Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers.

Software 343

Software Engineering Internet Internet 343

Krebs on Security

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense , whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

CISO 274

CISO Encryption Telecommunications Financial Services 274

Anton on Security

APRIL 11, 2024

Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t touch on responsible AI and AI ethics because frankly there are many (and I mean … MANY!

Artificial Intelligence 130

Artificial Intelligence Government Risk Technology 130

Tech Republic Security

APRIL 11, 2024

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Password Management 157

Password Management Passwords Information Security 157

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

Firewall 138

Firewall Software Engineering Authentication 138

Bleeping Computer

APRIL 11, 2024

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. [.

Phishing 132

Phishing 132

The Hacker News

APRIL 11, 2024

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel.

Malware 130

Malware Cybersecurity 130

Security Boulevard

APRIL 11, 2024

Russian state-sponsored hackers who broke into Microsoft’s corporate email accounts during the monthslong hack stole email messages between the enterprise software giant and a number of U.S. federal agencies, adding to an ongoing series of revelations about the attack. The Midnight Blizzard group is using information taken from the corporate email systems, such as authentication.

Authentication 128

Authentication Accountability Hacking Software 128

Security Affairs

APRIL 11, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability The flaw CVE-202

DNS 131

DNS Authentication Hacking Cybersecurity 131

Security Boulevard

APRIL 11, 2024

The Google Chronicle cybersecurity platform extensions are based on the Gemini LLM with the addition of cybersecurity data. The post Google Extends Generative AI Reach Deeper into Security appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Graham Cluley

APRIL 11, 2024

Learn more about the DragonForce ransomware - how it came to prominence, and some of the unusual tactics used by the hackers who extort money from companies with it. Read more in my article on the Tripwire State of Security blog.

Ransomware 127

Ransomware Data breaches Malware 127

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products.

Malware 136

Malware DNS Mobile Software 136

Bleeping Computer

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [.

Malware 126

Malware Cybersecurity Government 126

The Last Watchdog

APRIL 11, 2024

San Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024 , NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN) -driven hyper low-latency connections between data centers in the United States and United Kingdom. In the U.K., NTT connected data centers north and east of London via NTT’s Innovative Optical Wireless Network (IOWN) APN, and communication between them was realized with a round-trip delay of less than 1 millisecond.

Wireless 100

Wireless Surveillance IoT Mobile 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

APRIL 11, 2024

Simbian TrustedLLM promises to automate complex cybersecurity tasks by continuously learning about IT environments. The post Simbian Unveils Generative AI Platform to Automate Cybersecurity Tasks appeared first on Security Boulevard.

Cybersecurity 123

Cybersecurity 123

The Last Watchdog

APRIL 11, 2024

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

CSO 100

CSO Marketing Risk CISO 100

Security Boulevard

APRIL 11, 2024

Season 3, Episode 5: Cyber Insurance may not be the sexiest topic, but it’s an important piece of any mature cyber program. We chatted with a lawyer and a VC who share their perspective. The post Cyber Insurance: Sexy? No. Important? Critically yes. appeared first on Security Boulevard.

Cyber Insurance 122

Cyber Insurance Insurance 122

Security Affairs

APRIL 11, 2024

Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others.

Data breaches 134

Data breaches Healthcare Cyber Attacks Software 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

APRIL 11, 2024

Industry experts remain cautiously optimistic about future funding trends, emphasizing investor interest in emerging technologies including blockchain and AI security. The post Cybersecurity Market Faces Funding Downturn in Q1 2024 appeared first on Security Boulevard.

Marketing 121

Marketing Cybersecurity Technology Security Awareness 121

The Hacker News

APRIL 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company.

Risk 124

Risk Cybersecurity 124

Bleeping Computer

APRIL 11, 2024

An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. [.

119

119

The Hacker News

APRIL 11, 2024

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said.

Phishing 123

Phishing 123

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

APRIL 11, 2024

DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [.

VPN 119

VPN Identity Theft Software 119

The Hacker News

APRIL 11, 2024

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI.

Passwords 119

Passwords 119

Security Boulevard

APRIL 11, 2024

Are you prepared for Google's 90-day validity period on TLS certificates? Learn what's to come and how to prepare. The post Are you prepared for Google’s 90-day validity period on TLS certificates? appeared first on Akeyless. The post Are you prepared for Google’s 90-day validity period on TLS certificates? appeared first on Security Boulevard.

116

116

WIRED Threat Level

APRIL 11, 2024

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Identity Theft 127

Identity Theft VPN 127

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

APRIL 11, 2024

A first-of-its-kind study by Women in CyberSecurity (WiCyS) has revealed sobering findings about the lack of inclusion and barriers faced by women in the cybersecurity industry. The 2023 State of Inclusion Benchmark in Cybersecurity report quantifies the dramatically worse workplace experiences of women compared to men across virtually every measured category.

Cybersecurity 115

Cybersecurity Cyber threats Marketing InfoSec 115

Malwarebytes

APRIL 11, 2024

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it’s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus.

Spyware 117

Spyware Government Mobile Password Management 117

Bleeping Computer

APRIL 11, 2024

Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device.

Spyware 124

Spyware Mobile 124

Penetration Testing

APRIL 11, 2024

Security researchers are sounding the alarm about a dangerous new critical vulnerability uncovered within the popular open-source video platform, AVideo. This vulnerability, designated as CVE-2024-31819, lies within the platform’s WWBNIndex plugin and has the... The post CVE-2024-31819: Critical Flaw in Popular Video Platform AVideo Could Allow Full System Takeover appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing 118

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government