Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec

Passwords 315

Passwords IoT Manufacturing Telecommunications 315

Krebs on Security

APRIL 29, 2024

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.

Wireless 312

Wireless Mobile Technology 312

Joseph Steinberg

APRIL 28, 2024

CyberSecurity Expert Joseph Steinberg, will join the faculty of Columbia University for the upcoming Summer 2024 semester. Steinberg, who will serve as a Lecturer on Cybersecurity, will teach in the Technology Management graduate program run by Columbia’s School of Professional Studies; Steinberg’s lectures are scheduled to take place at Columbia’s New York City campus in May, June, and July of 2024.

Artificial Intelligence 277

Artificial Intelligence Cybersecurity Technology 277

Troy Hunt

MAY 2, 2024

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.

Passwords 256

Passwords Data breaches 256

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 3, 2024

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.

310

310

Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

DDOS 279

DDOS Cybercrime Hacking Passwords 279

Troy Hunt

APRIL 28, 2024

Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking 241

Banking Passwords Password Management Data breaches 241

Schneier on Security

MAY 1, 2024

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.

Scams 310

Scams Social Engineering Artificial Intelligence Engineering 310

Joseph Steinberg

APRIL 30, 2024

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co

Artificial Intelligence 208

Artificial Intelligence Cybersecurity 208

Tech Republic Security

MAY 3, 2024

According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.

Ransomware 193

Ransomware Cybersecurity 193

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

APRIL 30, 2024

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.

Penetration Testing 182

Penetration Testing CISO Unstructured Data Technology 182

Schneier on Security

MAY 3, 2024

I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.

Internet 279

Internet Internet 279

Penetration Testing

MAY 2, 2024

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing VPN 145

Tech Republic Security

MAY 1, 2024

Are virtual private networks legal to use? Discover if VPNs are legal, restricted or banned in your geolocation and what activities are legal vs. illegal when using a VPN.

VPN 185

VPN 185

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

MAY 2, 2024

It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users. Related: LLM risk mitigation strategies Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users. LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb.

Internet 147

Internet Internet Risk Cybersecurity 147

Schneier on Security

APRIL 29, 2024

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end.

Authentication 277

Authentication Technology 277

The Hacker News

MAY 2, 2024

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.

145

145

Tech Republic Security

MAY 1, 2024

Researchers can earn up to $10,000 for critical vulnerabilities in the generative AI products.

Artificial Intelligence 184

Artificial Intelligence 184

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MAY 2, 2024

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Hacking 145

Hacking 145

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 269

Encryption 269

Pen Test Partners

APRIL 30, 2024

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network.

Authentication 145

Authentication Passwords Accountability Engineering 145

Tech Republic Security

MAY 2, 2024

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT 183

IoT Artificial Intelligence Internet Internet 183

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

APRIL 29, 2024

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.

DNS 145

DNS Internet Internet Cyber threats 145

Penetration Testing

MAY 3, 2024

A significant security vulnerability has been identified in WordPress, the world’s most popular content management system, which could potentially allow attackers to take control of affected websites. The vulnerability, tracked as CVE-2024-4439 and rated... The post CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

WIRED Threat Level

APRIL 30, 2024

China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.

Technology 144

Technology 144

Tech Republic Security

MAY 3, 2024

The U.K.'s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.

Technology 179

Technology 179

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

APRIL 29, 2024

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.

145

145

Penetration Testing

APRIL 28, 2024

QNAP, a leading manufacturer of network attached storage (NAS) devices, has issued an urgent security advisory to its users concerning multiple severe vulnerabilities across its suite of NAS software products. These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Manufacturing Software 145

WIRED Threat Level

MAY 3, 2024

“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more. And they’re not afraid to show it off online.

Scams 144

Scams 144

Tech Republic Security

MAY 3, 2024

The year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.

Digital transformation 164

Digital transformation Big data Artificial Intelligence Technology 164

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity