Schneier on Security

SEPTEMBER 9, 2024

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

Encryption 275

Encryption Computers and Electronics Government Security Intelligence 275

Penetration Testing

SEPTEMBER 9, 2024

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

SEPTEMBER 9, 2024

Compare Surfshark and NordVPN to determine which one is better. Explore their features, performance and pricing to make an informed decision.

VPN 147

VPN 147

Lohrman on Security

SEPTEMBER 9, 2024

A new report from IANS Research and Artico Search suggests that cybersecurity budgets are growing at a much slower pace than they were previously. Here are the details.

Cybersecurity 117

Cybersecurity 117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

SEPTEMBER 9, 2024

iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.

Password Management 134

Password Management Passwords 134

The Hacker News

SEPTEMBER 9, 2024

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.

Government 133

Government Software 133

The Hacker News

SEPTEMBER 9, 2024

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr.

Engineering 131

Engineering Software 131

Tech Republic Security

SEPTEMBER 9, 2024

From phishing scams to ransomware attacks, discover what these threats look like and how you can protect yourself and your business.

Scams 135

Scams Cybersecurity Phishing Ransomware 135

Security Boulevard

SEPTEMBER 9, 2024

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

Architecture 119

Architecture Security Awareness Cybersecurity 119

Penetration Testing

SEPTEMBER 9, 2024

Zyxel has released critical hotfixes for two of its NAS products, NAS326 and NAS542, which have already reached their end-of-vulnerability-support lifecycle. These devices are susceptible to a command injection vulnerability... The post CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products appeared first on Cybersecurity News.

Cybersecurity 117

Cybersecurity 117

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

SEPTEMBER 9, 2024

The rise in sophisticated phishing threats like polymorphic attacks, social engineering tactics, and the use of compromised accounts have undoubtedly highlighted the significant gaps in perimeter technology, leading to a notable increase in bypassed attacks. The post Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection appeared first on Security Boulevard.

Phishing 119

Phishing Social Engineering Engineering Accountability 119

The Hacker News

SEPTEMBER 9, 2024

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.

Malware 115

Malware Mobile 115

Security Affairs

SEPTEMBER 9, 2024

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND.

Manufacturing 111

Manufacturing Malware Antivirus Software 111

Hackology

SEPTEMBER 9, 2024

I stumbled on PTM7950 listing on AliExpress and thought to try it out. My Laptops and PC were working fine in my opinion until I checked out that I had the following Temps : Relevant PC Specs : CPU – AMD Ryzen 9 3900X 12-Core Processor [ CPU Max : 83 ] GPU – AMD Radeon RX 5700 XT [ GPU Max : 89 / Hot Spot 100 ] Laptop Specs [Asus M16]: CPU – 11th Gen Intel Core i9-11900H [ CPU Max : 100 ] GPU – NVIDIA GeForce RTX 3060 Laptop GPU [ GPU Max : 75 / Hotspot 80 ] Decision to U

Internet 111

Internet Internet 111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

SEPTEMBER 9, 2024

Zero-trust architecture is increasingly seen as a solution to the challenges posed by AI and ML. Initial training must focus on standardizing basic technologies. The post The Weaponization of AI and ML is Complicating the Digital Battlefield appeared first on Security Boulevard.

Architecture 111

Architecture Technology Cybersecurity 111

WIRED Threat Level

SEPTEMBER 9, 2024

xAI's generative AI tool, Grok AI, is unhinged compared to its competitors. It's also scooping up a ton of data people post on X. Here's how to keep your posts out of Grok—and why you should.

Artificial Intelligence 106

Artificial Intelligence 106

Identity IQ

SEPTEMBER 9, 2024

Create a Disaster Preparedness Plan to Keep Your Identity Safe IdentityIQ Natural disasters like hurricanes, wildfires, and tornadoes bring chaos and upheaval. In the midst of extreme weather emergencies , evacuations, power outages, and destroyed homes, preventing information theft may not be at the top of your mind. However, these disasters can make you more vulnerable to identity theft, as critical documents and devices may be lost , stolen, or damaged, and the urgency of the situation often

Identity Theft 105

Identity Theft Scams Insurance VPN 105

Penetration Testing

SEPTEMBER 9, 2024

Security researchers published the technical details and a proof-of-concept exploit (PoC) code for a zero-day vulnerability in Windows, tracked as CVE-2024-30051, which could allow attackers to escalate their privileges to... The post CVE-2024-30051: Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published appeared first on Cybersecurity News.

Malware 110

Malware Cybersecurity 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 9, 2024

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.

Insurance 101

Insurance Phishing 101

Zero Day

SEPTEMBER 9, 2024

Actionable health insights were an overarching theme across Apple's new line of products, including the ability for the AirPods Pro 2 to act as an over-the-counter hearing aid.

98

98

The Hacker News

SEPTEMBER 9, 2024

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected.

Antivirus 99

Antivirus Threat Detection Firewall Software 99

Zero Day

SEPTEMBER 9, 2024

The newest iPhone model features a larger and stronger display than last year's, a more powerful and efficient processor, and a camera control button. Is it worth upgrading?

98

98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

SEPTEMBER 9, 2024

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection.

Software 98

Software 98

eSecurity Planet

SEPTEMBER 9, 2024

Last week’s vulnerability news highlighted major security problems that affect a wide range of technologies. These vulnerabilities represent significant dangers for end users and organizations — from the remote code execution vulnerabilities in Veeam Backup & Replication and Apache OFBiz to the severe access control issues in SonicWall and Google Android.

Firmware 109

Firmware Backups Firewall Risk 109

Zero Day

SEPTEMBER 9, 2024

Apple's new iPhone 16 Pro has some notable improvements, but are they enough to warrant upgrading from the iPhone 14 Pro just two years later? Here's how to decide.

98

98

The Hacker News

SEPTEMBER 9, 2024

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!

Risk 94

Risk 94

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Zero Day

SEPTEMBER 9, 2024

Apple unveiled the new iPhone 16 with standout camera improvements and larger displays, but which one is right for you? We'll break down how each model compares.

98

98

SecureList

SEPTEMBER 9, 2024

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent’s decrypted strings Our solutions detect this threat as Backdoor.Win64.MLoki to differentiate it from other malware families with the same name, such as Loki Bot , Loki Locker, and others.

Encryption 87

Encryption Malware Architecture Healthcare 87

Zero Day

SEPTEMBER 9, 2024

By offering the Camera Control button, Action button, and even the A18 chipset, the gap between the iPhone 16 and iPhone 16 Pro is now smaller than ever.

98

98

Malwarebytes

SEPTEMBER 9, 2024

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions, such as drug trafficking and fraud. Durov is the CEO and founder of the messaging and communications app Telegram.

Encryption 83

Encryption Government Media Accountability 83

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare