Schneier on Security
JUNE 5, 2024
Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was spying on its AI users, looking for harmful hackers at work.
The Last Watchdog
JUNE 5, 2024
Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 5, 2024
Find out how the cyberespionage threat actor LilacSquid operates, and then learn how to protect your business from this security risk.
Trend Micro
JUNE 5, 2024
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
JUNE 5, 2024
Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.
Security Affairs
JUNE 5, 2024
Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings. In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine. “In early May 2024, Ci
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
JUNE 5, 2024
A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.
Elie
JUNE 5, 2024
This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.
The Hacker News
JUNE 5, 2024
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library named crytic-compile.
Bleeping Computer
JUNE 5, 2024
The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
JUNE 5, 2024
An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace.
Bleeping Computer
JUNE 5, 2024
Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. [.
The Hacker News
JUNE 5, 2024
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain.
Security Boulevard
JUNE 5, 2024
RansomHub, which has become among the most prolific ransomware groups over the past few months, likely got its start with the source code from the Knight malware and a boost from a one-time BlackCat affiliate. The post RansomHub Rides High on Knight Ransomware Source Code appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JUNE 5, 2024
A vulnerability in the popular video-sharing platform TikTok allowed threat actors to take over the accounts of celebrities. Threat actors exploited a zero-day vulnerability in the video-sharing platform TikTok to hijack high-profile accounts. The vulnerability resides in the direct messages feature implemented by the platform, reported Forbes. The malware spreads through direct messages within the app and only requires the user to open a message.
The Hacker News
JUNE 5, 2024
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Malwarebytes
JUNE 5, 2024
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open anything—known as a zero-click attack.
Security Affairs
JUNE 5, 2024
Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life. An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
JUNE 5, 2024
Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate.
Security Boulevard
JUNE 5, 2024
In an era marked by escalating cybersecurity threats, companies within the Defense Industrial Base (DIB) find themselves at a critical juncture. With approximately 80,000 entities poised for substantial IT system enhancements to adhere to DFARS 7012 and CMMC standards, the emphasis largely remains on compliance. This perspective, however, often overshadows the fundamental purpose of these […] The post The Imperative of Strong Cybersecurity for DIB Companies: Beyond Compliance to Genuine Protecti
SecureWorld News
JUNE 5, 2024
As the 2024 Paris Summer Olympics approach, a sophisticated Russian disinformation campaign is kicking into high gear in an attempt to sow confusion, undermine the Games, and dissuade spectators from attending. This is according to a new report from the Microsoft Threat Analysis Center (MTAC) that outlines extensive malign influence efforts emanating from Russia-aligned actors.
Security Boulevard
JUNE 5, 2024
A rising volume of risks, shortage of qualified cybersecurity professionals and time management with vendors are among the challenges MSPs face. The post MSPs Look to Streamline Cybersecurity Partnerships, Skills Shortage Persists appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
SecureWorld News
JUNE 5, 2024
The U.S. Department of Health and Human Services (HHS) has stepped in to ensure patients are made aware if their sensitive data was compromised during February's massive cyberattack on health IT firm Change Healthcare. In a ruling issued on May 31, 2024, HHS stated that hospitals and health systems impacted by the Change Healthcare data breach must now require the insurance giant UnitedHealth Group to directly notify affected individuals about potential exposure of their personal and medical inf
Malwarebytes
JUNE 5, 2024
Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here’s what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now delivers a consistent user experience across all our desktop and mobile platforms.
Bleeping Computer
JUNE 5, 2024
Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. [.
Penetration Testing
JUNE 5, 2024
A critical security flaw has been uncovered in the popular WordPress plugin, Email Subscribers by Icegram Express. This vulnerability, designated as CVE-2024-4295, carries a severity rating of 9.8 (CVSS), making it a prime target... The post CVE-2024-4295: Critical Vulnerability in Popular WordPress Plugin Exposes 90K+ Sites appeared first on Cybersecurity News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
JUNE 5, 2024
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. [.
GlobalSign
JUNE 5, 2024
In this article we explain the concept behind S/MIME, how it works, and how you can start using it.
Bleeping Computer
JUNE 5, 2024
Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. [.
WIRED Threat Level
JUNE 5, 2024
Wyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s exposure.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
348 
Let's personalize your content