Schneier on Security
SEPTEMBER 2, 2024
Interesting vulnerability : …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline.
Krebs on Security
SEPTEMBER 2, 2024
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
SEPTEMBER 2, 2024
A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. With a CVSS score of 8.2, this flaw exposes critical UEFI security mechanisms to compromise, making systems vulnerable... The post CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk appeared first on Cybersecurity News.
Tech Republic Security
SEPTEMBER 2, 2024
Australian banks and government are not rushing to adopt passkey authentication methods, despite the added security benefits. Learn why they lag in embracing this crucial technology.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 2, 2024
A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The group appears to be very active and already listed 23 victims on its extortion portal since mid-June. The following image shows the list of victims published by the gang on its Dark Web leak site.
The Hacker News
SEPTEMBER 2, 2024
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
SEPTEMBER 2, 2024
This month has been a challenging month for organizations worldwide as several high-profile data breaches occur and become headlines. These incidents have not only exposed sensitive information but also highlighted. The post Data Breaches for the Month August 2024 appeared first on Strobes Security. The post Data Breaches for the Month August 2024 appeared first on Security Boulevard.
Graham Cluley
SEPTEMBER 2, 2024
A former IT engineer is facing federal charges in the United States after his former employer found it had been locked out of its computer systems and received a demand for $750,000. Read more in my article on the Hot for Security blog.
The Hacker News
SEPTEMBER 2, 2024
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
Tech Republic Security
SEPTEMBER 2, 2024
While the cybersecurity team plays a critical role in the fight against data breaches, a company’s employees are often the first line of defense (or failure). The numbers back this up: IBM’s 2024 data breach report shows cybersecurity employee training is the second most cost-effective mitigation strategy, reducing the cost of the average data breach.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
SEPTEMBER 2, 2024
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
Penetration Testing
SEPTEMBER 2, 2024
The cybersecurity landscape is facing a growing threat from the illicit trade of Extended Validation (EV) code signing certificates, as revealed in a recent report by Intrinsec. These certificates, designed... The post The Escalating Threat of the EV Code Signing Certificate Black Market appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 2, 2024
The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods.
Penetration Testing
SEPTEMBER 2, 2024
Four severe security flaws have been found in the D-Link DIR-846W router, leaving users potentially exposed to remote attacks even after the device has reached its end-of-life. Security researchers have... The post D-Link Won’t Fix 4 RCE Vulnerabilities in DIR-846W Router appeared first on Cybersecurity News.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
SEPTEMBER 2, 2024
The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management.
Penetration Testing
SEPTEMBER 2, 2024
A critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS 9.8), in Ivanti’s Virtual Traffic Manager (vTM), is now significantly easier to exploit thanks to the release of public proof-of-concept (PoC)... The post CVE-2024-7593 (CVSS 9.8): Critical Ivanti vTM Flaw Now Weaponized, PoC Exploit Available appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 2, 2024
WordPress is the most widely used content management system globally, with over 478 million of all websites are built on its platform, according to its developers. However, this widespread popularity also makes WordPress a prime target for malicious actors. Because of this, cybersecurity researchers closely examine WordPress and frequently identify and report various security issues within […] The post WordPress Sites at Risk from WPML Flaw appeared first on Kratikal Blogs.
Malwarebytes
SEPTEMBER 2, 2024
Last week on Malwarebytes Labs: Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign Fake Canva home page leads to browser lock Telegram CEO Pavel Durov charged with allowing criminal activity CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets SMS scammers use toll fees as a lure TDECU data breach affects half a million people PSA: These ‘Microsoft Support’ ploys may just fool you Move over malware: Why one teen is more worried about AI (re-air) (Lo
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
SEPTEMBER 2, 2024
Navigating the world of SOC 2 compliance can seem daunting for startups. This article breaks down the complexities, explaining what SOC 2 is, why it's important, and how your startup can achieve and maintain compliance without breaking the bank or slowing down growth. The post Demystifying SOC 2 Compliance for Startups: A Simple Guide appeared first on Security Boulevard.
Thales Cloud Protection & Licensing
SEPTEMBER 2, 2024
Breaking Free from Passwords: Passkeys and the Future of Digital Services josh.pearson@t… Mon, 09/02/2024 - 15:14 As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts agree that they will become the standard authentication method used worldwide. Access Control Identity & Access Management Ammar Faheem | Product Marketing Manager More About This Author > This page examines passkeys , a new authentication method set to replace traditiona
Security Boulevard
SEPTEMBER 2, 2024
Several vulnerabilities in the Linux kernel have been identified, also affecting Amazon Web Services (AWS) systems. Canonical has released important security patches addressing these vulnerabilities. These flaws primarily involve race conditions and memory management errors, which can be exploited to cause system crashes or unauthorized actions. Here’s a detailed look at some of these vulnerabilities […] The post Ubuntu Fixes Several Linux Kernel AWS Vulnerabilities appeared first on TuxCare.
Penetration Testing
SEPTEMBER 2, 2024
Zyxel, a prominent networking equipment manufacturer, has issued a security advisory urging users to promptly update their firmware to address a critical vulnerability affecting a range of their access points... The post CVE-2024-7261 (CVSS 9.8): Zyxel Patches Critical Vulnerability in Wi-Fi Devices appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
SEPTEMBER 2, 2024
We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike BOFs and unmanaged PE files directly in memory without writing any files to disk. Goffloader aims to take functionality that is conventionally within […] The post Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader appeared first on Praetorian.
Penetration Testing
SEPTEMBER 2, 2024
In a recent investigation, the Unit 42 Managed Threat Hunting (MTH) team uncovered a sophisticated cyber campaign leveraging a unique variant of the WikiLoader malware. The attackers behind this operation... The post WikiLoader Malware Evolves with SEO Poisoning, Targets GlobalProtect Users appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 2, 2024
Labor Day 2024 - Three Day Weekend Edition! Permalink The post Happy United States Labor Day 2024 / Feliz Fin de Semana del DÃa del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024 appeared first on Security Boulevard.
eSecurity Planet
SEPTEMBER 2, 2024
Several major companies identified and addressed significant security and vulnerability problems in last week’s vulnerability news. SonicWall dealt with a serious access control vulnerability that affected its firewall systems. Traccar fixed severe path traversal flaws in its GPS tracking software. Versa Networks responded to an unrestricted file upload flaw, and Apache resolved an incorrect authorization vulnerability in OFBiz ERP.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
SEPTEMBER 2, 2024
Reading Time: 5 min Secure your domain with our expert DMARC provider and management services. Enjoy seamless DMARC management, continuous monitoring, and tailored solutions. The post The Role of Digital Adoption in Email Deliverability & Security appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 2, 2024
A new wave of highly targeted cyberattacks is sweeping across the US, and it’s not your average phishing scam. The GuidePoint Research and Intelligence Team (GRIT) has uncovered a sophisticated... The post An Ongoing Social Engineering Campaign Targets 130+ US Organizations appeared first on Cybersecurity News.
Security Boulevard
SEPTEMBER 2, 2024
Sophisticated attackers will stop at nothing to steal sensitive data, personal information, and business secrets. Unfortunately, as technology evolves, so do the methods used by hacking groups and individuals looking to prey on vulnerable online entities. The post How SSL Certificates Can Help Prevent Man-in-the-Middle Attacks appeared first on Security Boulevard.
Hacker's King
SEPTEMBER 2, 2024
Microsoft has announced that it will retire Visual Studio Code (VS Code) for Mac on August 31, 2024. The decision comes after numerous issues and incompatibilities between VS Code and macOS, especially on older versions. Users have reported problems such as VS Code not opening, frequent crashes, and instability due to updates that do not work well with their macOS version.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
265 
Let's personalize your content