Schneier on Security
JANUARY 5, 2024
We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.
eSecurity Planet
JANUARY 5, 2024
Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. In practice, security tools provide many encryption options that confuse uneducated users — including broken encryption options.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JANUARY 5, 2024
Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution that could lead to remote code execution (RCE) on vulnerable servers Ivanti has released security updates to address a critical vulnerability, tracked as CVE-2023-39336 (CVSS score 9.6), impacting its Endpoint Manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution (RCE) on vulnerable servers. “If exploited, an attacker with access to the internal network can leverage an
Security Boulevard
JANUARY 5, 2024
Insight #1 In light of 23andMe blaming victims for their data getting breached, I have two things to ask: Users, please stop reusing passwords. Providers, please start requiring multifactor authentication (MFA). The post Cybersecurity Insights with Contrast CISO David Lindner | 1/5/24 appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 5, 2024
The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, an India-based software developer, has over half a million downloads on the Google Play store and mainly serves the Indian market.
Security Boulevard
JANUARY 5, 2024
DevSecOps , a fusion of development, security , and operations, marks a paradigm shift in software development, seamlessly integrating security throughout the software development life cycle (SDLC). The post DevSecOps tools: A beginner’s guide appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 5, 2024
2023 ForgeRock Breach Report underscores the need for AI-powered identity We are excited to announce the release of our fifth annual ForgeRock Identity Breach Report. Our goal each year is to discover what's trending — how enterprises are being breached, how many records are being exposed, and how attackers are getting past security controls that cost companies roughly $88 billion a year. 1 As in previous years' reports, we have published our key findings, including the industries most vulnerabl
Bleeping Computer
JANUARY 5, 2024
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [.
Penetration Testing
JANUARY 5, 2024
GTFONow Automatic privilege escalation on Unix systems by exploiting misconfigured setuid/setgid binaries, capabilities, and sudo permissions. Designed for CTFs but also applicable in real-world pentests. Features Automatically exploit misconfigured sudo permissions. Automatically exploit misconfigured... The post GTFONow: Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries appeared first on Penetration Testing.
Security Boulevard
JANUARY 5, 2024
vi via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé ! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – ## 273 — Ensemble Programming appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
JANUARY 5, 2024
The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. [.
SecureWorld News
JANUARY 5, 2024
Ransomware continues to pose an alarming threat to critical infrastructure, with the healthcare sector being particularly vulnerable to its devastating effects. This malicious software has the power to disrupt medical facilities and compromise patient care, making it a pressing issue that demands immediate attention. A recent report from Emsisoft sheds light on the impact of these attacks, highlighting that ransomware incidents are not just a financial burden but pose a tangible risk to human li
Security Boulevard
JANUARY 5, 2024
$22 Million Wake-up Call to Improve SecurityA former Jacksonville Jaguars staff member is facing the possibility of a 30-year prison sentence after admitting guilt to financial crimes, including embezzling over $22 million from the NFL team.Amit Patel entered a guilty plea for felony charges of wire fraud and illegal monetary […] The post $22 Million Wake-up Call to Improve Security appeared first on SafePaaS.
Security Affairs
JANUARY 5, 2024
Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters. “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” said Illia Vitiuk, head
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
JANUARY 5, 2024
Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.
Graham Cluley
JANUARY 5, 2024
Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project.
Penetration Testing
JANUARY 5, 2024
In the intricate world of Android application development, tools like Apktool have been indispensable for developers and reverse engineers. Apktool, known for its ability to reverse engineer third-party, closed binary Android apps, has hit... The post CVE-2024-21633: The Critical Flaw in Apktool and How to Mitigate It appeared first on Penetration Testing.
The Hacker News
JANUARY 5, 2024
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JANUARY 5, 2024
The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. [.
The Hacker News
JANUARY 5, 2024
The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted.
Bleeping Computer
JANUARY 5, 2024
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users. [.
Heimadal Security
JANUARY 5, 2024
The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers. It exploits vulnerabilities during the handshake process, especially when using certain encryption modes, compromising the […] The post Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat app
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Bleeping Computer
JANUARY 5, 2024
The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. [.
The Hacker News
JANUARY 5, 2024
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic.
Bleeping Computer
JANUARY 5, 2024
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. [.
Penetration Testing
JANUARY 5, 2024
Among the myriad of threats, GuLoader and RedLine Stealer stand out for their sophisticated anti-analysis techniques. Unit 42 Incident Response team from Palo Alto Networks reveals the intriguing world of these malware families, unveiling... The post Unit 42’s Insight: The Sophisticated Evasion Tactics of GuLoader and RedLine Stealer appeared first on Penetration Testing.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Heimadal Security
JANUARY 5, 2024
I got to talk to Dragoș Roșioru, a seasoned MXDR expert, about incident response best practices and challenges. Get an in-depth understanding of the do’s and don’ts in incident response as Dragoș explains how to avoid the most common mistakes Security Officers make. While you’re at it, take a glimpse at Dragoș’s personal incident response best […] The post A Heimdal MXDR Expert on Incident Response Best Practices and Myth Busting appeared first on Heimdal Security
Bleeping Computer
JANUARY 5, 2024
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. [.
The Hacker News
JANUARY 5, 2024
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative.
Security Boulevard
JANUARY 5, 2024
Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges. The post SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks) appeared first on Security Boulevard.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
274 
Let's personalize your content