as CVE-2024-6027... The post Over 30,000 WooCommerce Sites Exposed by Critical Plugin Flaw (CVE-2024-6027) appeared first on Cybersecurity News.

Data breaches 83

Data breaches Risk Cybersecurity 83

Bleeping Computer

JUNE 21, 2024

A federal jury in Las Vegas convicted five men for their involvement in the operation of Jetflicks, one of the largest and most popular illegal streaming services in the United States. [.

83

83

Zero Day

JUNE 21, 2024

Kaspersky users in the US have until September 29 to find alternative security software.

Risk 76

Risk Software 76

Heimadal Security

JUNE 21, 2024

Massive hack forces CDK Global, a provider of software-as-a-service for car dealerships, to shut down its servers, leaving customers unable to run their businesses as usual. A SaaS platform from CDK Global serves clients in the auto sector, managing all facets of vehicle dealership operations, such as inventory management, CRM, financing, payroll, support, and servicing. […] The post CDK Group Falls Victim to Two Cyberattacks appeared first on Heimdal Security Blog.

Hacking 68

Hacking Software Cybersecurity 68

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity