Tech Republic Security
OCTOBER 22, 2024
A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.
Tech Republic Security
OCTOBER 21, 2024
CISA advisor Nicole Perlroth closed out ISC2 Security Congress’ keynotes with a wake-up call for security teams to watch for nation-state-sponsored attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
OCTOBER 23, 2024
IBM is rolling out Guardian Data Security Center, a framework designed to give enterprises the tools they need to address the emerging cyberthreats that come the ongoing development of generative AI and quantum computing. The post IBM Addresses AI, Quantum Security Risks with New Platform appeared first on Security Boulevard.
Tech Republic Security
OCTOBER 23, 2024
It only takes five days on average for attackers to exploit a vulnerability, according to a new report by cybersecurity company Mandiant.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
IT Security Guru
OCTOBER 21, 2024
October is widely regarded as Cybersecurity Awareness Month. While awareness is crucial in our increasingly perilous cyber landscape – where threats to both organisations and individuals are growing in scale and sophistication – action is now paramount. Recent research indicates that 95% of IT leaders believe cyber attacks are more advanced than ever, largely due to the accessibility of AI technologies.
Schneier on Security
OCTOBER 22, 2024
The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Penetration Testing
OCTOBER 23, 2024
Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. This vulnerability, rated at CVSS 9.8, arises from a... The post Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8) appeared first on Cybersecurity News.
Security Affairs
OCTOBER 22, 2024
Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.
Schneier on Security
OCTOBER 25, 2024
Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is (1) how much text is required for the watermark to work, and (2) how robust the watermark is to post-generation editing.
eSecurity Planet
OCTOBER 22, 2024
The reliance on virtual meetings has skyrocketed after the pandemic, making platforms like Google Meet and Zoom integral to our daily personal and professional communication. However, this surge in usage has also opened the door to a growing array of cybersecurity threats. One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
OCTOBER 20, 2024
Security researcher Angelboy (@scwuaptx) with DEVCORE has identified a privilege escalation vulnerability in Microsoft’s Kernel Streaming service. The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.
Security Affairs
OCTOBER 20, 2024
Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system. “This vulnerability may allow an authenticated attacker with M
Jane Frankland
OCTOBER 25, 2024
As cybersecurity matures, the concept of resilience has taken on new dimensions, at least according to Commvault’s CEO, Sanjay Mirchandani. Attending their annual global event series, SHIFT , in London recently, he redefined the future of business resilience in his keynote address and positioned the concept of continuous business—a ground-breaking state of perpetual availability and robustness which revolves around four pivotal elements: 1.
Security Boulevard
OCTOBER 24, 2024
Security leaders must leverage the best of both to truly protect an organization in today's complex digital environment — blending the old with the new. The post Blending Traditional and Emerging Cybersecurity Practices for a Holistic Approach appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Malwarebytes
OCTOBER 25, 2024
In April, we reported that a “substantial proportion” of Americans may have had their health and personal data stolen in the Change Healthcare breach. That was based on a report provided by the UnitedHealth Group after the February cyberattack on its subsidiary Change Healthcare. The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health fac
Security Affairs
OCTOBER 21, 2024
Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Doc
Penetration Testing
OCTOBER 24, 2024
In a recent report, the Datadog Security Research Team exposed the latest nefarious activities of the Tenacious Pungsan group, a North Korean cyber-espionage threat actor. Known for its persistence, the... The post North Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packages appeared first on Cybersecurity News.
Security Boulevard
OCTOBER 25, 2024
Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten. The post 100 MILLION Americans in UnitedHealth PII Breach appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
OCTOBER 23, 2024
The U.S. Securities and Exchange Commission (SEC) announced Tuesday that it has fined four companies $7 million for misleading statements about their cybersecurity incidents, particularly concerning the high-profile 2019 SolarWinds hack. Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited were found to have downplayed the severity of their data breaches in public disclosures, obscuring the full scope of the incidents from investors and the public.
Security Affairs
OCTOBER 22, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog. ScienceLogic SL1 contains a vulnerability related to a third-party component.
Penetration Testing
OCTOBER 24, 2024
ReliaQuest revealed a concerning new collaboration between the Scattered Spider cybercriminal collective and the rising ransomware group RansomHub. This report highlights a dangerous escalation in ransomware activities, combining Scattered Spider’s... The post Ransomware Threat Escalates as Scattered Spider and RansomHub Combine Forces appeared first on Cybersecurity News.
Security Boulevard
OCTOBER 25, 2024
By placing IAM strategy and enforcement under the CISO’s purview, enterprises can ensure that it is treated as a critical component of the overall security strategy. The post CISOs Should Be Directing IAM Strategy — Here’s Why appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 21, 2024
Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue, they have no problem abusing taxpayers and making things worse for them in the long term.
Security Affairs
OCTOBER 22, 2024
VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.
Graham Cluley
OCTOBER 24, 2024
Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. But that doesn't mean that Mac users should be complacent. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real. Read more in my article on the Tripwire State of Security blog.
Security Boulevard
OCTOBER 24, 2024
Unmanaged software as a service (SaaS) applications and AI tools within organizations are posing a growing security risk as vulnerabilities increase, according to a report from Grip Security. The post Majority of SaaS Applications, AI Tools Unmanaged appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
OCTOBER 23, 2024
Cisco has disclosed an actively exploited vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow attackers to launch denial-of-service (DoS) attacks against... The post Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481) appeared first on Cybersecurity News.
Security Affairs
OCTOBER 19, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
NSTIC
OCTOBER 23, 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.
Security Boulevard
OCTOBER 20, 2024
Over the past 6 months I have been researching ransomware, and not even from the technical angle (which would very tempting and no doubt, enlightening in it’s own right), but from a strategic perspective. This approach resonated with many, and I was invited to after speak with the International Conference on Emerging Trends in Information […] The post Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
207 
Let's personalize your content