Schneier on Security
AUGUST 20, 2024
This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.
The Last Watchdog
AUGUST 20, 2024
The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 20, 2024
Perforce reveals that companies are struggling with increased sensitive data in non-production environments, leading to higher breach risks and compliance challenges.
The Last Watchdog
AUGUST 20, 2024
Cary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security , a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can lead to a financial crisis and laying o
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
AUGUST 20, 2024
ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.
Penetration Testing
AUGUST 20, 2024
A critical security vulnerability, identified as CVE-2024-7272, has been uncovered in FFmpeg, the world’s leading multimedia framework renowned for its ability to decode, encode, and stream nearly any format imaginable.... The post CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published appeared first on Cybersecurity News.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
AUGUST 20, 2024
Morphisec researchers have detailed a critical vulnerability in Microsoft Outlook, identified as CVE-2024-38021, which has the potential to allow remote attackers to execute arbitrary code on vulnerable systems. This flaw,... The post Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021) appeared first on Cybersecurity News.
eSecurity Planet
AUGUST 20, 2024
A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals.
Security Affairs
AUGUST 20, 2024
Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential issue in Oracle NetSuite SuiteCommerce platform could allow attackers to access customer sensitive data. NetSuite is a widely used SaaS Enterprise Resource Planning (ERP) platform, valued for its capability to deploy external-facing online stores through SuiteCommerce or SiteBuilder.
Penetration Testing Lab
AUGUST 20, 2024
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
AUGUST 20, 2024
Atlassian, a global leader in software development tools, has issued a security advisory for its Bamboo Data Center and Server products, highlighting a high-severity Remote Code Execution (RCE) vulnerability identified... The post CVE-2024-21689: RCE Vulnerability in Atlassian Bamboo Data Center and Server appeared first on Cybersecurity News.
Malwarebytes
AUGUST 20, 2024
Last month, a strange thing happened in cybersecurity: a type of cyberthreat typically reserved for large businesses and critical services appeared on the computers of everyday people. Starting on July 20, hundreds of individuals across the globe began reporting problems with ransomware. Ransomware is an existential threat to businesses everywhere, but for years, it has been understood as primarily that—a business threat.
Security Boulevard
AUGUST 20, 2024
Perforce Software today published a survey of 250 IT professionals that finds the amount of sensitive data residing in non-production environments is rising as organizations embrace artificial intelligence (AI) and digital business transformation. The post Survey Surfaces Widespread Mishandling of Sensitive Data appeared first on Security Boulevard.
The Hacker News
AUGUST 20, 2024
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
AUGUST 20, 2024
Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan. Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” reads the r
The Hacker News
AUGUST 20, 2024
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
Security Boulevard
AUGUST 20, 2024
McAfee today added a tool to detect deep fakes to its portfolio that will initially be made available on PCs from Lenovo that are optimized to run artificial intelligence (AI) applications. The post McAfee Unveils Tool to Identify Potential Deep Fakes appeared first on Security Boulevard.
Security Affairs
AUGUST 20, 2024
Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported. The threat actor ZeroSevenGroup claims to have breached a U.S. branch of Toyota, stealing 240GB of files containing information on Toyota employees, customers, contracts, and financial details.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
AUGUST 20, 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown.
Penetration Testing
AUGUST 20, 2024
GitHub, the world’s leading software development platform, has recently disclosed multiple security vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.... The post CVE-2024-6800 (CVSS 9.5): Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk appeared first on Cybersecurity News.
The Hacker News
AUGUST 20, 2024
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial.
GlobalSign
AUGUST 20, 2024
Kubernetes continues to be a staple of production pipelines in organizations, and security is a pressing concern. Learn how to use PKI to secure your pod-to-pod communications.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
AUGUST 20, 2024
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster.
Malwarebytes
AUGUST 20, 2024
Texas Attorney General Ken Paxton has sued General Motors (GM) for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General (AG) announced he had opened an investigation into several car manufacturers over allegations that the companies had improperly collected mass amounts of data about drivers directly from the vehicles and then sold the information to third parties.
The Hacker News
AUGUST 20, 2024
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho.
eSecurity Planet
AUGUST 20, 2024
This past week was Patch Tuesday: Microsoft released CVEs for 90 new vulnerabilities. But that wasn’t the vendor’s only contribution to our list — Entra ID, Microsoft’s cloud directory product, also had a recent snag. Additionally, I looked at Linux, SolarWinds, and Android vulnerabilities. Ivanti continues to have issues, this time with its Virtual Traffic Manager product.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
AUGUST 20, 2024
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.
Penetration Testing
AUGUST 20, 2024
A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1. Spring... The post CVE-2024-38810: Spring Security Flaw Leaves Applications Open to Unauthorized Access appeared first on Cybersecurity News.
WIRED Threat Level
AUGUST 20, 2024
Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.
Penetration Testing
AUGUST 20, 2024
The authorities in Amsterdam have imposed a ban on the use of the Telegram messenger on the work phones of municipal employees. This was reported by the Dutch radio station... The post Telegram Banned in Amsterdam: Cybercrime Concerns Trigger Action appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Expert insights. Personalized for you.
291 
Let's personalize your content