Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec

Passwords 295

Passwords IoT Manufacturing Telecommunications 295

Troy Hunt

MAY 2, 2024

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.

Passwords 237

Passwords Data breaches 237

The Last Watchdog

MAY 2, 2024

It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users. Related: LLM risk mitigation strategies Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users. LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb.

Internet 147

Internet Internet Risk Cybersecurity 147

Penetration Testing

MAY 2, 2024

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing VPN 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

MAY 2, 2024

Tel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board.

Marketing 130

Marketing Technology Phishing Risk 130

Duo's Security Blog

MAY 2, 2024

If you’ve been wondering what the plan for Microsoft Custom Controls is, wait no more! We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

Authentication 144

Authentication Phishing Passwords Risk 144

Tech Republic Security

MAY 2, 2024

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT 169

IoT Artificial Intelligence Internet Internet 169

The Hacker News

MAY 2, 2024

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.

140

140

Security Boulevard

MAY 2, 2024

Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product. The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.

Hacking 135

Hacking Social Engineering Data privacy Engineering 135

The Hacker News

MAY 2, 2024

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S.

Accountability 137

Accountability 137

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

MAY 2, 2024

A new report by TrendMicro lifts the veil on the shadowy world of router exploitation. Those unassuming internet gateways, often overlooked in cybersecurity discussions, have become a prime battleground where criminals and nation-state hackers... The post Compromised Routers: Tool of Choice for Crime & Espionage appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Internet Internet Cybersecurity 136

The Hacker News

MAY 2, 2024

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.

134

134

Security Affairs

MAY 2, 2024

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset.

Passwords 129

Passwords Accountability Hacking Risk 129

Security Boulevard

MAY 2, 2024

50,000 security practitioners are about to attend RSA 2024. Here’s what one expert anticipates for this year’s show. The post What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity? appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity CISO 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. This picture comes from an analysis of specific statistics and by reading between the lines in reports from 1Password, Cisco, CrowdStrike, Flashpoint, Google Threat Ana

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

Security Boulevard

MAY 2, 2024

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Today let’s get to know the company Amebit. Company Introduction Aembit was established in 2021 and is headquartered in Washington, USA. The company is dedicated to […] The post RSAC 2024 Innovation Sandbox | Aembit: An IAM Platform for Cloud Workloads appeared first on NSFOCUS, Inc., a global network and cyb

Cyber Attacks 124

Cyber Attacks Cybersecurity 124

The Hacker News

MAY 2, 2024

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.

Accountability 128

Accountability Engineering Phishing Authentication 128

Security Boulevard

MAY 2, 2024

Chris Clements, VP of Solutions Architecture at CISO Global “Hey Alexa, are you stealing my company’s data?” In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to […] The post The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets appeared first on CISO Global.

Surveillance 123

Surveillance IoT CISO Data collection 123

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

MAY 2, 2024

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Hacking 131

Hacking 131

Security Boulevard

MAY 2, 2024

Cryptocurrency for several years has been pointed to as a key enabler of ransomware groups, allowing their ransoms to be paid in Bitcoin or Ethereum or some other virtual tokens that are difficult to trace, can be hidden and laundered through such means as crypo mixers, can move easily across borders, and allow bad actors. The post Elliptic Shows How an AI Model Can Identify Bitcoin Laundering appeared first on Security Boulevard.

Cryptocurrency 122

Cryptocurrency Ransomware Cybersecurity Network Security 122

Bleeping Computer

MAY 2, 2024

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [.

Authentication 118

Authentication Password Management Passwords Software 118

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data. Dropbox Sign is a service that allows users to electronically sign and request signatures on documents.

Hacking 134

Hacking Authentication Passwords Accountability 134

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

MAY 2, 2024

In a dramatic shift, the 2024 version of the Verizo n Business Data Breach Investigations Report (DBIR) sounds the alarm about the growing link between data breaches and the vulnerability of the software supply chain – and calls on enterprises to hold their software suppliers to a higher standard for software security. The post Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic appeared first on Security Boulevard.

Data breaches 115

Data breaches Software Risk 115

Malwarebytes

MAY 2, 2024

On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely sensitive and confidential information about some of the most vulnerable people.

Hacking 111

Hacking Government Risk Cybersecurity 111

We Live Security

MAY 2, 2024

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Scams 108

Scams 108

The Hacker News

MAY 2, 2024

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.

114

114

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Affairs

MAY 2, 2024

A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities. The Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.

Ransomware 127

Ransomware Cryptocurrency Cybercrime Encryption 127

The Hacker News

MAY 2, 2024

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims.

Ransomware 113

Ransomware 113

Security Affairs

MAY 2, 2024

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. The four vulnerabilities are unauthenticated buffer overflow issues that could be exploited to remotely execute arbitrary code.

Mobile 132

Mobile Software Authentication Hacking 132

The Hacker News

MAY 2, 2024

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space.

Antivirus 110

Antivirus Engineering Malware Software 110

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government