Schneier on Security
AUGUST 20, 2024
This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.
The Last Watchdog
AUGUST 20, 2024
The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 20, 2024
Perforce reveals that companies are struggling with increased sensitive data in non-production environments, leading to higher breach risks and compliance challenges.
The Last Watchdog
AUGUST 20, 2024
Cary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security , a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can lead to a financial crisis and laying o
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
AUGUST 20, 2024
ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.
Penetration Testing
AUGUST 20, 2024
A critical security vulnerability, identified as CVE-2024-7272, has been uncovered in FFmpeg, the world’s leading multimedia framework renowned for its ability to decode, encode, and stream nearly any format imaginable.... The post CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published appeared first on Cybersecurity News.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
AUGUST 20, 2024
A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals.
Penetration Testing
AUGUST 20, 2024
Morphisec researchers have detailed a critical vulnerability in Microsoft Outlook, identified as CVE-2024-38021, which has the potential to allow remote attackers to execute arbitrary code on vulnerable systems. This flaw,... The post Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021) appeared first on Cybersecurity News.
Security Boulevard
AUGUST 20, 2024
Perforce Software today published a survey of 250 IT professionals that finds the amount of sensitive data residing in non-production environments is rising as organizations embrace artificial intelligence (AI) and digital business transformation. The post Survey Surfaces Widespread Mishandling of Sensitive Data appeared first on Security Boulevard.
Security Affairs
AUGUST 20, 2024
Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. Stolen funds inflows almost doubled, rising from $857 million to $1.58 billion, and ransomware inflows grew by about 2%, from $449.1 million to $459.8 million.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
AUGUST 20, 2024
McAfee today added a tool to detect deep fakes to its portfolio that will initially be made available on PCs from Lenovo that are optimized to run artificial intelligence (AI) applications. The post McAfee Unveils Tool to Identify Potential Deep Fakes appeared first on Security Boulevard.
Penetration Testing Lab
AUGUST 20, 2024
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials
Penetration Testing
AUGUST 20, 2024
Atlassian, a global leader in software development tools, has issued a security advisory for its Bamboo Data Center and Server products, highlighting a high-severity Remote Code Execution (RCE) vulnerability identified... The post CVE-2024-21689: RCE Vulnerability in Atlassian Bamboo Data Center and Server appeared first on Cybersecurity News.
SecureWorld News
AUGUST 20, 2024
Cyberattacks on railway systems have increased by more than 200 percent in the last five years, with incidents increasing worldwide over the last decade. "We've seen a 220% increase in railway-associated cyberattacks over the last five years," said Col. Cedric Leighton , CNN Military Analyst; USAF (Ret.); Chairman, Cedric Leighton Associates, LLC. "In fact, over a 10-year period, we've seen cyber incidents impacting railway systems in countries as diverse as Belgium, France, Poland, the Czech Re
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
AUGUST 20, 2024
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024.
Malwarebytes
AUGUST 20, 2024
Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people. Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomware is an existential threat to businesses everywhere, but for years, it has been understood as primarily that—a business threat.
The Hacker News
AUGUST 20, 2024
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
Security Affairs
AUGUST 20, 2024
Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential issue in Oracle NetSuite SuiteCommerce platform could allow attackers to access customer sensitive data. NetSuite is a widely used SaaS Enterprise Resource Planning (ERP) platform, valued for its capability to deploy external-facing online stores through SuiteCommerce or SiteBuilder.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
eSecurity Planet
AUGUST 20, 2024
This past week was Patch Tuesday: Microsoft released CVEs for 90 new vulnerabilities. But that wasn’t the vendor’s only contribution to our list — Entra ID, Microsoft’s cloud directory product, also had a recent snag. Additionally, I looked at Linux, SolarWinds, and Android vulnerabilities. Ivanti continues to have issues, this time with its Virtual Traffic Manager product.
The Hacker News
AUGUST 20, 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown.
Security Affairs
AUGUST 20, 2024
Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan. Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” reads the r
Penetration Testing
AUGUST 20, 2024
GitHub, the world’s leading software development platform, has recently disclosed multiple security vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.... The post CVE-2024-6800 (CVSS 9.5): Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
GlobalSign
AUGUST 20, 2024
Kubernetes continues to be a staple of production pipelines in organizations, and security is a pressing concern. Learn how to use PKI to secure your pod-to-pod communications.
The Hacker News
AUGUST 20, 2024
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial.
Security Affairs
AUGUST 20, 2024
Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported. The threat actor ZeroSevenGroup claims to have breached a U.S. branch of Toyota, stealing 240GB of files containing information on Toyota employees, customers, contracts, and financial details.
The Hacker News
AUGUST 20, 2024
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
WIRED Threat Level
AUGUST 20, 2024
Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.
The Hacker News
AUGUST 20, 2024
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho.
Malwarebytes
AUGUST 20, 2024
Texas Attorney General Ken Paxton has sued General Motors (GM) for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General (AG) announced he had opened an investigation into several car manufacturers over allegations that the companies had improperly collected mass amounts of data about drivers directly from the vehicles and then sold the information to third parties.
The Hacker News
AUGUST 20, 2024
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
254 
Let's personalize your content