Jane Frankland
JANUARY 4, 2024
Growing up, most women had a Barbie in their lives at some point. Whether you found her artfully arranged on the toy shelf or covered in ‘dirt’ and tucked away, Barbie has played a significant role in shaping many people’s perceptions and aspirations. In this blog, I’ll be delving into how Barbie continues to influence people, particularly women.
Schneier on Security
JANUARY 4, 2024
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 30, 2023
We're in Paris! And feeling proper relaxed after several days of wine and cheese too, I might add. This was a very impromptu end of 2023 weekly update as we balanced family time with doing the final video for the year. On the cyber side, the constant them over the last week has been ransomware; big firms, little firms, Aussie firms, American firms - it's just completely indiscriminate.
The Last Watchdog
JANUARY 2, 2024
In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
JANUARY 3, 2024
Commentary: Australia’s Cyber Security Strategy 2023-2030 is a bold and far-reaching vision that will see Australia become a world leader. However, a lack of bipartisan agreement may undermine it.
Schneier on Security
JANUARY 3, 2024
A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s no difference whether the identification technology is facial recognition, the MAC address of our phones, gait recognition, license plate reco
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JANUARY 1, 2024
CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. An attacker can use the exploit to access Google services, even after a user’s password reset.
Tech Republic Security
JANUARY 4, 2024
Investment firm DigitalBridge Group and other backers provided the cash for the venture, which will enable generative AI deployment.
Schneier on Security
JANUARY 2, 2024
TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its alignment with the interests of the Chinese Government.
Malwarebytes
JANUARY 4, 2024
In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History. Link History allows users to view and re-visit links they have visited with their Facebook browsing activity. Obviously Facebook will tell us that the new feature is for its users’ benefit, but we can see several ways in which this benefits Meta even more.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JANUARY 2, 2024
Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.
Penetration Testing
JANUARY 4, 2024
EDRSilencer Inspired by the closed-source FireBlock tool FireBlock from MdSec NightHawk, I created my version. This tool was created to block the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs.... The post EDRSilencer: uses WFP to block EDR agents from reporting security events to the server appeared first on Penetration Testing.
Schneier on Security
JANUARY 5, 2024
We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.
Graham Cluley
JANUARY 4, 2024
No one is too big, too clever, too security-savvy to avoid being duped - because it's only human to make a mistake and screw up. Read my article on the Tripwire State of Security blog.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JANUARY 2, 2024
Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.
Bleeping Computer
JANUARY 3, 2024
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [.
Security Boulevard
JANUARY 3, 2024
How stupid does he think we are? You’ll want to turn off this new app setting. The post Facebook’s New Privacy Nightmare: ‘Link History’ appeared first on Security Boulevard.
The Hacker News
JANUARY 3, 2024
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 31, 2023
Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the company monitored individuals using the Chrome “incognito” mode. Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser. The class action, filed in 2020 by law firm Boies Schiller Flexner, alleges that the IT giant deceived users, leading them to believe their online activiti
IT Security Guru
JANUARY 3, 2024
Swarming or DDoS attacks pose a threat to streamers. Multiple devices flooding your internet connection with traffic can cause slowdowns or crashes. A reliable VPN provider always maintains a DDoS-protected server. Your data goes through a secure server, making it harder for attackers to target your actual IP address. In this article, we will continue to explore how a VPN can fortify your Twitch stream.
Security Boulevard
JANUARY 2, 2024
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability. The post Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old appeared first on Security Boulevard.
Bleeping Computer
JANUARY 3, 2024
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 30, 2023
The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp. Xerox Corp provides document management solutions worldwide. The company’s Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital printing presses, and light production devices; and production printing and publishing systems for the graphic communications marketplace and large enterprises.
We Live Security
JANUARY 3, 2024
If you like typing with your voice, it should also go without saying that you need to take some precautions and avoid spilling your secrets.
Security Boulevard
JANUARY 4, 2024
More than half of cybersecurity leaders would replace their entire current stack of platforms if there were no budget constraints. The post Survey Surfaces Lack of Confidence in Existing Cybersecurity Tools appeared first on Security Boulevard.
Bleeping Computer
JANUARY 4, 2024
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JANUARY 1, 2024
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that is created in the business goes back to the members or is reinvested in the business, which creates a circular cycle.
Malwarebytes
JANUARY 3, 2024
In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first.
Security Boulevard
DECEMBER 31, 2023
In this episode, host Tom Eston shares the three key lessons he’s learned over his 18-year career in cybersecurity: effective communication, continuous learning, and empathy. He talks about the importance of understanding and reaching both technical and non-technical audiences, the necessity of continuous learning despite your role, and the power of empathy in contributing to […] The post The Three Keys to Success in Cybersecurity appeared first on Shared Security Podcast.
Bleeping Computer
JANUARY 3, 2024
HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
130 
Let's personalize your content