Schneier on Security

SEPTEMBER 5, 2024

Really interesting analysis of the American M-209 encryption device and its security.

Encryption 284

Encryption 284

Tech Republic Security

SEPTEMBER 5, 2024

IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.

Cybersecurity 202

Cybersecurity Internet Internet 202

Duo's Security Blog

SEPTEMBER 5, 2024

The importance of gaining visibility into identity data Over the last two years, the security of an organization's identity ecosystem has become paramount. Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data.

Accountability 142

Accountability Risk Passwords Authentication 142

Tech Republic Security

SEPTEMBER 5, 2024

New mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.

Risk 176

Risk Artificial Intelligence 176

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Trend Micro

SEPTEMBER 5, 2024

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Manufacturing 135

Manufacturing 135

The Hacker News

SEPTEMBER 5, 2024

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.

Backups 132

Backups Software 132

The Hacker News

SEPTEMBER 5, 2024

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S.

Internet 131

Internet Internet Government 131

Security Boulevard

SEPTEMBER 5, 2024

The ransomware space is becoming increasingly fragmented in the wake of law enforcement actions against BlackCat, LockBit, and others, spawning more threat groups and giving rise to prolific newcomers like RansomHub, according to a report by Searchlight Cyber. The post RansomHub Emerges in Rapidly Evolving Ransomware Landscape appeared first on Security Boulevard.

Ransomware 124

Ransomware Malware Cybersecurity Network Security 124

Penetration Testing

SEPTEMBER 5, 2024

OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data. This vulnerability,... The post OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082) appeared first on Cybersecurity News.

Authentication 119

Authentication Cybersecurity 119

Security Boulevard

SEPTEMBER 5, 2024

Cybersecurity has never been something to set once and leave running in the background — it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organizations struggle to secure their networks against rapidly changing cyberthreats. Ransomware attackers have understood the value of targeting smaller.

Cybersecurity 124

Cybersecurity Ransomware Security Awareness Network Security 124

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

SEPTEMBER 5, 2024

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted organizations in Southeast Asia, Central Asia, and the Balkans.

Malware 119

Malware Telecommunications Encryption Hacking 119

The Hacker News

SEPTEMBER 5, 2024

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.

Internet 117

Internet Internet Accountability 117

WIRED Threat Level

SEPTEMBER 5, 2024

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

Hacking 116

Hacking 116

eSecurity Planet

SEPTEMBER 5, 2024

Data is the new gold, and breaches have become an unfortunate reality. A recent incident involving Tracelo, a popular smartphone geolocation tracking service, has exposed the personal information of over 1.4 million users. This breach, orchestrated by a hacker known as “Satanic,” highlights the vulnerability of even seemingly secure online platforms.

Data breaches 115

Data breaches Identity Theft Data privacy Risk 115

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

SEPTEMBER 5, 2024

Understanding how CASBs are developed and how to use them effectively can assist them in safeguarding their cloud-based assets against evolving threats. The post Cloud Access Security Brokers (CASBs): Are They Still Relevant? appeared first on Security Boulevard.

Security Awareness 115

Security Awareness Cybersecurity 115

SecureWorld News

SEPTEMBER 5, 2024

In 2023, the cost of cybercrime globally was projected to reach $8 trillion , with expectations to rise to $10.5 trillion by 2025. This staggering figure underscores the growing threat and the extensive damage cyberattacks can cause, including data breaches, downtime, and compromised sensitive information. On the journey of creating a secure business environment to deal with these emerging threats, compliance should be viewed as just the starting point, not the final destination.

Threat Detection 114

Threat Detection Phishing Penetration Testing Education 114

The Hacker News

SEPTEMBER 5, 2024

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.

Accountability 112

Accountability Cybersecurity 112

Penetration Testing

SEPTEMBER 5, 2024

The security researchers have publicly disclosed technical details and proof-of-concept (PoC) exploit code for a CVE-2024-26581 (CVSS 7.8) vulnerability within the Linux kernel. The flaw poses a serious risk, allowing... The post CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise appeared first on Cybersecurity News.

Risk 111

Risk Cybersecurity 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

SEPTEMBER 5, 2024

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.

Government 111

Government 111

Penetration Testing

SEPTEMBER 5, 2024

Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLPI and WordPress websites to distribute malicious loaders and maintain control over infected... The post DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress appeared first on Cybersecurity News.

Malware 104

Malware Cybersecurity 104

The Hacker News

SEPTEMBER 5, 2024

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.

Software 109

Software 109

Security Boulevard

SEPTEMBER 5, 2024

Threat monitoring and detection, such as Network Detection and Response (NDR), provide a complement to enhance a threat exposure management strategy. The post Choosing the Best Cybersecurity Prioritization Method for Your Organization appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity Security Awareness 104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

SEPTEMBER 5, 2024

Progress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and load balancer solution. The vulnerability, which carries a CVSS... The post CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster appeared first on Cybersecurity News.

Software 104

Software Cybersecurity 104

Malwarebytes

SEPTEMBER 5, 2024

In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowe’s has their own employe portal called MyLowesLife , for all matters related to schedule, pay stubs, or benefits. Lowe’s employees who searched for “myloweslife” during that time, may have seen one or multiple fraudulent ads.

Phishing 103

Phishing Identity Theft Accountability Retail 103

We Live Security

SEPTEMBER 5, 2024

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver.

Adware 101

Adware 101

Malwarebytes

SEPTEMBER 5, 2024

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.

Ransomware 101

Ransomware Passwords Insurance Healthcare 101

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

SEPTEMBER 5, 2024

A critical vulnerability, CVE-2024-7012, has been discovered in Foreman, a widely used open-source lifecycle management tool. This authentication bypass flaw, with a CVSS score of 9.8 (the highest severity rating),... The post CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access appeared first on Cybersecurity News.

Authentication 100

Authentication Cybersecurity 100

Zero Day

SEPTEMBER 5, 2024

With a bit of patience and experimentation, you can tweak your TV's basic settings for a better viewing experience.

98

98

SecureBlitz

SEPTEMBER 5, 2024

Learn why proxy providers are turning to IP Address leasing in this post. The proxy industry is witnessing a significant shift in how providers manage their IP resources. As client demands for diverse and reliable IP locations continue to grow, forward-thinking proxy services are turning to IP leasing as a strategic solution. This innovative approach […] The post Why Proxy Providers Are Turning to IP Address Leasing?

Cybersecurity 97

Cybersecurity 97

Zero Day

SEPTEMBER 5, 2024

Industry insiders are confident Apple will announce new AirPods next week during the iPhone 16 launch. Although that's exciting to hear, there are a few things I'd like to see first.

98

98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity