Jane Frankland
JANUARY 4, 2024
Growing up, most women had a Barbie in their lives at some point. Whether you found her artfully arranged on the toy shelf or covered in ‘dirt’ and tucked away, Barbie has played a significant role in shaping many people’s perceptions and aspirations. In this blog, I’ll be delving into how Barbie continues to influence people, particularly women.
Schneier on Security
JANUARY 4, 2024
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 30, 2023
We're in Paris! And feeling proper relaxed after several days of wine and cheese too, I might add. This was a very impromptu end of 2023 weekly update as we balanced family time with doing the final video for the year. On the cyber side, the constant them over the last week has been ransomware; big firms, little firms, Aussie firms, American firms - it's just completely indiscriminate.
The Last Watchdog
JANUARY 2, 2024
In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JANUARY 3, 2024
Commentary: Australia’s Cyber Security Strategy 2023-2030 is a bold and far-reaching vision that will see Australia become a world leader. However, a lack of bipartisan agreement may undermine it.
Schneier on Security
JANUARY 2, 2024
TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its alignment with the interests of the Chinese Government.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 2, 2024
Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.
Tech Republic Security
JANUARY 4, 2024
Investment firm DigitalBridge Group and other backers provided the cash for the venture, which will enable generative AI deployment.
Schneier on Security
JANUARY 3, 2024
A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s no difference whether the identification technology is facial recognition, the MAC address of our phones, gait recognition, license plate reco
The Hacker News
JANUARY 1, 2024
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 1, 2024
CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. An attacker can use the exploit to access Google services, even after a user’s password reset.
WIRED Threat Level
JANUARY 5, 2024
Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.
Schneier on Security
JANUARY 5, 2024
We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.
Penetration Testing
JANUARY 4, 2024
EDRSilencer Inspired by the closed-source FireBlock tool FireBlock from MdSec NightHawk, I created my version. This tool was created to block the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs.... The post EDRSilencer: uses WFP to block EDR agents from reporting security events to the server appeared first on Penetration Testing.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JANUARY 2, 2024
Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.
Graham Cluley
JANUARY 4, 2024
No one is too big, too clever, too security-savvy to avoid being duped - because it's only human to make a mistake and screw up. Read my article on the Tripwire State of Security blog.
Bleeping Computer
JANUARY 3, 2024
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [.
WIRED Threat Level
DECEMBER 31, 2023
Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 31, 2023
Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the company monitored individuals using the Chrome “incognito” mode. Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser. The class action, filed in 2020 by law firm Boies Schiller Flexner, alleges that the IT giant deceived users, leading them to believe their online activiti
The Hacker News
JANUARY 3, 2024
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged.
Security Boulevard
JANUARY 3, 2024
How stupid does he think we are? You’ll want to turn off this new app setting. The post Facebook’s New Privacy Nightmare: ‘Link History’ appeared first on Security Boulevard.
Malwarebytes
JANUARY 3, 2024
In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 30, 2023
The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp. Xerox Corp provides document management solutions worldwide. The company’s Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital printing presses, and light production devices; and production printing and publishing systems for the graphic communications marketplace and large enterprises.
WIRED Threat Level
JANUARY 2, 2024
If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.
Security Boulevard
JANUARY 2, 2024
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability. The post Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old appeared first on Security Boulevard.
Bleeping Computer
JANUARY 3, 2024
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JANUARY 3, 2024
Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency. Orbit Chain has suffered a security breach that has resulted in the theft of more than $81 million worth of cryptocurrency. Orbit Chain is a multi-asset blockchain platform that connects various blockchains through Inter-Blockchain Communication (IBC).
WIRED Threat Level
JANUARY 4, 2024
Ukraine’s top general says his country must innovate on the level of inventing gunpowder to “break military parity” with Russia. If it’s successful, it could change the future of war.
We Live Security
JANUARY 3, 2024
If you like typing with your voice, it should also go without saying that you need to take some precautions and avoid spilling your secrets.
Malwarebytes
JANUARY 2, 2024
Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
130 
Let's personalize your content