Long Analysis of the M-209
Schneier on Security
SEPTEMBER 5, 2024
Really interesting analysis of the American M-209 encryption device and its security.
Thu.Sep 05, 2024
226 
IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing
Tech Republic Security
SEPTEMBER 5, 2024
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.
Join 29,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team
WIRED Threat Level
SEPTEMBER 5, 2024
Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
Australia Proposes Mandatory Guardrails for AI
Tech Republic Security
SEPTEMBER 5, 2024
New mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Uncovering & Remediating Dormant Account Risk
Duo's Security Blog
SEPTEMBER 5, 2024
The importance of gaining visibility into identity data Over the last two years, the security of an organization's identity ecosystem has become paramount. Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data.
RansomHub Emerges in Rapidly Evolving Ransomware Landscape
Security Boulevard
SEPTEMBER 5, 2024
The ransomware space is becoming increasingly fragmented in the wake of law enforcement actions against BlackCat, LockBit, and others, spawning more threat groups and giving rise to prolific newcomers like RansomHub, according to a report by Searchlight Cyber. The post RansomHub Emerges in Rapidly Evolving Ransomware Landscape appeared first on Security Boulevard.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
Quishing, an insidious threat to electric car owners
Security Affairs
SEPTEMBER 5, 2024
Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of “QR Code” and “phishing,” describes a scam in which fraudsters use counterfeit QR Codes to steal sensitive information
We Hunted Hidden Police Signals at the DNC
WIRED Threat Level
SEPTEMBER 5, 2024
Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
The Hacker News
SEPTEMBER 5, 2024
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.
Cloud Access Security Brokers (CASBs): Are They Still Relevant?
Security Boulevard
SEPTEMBER 5, 2024
Understanding how CASBs are developed and how to use them effectively can assist them in safeguarding their cloud-based assets against evolving threats. The post Cloud Access Security Brokers (CASBs): Are They Still Relevant? appeared first on Security Boulevard.
Human-Centered Cyber Security Training: Driving Real Impact on Security Culture
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
The Hacker News
SEPTEMBER 5, 2024
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S.
OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)
Penetration Testing
SEPTEMBER 5, 2024
OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data. This vulnerability,... The post OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082) appeared first on Cybersecurity News.
Pool Your Cybersecurity Resources to Build the Perfect Security Ecosystem
Security Boulevard
SEPTEMBER 5, 2024
Cybersecurity has never been something to set once and leave running in the background — it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organizations struggle to secure their networks against rapidly changing cyberthreats. Ransomware attackers have understood the value of targeting smaller.
Tracelo Data Breach: 1.4 Million Records Exposed
eSecurity Planet
SEPTEMBER 5, 2024
Data is the new gold, and breaches have become an unfortunate reality. A recent incident involving Tracelo, a popular smartphone geolocation tracking service, has exposed the personal information of over 1.4 million users. This breach, orchestrated by a hacker known as “Satanic,” highlights the vulnerability of even seemingly secure online platforms.
IT Leadership Agrees AI is Here, but Now What?
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Cicada ransomware – what you need to know
Graham Cluley
SEPTEMBER 5, 2024
Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog.
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
Penetration Testing
SEPTEMBER 5, 2024
The security researchers have publicly disclosed technical details and proof-of-concept (PoC) exploit code for a CVE-2024-26581 (CVSS 7.8) vulnerability within the Linux kernel. The flaw poses a serious risk, allowing... The post CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise appeared first on Cybersecurity News.
NIST Cybersecurity Framework (CSF) and CTEM – Better Together
The Hacker News
SEPTEMBER 5, 2024
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices.
Beyond Compliance: Building a Culture of Continuous Security Improvement
SecureWorld News
SEPTEMBER 5, 2024
In 2023, the cost of cybercrime globally was projected to reach $8 trillion , with expectations to rise to $10.5 trillion by 2025. This staggering figure underscores the growing threat and the extensive damage cyberattacks can cause, including data breaches, downtime, and compromised sensitive information. On the journey of creating a secure business environment to deal with these emerging threats, compliance should be viewed as just the starting point, not the final destination.
The Importance of User Roles and Permissions in Cybersecurity Software
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
The Hacker News
SEPTEMBER 5, 2024
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.
Choosing the Best Cybersecurity Prioritization Method for Your Organization
Security Boulevard
SEPTEMBER 5, 2024
Threat monitoring and detection, such as Network Detection and Response (NDR), provide a complement to enhance a threat exposure management strategy. The post Choosing the Best Cybersecurity Prioritization Method for Your Organization appeared first on Security Boulevard.
DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
Penetration Testing
SEPTEMBER 5, 2024
Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLPI and WordPress websites to distribute malicious loaders and maintain control over infected... The post DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress appeared first on Cybersecurity News.
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal
Security Affairs
SEPTEMBER 5, 2024
The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted organizations in Southeast Asia, Central Asia, and the Balkans.
IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
Penetration Testing
SEPTEMBER 5, 2024
Progress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and load balancer solution. The vulnerability, which carries a CVSS... The post CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster appeared first on Cybersecurity News.
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
The Hacker News
SEPTEMBER 5, 2024
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.
Moscow Hacker Extradited To US For Cybercrime Involvement
Security Boulevard
SEPTEMBER 5, 2024
As per recent reports, a Moscow hacker has been charged in the US on various accounts of cybercrime. Charges leveled against the hacker include allegedly stealing data, extorting victims, and laundering ransom payments since 2021. In this article, learn more about the threat actor his activities, and cover details about the charges. Deniss Zolotarjovs: The […] The post Moscow Hacker Extradited To US For Cybercrime Involvement appeared first on TuxCare.
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
The Hacker News
SEPTEMBER 5, 2024
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.
Cybersecurity Predictions for 2024
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
New AirPods are arriving next week. Here are the top 4 features I want to see
Zero Day
SEPTEMBER 5, 2024
Industry insiders are confident Apple will announce new AirPods next week during the iPhone 16 launch. Although that's exciting to hear, there are a few things I'd like to see first.
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
The Hacker News
SEPTEMBER 5, 2024
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.
CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
Penetration Testing
SEPTEMBER 5, 2024
A critical vulnerability, CVE-2024-7012, has been discovered in Foreman, a widely used open-source lifecycle management tool. This authentication bypass flaw, with a CVSS score of 9.8 (the highest severity rating),... The post CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access appeared first on Cybersecurity News.
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Security Boulevard
SEPTEMBER 5, 2024
IntroductionIn June 2024, Zscaler ThreatLabz detected fresh activity from BlindEagle, an advanced persistent threat (APT) actor also identified as AguilaCiega, APT-C-36, and APT-Q-98. BlindEagle predominantly focuses on organizations and individuals from the government and finance sector in South America, particularly in Colombia and Ecuador. BlindEagle’s primary method to gain initial access to the targets’ systems is through phishing emails.
Beware of Pixels & Trackers on U.S. Healthcare Websites
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Let's personalize your content