Schneier on Security

DECEMBER 11, 2024

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

Social Engineering 233

Social Engineering Engineering Hacking 233

Tech Republic Security

DECEMBER 11, 2024

December marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft.

Software 160

Software 160

Penetration Testing

DECEMBER 11, 2024

A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as CVE-2024-53247... The post CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

DECEMBER 11, 2024

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News.

Malware 136

Malware 136

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

DECEMBER 11, 2024

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to... The post CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 137

Cybersecurity 137

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account.

Authentication 136

Authentication Accountability Cybersecurity 136

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.

Mobile 134

Mobile Spyware Surveillance Malware 134

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Wiz on cloud security, features, pricing, and performance to find the best cybersecurity solution for your business needs.

Cybersecurity 126

Cybersecurity 126

The Hacker News

DECEMBER 11, 2024

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.

DNS 130

DNS Malware Cybersecurity 130

Penetration Testing

DECEMBER 11, 2024

Researchers at the Lookout Threat Lab have identified a sophisticated surveillance tool, dubbed EagleMsgSpy, reportedly used by law enforcement agencies in mainland China. The tool, operational since at least 2017,... The post EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool appeared first on Cybersecurity News.

Surveillance 120

Surveillance Cybersecurity Spyware Malware 120

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

DECEMBER 11, 2024

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023.

Cyber Attacks 128

Cyber Attacks Media Government 128

Security Affairs

DECEMBER 11, 2024

Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. A remote unauthenticated attacker can exploit the vulnerability to gain administrative access.

Authentication 101

Authentication Software Hacking Information Security 101

The Hacker News

DECEMBER 11, 2024

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.

DDOS 114

DDOS 114

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Palo Alto Networks in this in-depth article, exploring features, pricing, usability, and performance to find the right solution for your business.

112

112

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

DECEMBER 11, 2024

This blog explores ten essential web design security practices every developer and business should adopt to stay ahead of potential attacks. The post Top 10 Web Design Security Best Practices to Follow in 2025 appeared first on Security Boulevard.

Security Awareness 110

Security Awareness Cybersecurity 110

The Hacker News

DECEMBER 11, 2024

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine.

Malware 105

Malware 105

Security Affairs

DECEMBER 11, 2024

The U.S. has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. The U.S. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a zero-day exploit used to compromise approximately 81,000 firewalls.

Firewall 83

Firewall Hacking Malware Passwords 83

Tech Republic Security

DECEMBER 11, 2024

Compare CrowdStrike and Splunk, two leading SIEM solutions, focusing on their features, strengths, and differences in cybersecurity effectiveness.

Cybersecurity 103

Cybersecurity 103

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

DECEMBER 11, 2024

An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign. Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ Cyberspies aimed to establish footholds and compromise downstream entities but were detected and halted early by SentinelOne and Tinexta Cyber.

Firewall 82

Firewall Malware Accountability Technology 82

Tech Republic Security

DECEMBER 11, 2024

Keepers extensive authentication options and generous discounts make it an alluring password manager to try this year. Read more about it in our full review.

Password Management 103

Password Management Passwords Authentication 103

Security Boulevard

DECEMBER 11, 2024

One of the most significant regulatory mandates on the horizon is the European Unions Digital Operational Resilience Act (DORA). The post Leveraging Crypto Agility to Meet DORA Requirements in Financial Services by January 2025 appeared first on Security Boulevard.

Financial Services 93

Financial Services Cybersecurity 93

Tech Republic Security

DECEMBER 11, 2024

Chinese cybersecurity firm Sichuan Silence has been sanctioned for exploiting a vulnerability in Sophos firewalls used at critical infrastructure organizations in the U.S.

Cybersecurity 94

Cybersecurity Firewall Ransomware Software 94

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

DECEMBER 11, 2024

Oasis Security today revealed that it worked with Microsoft to fix a flaw in its implementation of multi-factor authentication (MFA) that could have been used by cybercriminals to gain access to every major Microsoft cloud service The post Oasis Security Details MFA Security Flaw Found in Microsoft Cloud Services appeared first on Security Boulevard.

Authentication 80

Authentication Passwords Cybersecurity 80

Malwarebytes

DECEMBER 11, 2024

Test page heading

77

77

Penetration Testing

DECEMBER 11, 2024

Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo LexiCom,... The post PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623) appeared first on Cybersecurity News.

Software 76

Software Cybersecurity 76

Security Boulevard

DECEMBER 11, 2024

The digital currency market is booming, and as security professionals, we must address the crucial question: Is crypto safe? Following the re-election of former President Donald The post Is crypto safe? What to know before investing in digital currencies appeared first on Security Boulevard.

Marketing 64

Marketing CISO Risk 64

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

DECEMBER 11, 2024

In a sudden and unexpected turn of events, OpenAI’s ChatGPT, the AI chatbot that has taken the world by storm, is experiencing a major global outage. The disruption, which began... The post ChatGPT and Sora Go Offline: OpenAI Scrambles to Restore Service Amid Global Outage appeared first on Cybersecurity News.

Cybersecurity 73

Cybersecurity Technology 73

Centraleyes

DECEMBER 11, 2024

The International Air Transport Association (IATA) Cyber Security Regulations represent a set of guidelines and standards aimed at enhancing cybersecurity resilience within the aviation industry. These regulations are critical for ensuring the safety, security, and operational continuity of a highly interconnected global sector. What Are IATA Cyber Security Regulations?

Risk 52

Risk Cybersecurity Penetration Testing Digital transformation 52

Penetration Testing

DECEMBER 11, 2024

A collaborative research effort has exposed a significant vulnerability, designated CVE-2024-21944 and named “BadRAM,” that undermines the integrity of AMD’s Secure Encrypted Virtualization (SEV) technology. This security flaw permits malicious... The post BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV appeared first on Cybersecurity News.

Encryption 73

Encryption Technology Cybersecurity 73

Security Boulevard

DECEMBER 11, 2024

A warning issued by the new head the United Kingdom's National Cyber Security Centre (NCSC) should be sobering to cybersecurity pros everywhere. Speaking at the agency's headquarters on Tuesday, Richard Horne declared that the cyber-risks faced by his nation and its allies are widely underestimated. The post U.K. cybersecurity chief warns of gap between risks and defenses appeared first on Security Boulevard.

Risk 59

Risk Cybersecurity Cyber Risk Government 59

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity