Schneier on Security

JULY 15, 2024

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each sci

Hacking 345

Hacking 345

Krebs on Security

JULY 12, 2024

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Troy Hunt

JULY 31, 2024

TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service. How many attempted scams do you get each day? I woke up to yet another "redeem your points" SMS this morning, I'll probably receive a phone call from "my bank" today (edit: I was close, it was "Amazon Prime" &

Scams 326

Scams Passwords Malware Accountability 326

The Last Watchdog

JULY 25, 2024

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

Technology 317

Technology Ransomware Software Cyber Attacks 317

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Joseph Steinberg

JULY 23, 2024

CyberSecurity Expert Witness and Board Member , Joseph Steinberg, will, tomorrow, Wednesday, July 24th, 2024, speak with the public as part of a panel of experts from Columbia University, discussing both the recent CrowdStrike-Microsoft cybersecurity incident, and the incident’s ongoing global impact. On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 million devices running Microsoft Windows, disrupting air travel, hospitals, gov

Artificial Intelligence 284

Artificial Intelligence Cybersecurity Government Technology 284

Lohrman on Security

JULY 21, 2024

Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.

Ransomware 262

Ransomware Government 262

Krebs on Security

JULY 19, 2024

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis.

Artificial Intelligence 327

Artificial Intelligence Media Software Cybersecurity 327

Troy Hunt

JULY 24, 2024

Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was

Data breaches 271

Data breaches 271

The Last Watchdog

JULY 1, 2024

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

Manufacturing 278

Manufacturing Risk Internet Internet 278

Tech Republic Security

JULY 9, 2024

Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.

Passwords 212

Passwords Hacking Big data 212

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Lohrman on Security

JULY 28, 2024

On July 19, 2024, a CrowdStrike software update unleashed mayhem on computer systems at airports, banks and more from Australia to Atlanta. What happened, and what lessons can we take away?

Banking 260

Banking Software 260

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars ­easily matching the most costly previous cyberattacks, such as NotPetya.

Marketing 324

Marketing Software Internet Internet 324

Krebs on Security

JULY 26, 2024

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google

Accountability 297

Accountability Authentication Cryptocurrency Web Fraud 297

Troy Hunt

JULY 11, 2024

I get the frustration and anger those working at organisations that have been breached feel, and I've seen it firsthand in my communications with them on so many prior occasions. They're the victim of a criminal act and they're rightly outraged. However. thinking back to similar examples to The Heritage Foundation situation this week, I can't think of a single case where losing your mind and becoming abusive has ever worked out well.

Passwords 248

Passwords 248

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Javvad Malik

JULY 5, 2024

As I sit here, reflecting on the recent news of the ransomware attack on pathology lab Synnovis, I can’t help but feel a sense of unease wash over me. It’s not just another headline or statistic; this time, it’s a bit more personal. My neighbour, Oliver Dowson , is one of the many individuals directly affected by this breach, his heart valve replacement surgery postponed indefinitely due to the fallout.

Healthcare 208

Healthcare Data breaches Cybersecurity Cybercrime 208

Tech Republic Security

JULY 19, 2024

Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.

206

206

Lohrman on Security

JULY 14, 2024

Preparations for the Paris Summer Olympics have been going on for years. And given the expected global audience and international participation, cybersecurity is at the center of the action.

Cybersecurity 234

Cybersecurity 234

Schneier on Security

JULY 26, 2024

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Firmware 320

Firmware Encryption Manufacturing Passwords 320

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that.top was the most common suffix in phishing websites over the past year, second only to domains ending in “ com.” Image: Shutterstock.

Phishing 293

Phishing DNS Scams Technology 293

Troy Hunt

JULY 27, 2024

Who would have thought that just a few hours after recording the previous week's video, the world would descend into what has undoubtedly become the largest IT outage we've ever seen: I don’t think it’s too early to call it: this will be the largest IT outage in history — Troy Hunt (@troyhunt) July 19, 2024 By virtue of the CrowdStrike incident occurring in friendly office hours for my corner of the world, I was able to get a thread on it going pretty early on.

Media 238

Media 238

Penetration Testing

JULY 30, 2024

Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990, CVE-2024-7255, and CVE-2024-7256, could potentially allow attackers to... The post Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990) appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 1, 2024

Security analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.

Software 204

Software 204

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Lohrman on Security

JULY 7, 2024

Why so many layoffs? Are technology jobs plentiful or lacking? With unemployment relatively low, why are many cyber pros and tech experts struggling to get an interview?

Marketing 147

Marketing Technology 147

Schneier on Security

JULY 17, 2024

6.8% , to be precise. From ZDNet : However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year.

Internet 312

Internet Internet DDOS Cybercrime 312

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 294

Accountability Cryptocurrency Passwords DNS 294

Troy Hunt

JULY 21, 2024

It feels weird to be writing anything right now that isn't somehow related to Friday's CrowdStrike incident, but given I recorded this video just a few hours before all hell broke loose, it'll have to wait until next week. This week, the issue that really has me worked up is data breach victim notification or more specifically, lack thereof.

Data breaches 235

Data breaches InfoSec Spyware Government 235

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.

DNS 145

DNS Software Internet Internet 145

Tech Republic Security

JULY 10, 2024

Read about the new Cisco Talos report on the top ransomware groups’ techniques and learn how to mitigate this cybersecurity risk. Cisco Talos observed the TTPs used by 14 of the most prevalent ransomware groups based on their volume of attack, impact to customers and atypical behavior.

Ransomware 202

Ransomware Risk Cybersecurity Social Engineering 202

Malwarebytes

JULY 31, 2024

Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is locked there are several voice-commands your digital assistant can process.

Software 145

Software Mobile Risk Cybersecurity 145

Schneier on Security

JULY 31, 2024

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Internet 308

Internet Internet Malware 308

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity