Schneier on Security
DECEMBER 16, 2024
Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.
The Last Watchdog
DECEMBER 16, 2024
Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 16, 2024
Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi.
Javvad Malik
DECEMBER 16, 2024
The days are shorter, the heating is turned on more frequently, and the final big conference week of the year for me ends with Blackhat Europe and BSides London. Blackhat was held at the ExCeL and featured all the usual suspects. I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
DECEMBER 16, 2024
Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.
WIRED Threat Level
DECEMBER 16, 2024
Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
DECEMBER 16, 2024
Security Boulevard
DECEMBER 16, 2024
IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePros communication protocol, we named this new malware family RiseLoader.
The Hacker News
DECEMBER 16, 2024
Security Boulevard
DECEMBER 16, 2024
Hackers likely stole personal information such names, addresses, and SSNs in a ransomware attack on Rhode Island's human services systems and are threatening to release the data as state and federal officials and Deloitte scrambling to mitigate the data breach. The post Rhode Island Benefits and Services Systems Hit by Ransomware appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Zero Day
DECEMBER 16, 2024
Security Boulevard
DECEMBER 16, 2024
An effective way to improve AD security is to implement both strong password policies and robust permissions management and monitoring. The post Enhancing Active Directory Protection Through Strong Password and Access Management appeared first on Security Boulevard.
Security Affairs
DECEMBER 16, 2024
ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.
The Hacker News
DECEMBER 16, 2024
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
DECEMBER 16, 2024
Hacker's King
DECEMBER 16, 2024
In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. These attacks are becoming more sophisticated, targeted, and damaging, threatening data privacy, financial stability, and national security. Understanding the recent trends, tactics, and effective countermeasures is crucial for anyone concerned about cybersecurity.
Zero Day
DECEMBER 16, 2024
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
DECEMBER 16, 2024
Zero Day
DECEMBER 16, 2024
Security Boulevard
DECEMBER 16, 2024
There are concerns around the future adaptability and efficacy of regulatory frameworks, particularly among the developer community. The post Why We Should Insist on Future-Proofing Cybersecurity Regulatory Frameworks appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing
DECEMBER 16, 2024
Threat actors have begun exploiting a critical vulnerability in the Apache Struts framework, CVE-2024-53677, just days after a proof-of-concept (PoC) exploit was published online. Rated 9.5 on the CVSSv4 severity... The post Hackers exploit critical Apache Struts RCE flaw (CVE-2024-53677) after PoC exploit release appeared first on Cybersecurity News.
Penetration Testing
DECEMBER 16, 2024
Unit 42 has uncovered HeartCrypt, a Packer-as-a-Service (PaaS) designed to protect malware from detection. Since its launch in February 2024, HeartCrypt has rapidly become a popular choice among cybercriminals, packing... The post HeartCrypt: A Packer-as-a-Service Fueling Malware Campaigns appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
NetSpi Executives
DECEMBER 16, 2024
By 2026, Gartner predicts that “80% of all enterprises will have used or deployed generative AI applications.” However, many of these organizations have yet to find a way to balance usability and security in their deployments. As a result, consumer-facing LLM capabilities introduce a new and less understood set of risks for organizations.
Zero Day
DECEMBER 16, 2024
Penetration Testing
DECEMBER 16, 2024
A new Federal Trade Commission (FTC) report reveals a dramatic rise in online job scams targeting consumers with promises of easy earnings for completing simple tasks. These “task scams” have... The post Easy Money Online? FTC Warns of Exploding “Task Scam” Threat appeared first on Cybersecurity News.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
223 
Let's personalize your content