Schneier on Security
SEPTEMBER 12, 2024
Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).
Krebs on Security
SEPTEMBER 13, 2024
A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 12, 2024
Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
Kali Linux
SEPTEMBER 10, 2024
With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Schneier on Security
SEPTEMBER 9, 2024
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.
Krebs on Security
SEPTEMBER 10, 2024
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
SEPTEMBER 9, 2024
The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.
Schneier on Security
SEPTEMBER 11, 2024
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu
Security Affairs
SEPTEMBER 11, 2024
Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45
Tech Republic Security
SEPTEMBER 11, 2024
According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Penetration Testing
SEPTEMBER 8, 2024
Security researcher published the technical details and a proof-of-concept (PoC) exploit for a patched elevation of privilege vulnerability in the Windows Telephony service tracked as CVE-2024-26230. This flaw, which has... The post PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 appeared first on Cybersecurity News.
Schneier on Security
SEPTEMBER 10, 2024
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.
The Hacker News
SEPTEMBER 10, 2024
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity.
Tech Republic Security
SEPTEMBER 12, 2024
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
SEPTEMBER 12, 2024
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing... The post Cybersecurity Alert: Python Libraries Exploited for Malicious Intent appeared first on Cybersecurity News.
Schneier on Security
SEPTEMBER 13, 2024
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.
Security Affairs
SEPTEMBER 13, 2024
Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.
Tech Republic Security
SEPTEMBER 9, 2024
Compare Surfshark and NordVPN to determine which one is better. Explore their features, performance and pricing to make an informed decision.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing
SEPTEMBER 13, 2024
Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done by the original owner or with the correct password. Without deactivating Lost Mode,... The post Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 9, 2024
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.
Security Boulevard
SEPTEMBER 11, 2024
SpecterOps has added the ability to track attack paths across instances of Microsoft Azure Directory (AD) running in both on-premises and on the Microsoft Azure cloud service. The post SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 9, 2024
iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
SEPTEMBER 12, 2024
Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian
The Hacker News
SEPTEMBER 9, 2024
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr.
Security Boulevard
SEPTEMBER 12, 2024
We're told over and over again that there are hundreds of thousands of cybersecurity vacancies in the U.S. and millions worldwide. But from what I hear, many new entrants to the application security field find it difficult to land jobs. Why? The post Why Breaking into Cybersecurity Isn’t as Easy as You Think appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 9, 2024
From phishing scams to ransomware attacks, discover what these threats look like and how you can protect yourself and your business.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
SEPTEMBER 9, 2024
Users are exploiting a privacy flaw in WhatsApp to bypass the app’s “View once” feature, allowing them to re-view messages. The ‘View Once ‘ feature in WhatsApp allows users to send photos, videos, and voice messages that can only be viewed once by the recipient. Recipients cannot forward, share, or copy the “View Once” media, and they cannot take screenshots or screen recordings of it.
The Hacker News
SEPTEMBER 7, 2024
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.
Security Boulevard
SEPTEMBER 12, 2024
Proofpoint this week at its Protect conference launched a series of efforts through which it plans to provide cybersecurity teams with more granular controls in real-time, over what applications and services are accessed by end users. The post Proofpoint Adds Ability to Dynamically Apply Granular Security Controls appeared first on Security Boulevard.
Tech Republic Security
SEPTEMBER 10, 2024
Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
286 
Let's personalize your content