Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa

VPN 304

VPN Encryption Internet Internet 304

Krebs on Security

MAY 6, 2024

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

VPN 291

VPN Wireless Internet Internet 291

The Last Watchdog

MAY 7, 2024

SAN FRANCISCO — Cloud security is stirring buzz as RSA Conference 2024 ramps up at Moscone Convention Center here. Related: The fallacy of ‘security-as-a-cost-center’ Companies are clambering to mitigate unprecedented exposures spinning out of their increasing reliance on cloud hosted resources. The unfolding disruption of Generative AI — and rising compliance requirements — add to the mix.

Threat Detection 264

Threat Detection Internet Internet Risk 264

Tech Republic Security

MAY 7, 2024

VPNs are popular due to the fact they add security and privacy to what are otherwise daily open Wi-Fi and public internet channels. But can VPNs be tracked by the police?

Internet 181

Internet Internet VPN 181

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 9, 2024

There’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs).

Financial Services 247

Financial Services Cybercrime Technology Artificial Intelligence 247

Penetration Testing

MAY 8, 2024

The Go programming language, known for its simplicity and efficiency in software development, has recently issued a crucial security advisory addressing two severe vulnerabilities. These flaws, identified in the Go environment, could potentially allow... The post CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Tech Republic Security

MAY 8, 2024

The production of deepfakes is accelerating at more than 1,500% in Australia, forcing organisations to create and adopt standards like Content Credentials.

Artificial Intelligence 185

Artificial Intelligence Big data 185

Schneier on Security

MAY 6, 2024

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.

259

259

Penetration Testing

MAY 7, 2024

A significant security flaw has been identified in PDF.js, a widely-used, Mozilla-supported PDF viewer developed with HTML5, and React-PDF, a popular npm package for displaying PDFs within React applications. This vulnerability, which allows for... The post CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Duo's Security Blog

MAY 9, 2024

User experience and security protocols have historically been at odds. To improve security outcomes, users are forced to jump through more hoops to gain access to sensitive resources. Duo is rethinking this paradigm with the launch of Session Trust’s continuous policy. Challenge with sessions When a user logs in to a new application, the website sends a cookie that is stored in the browser.

Risk 143

Risk Passwords Accountability Malware 143

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MAY 7, 2024

The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.

Manufacturing 154

Manufacturing Artificial Intelligence Big data Technology 154

Schneier on Security

MAY 10, 2024

This is another attack that convinces the AI to ignore road signs : Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture. The result is the camera capturing an image full of lines that don’t quite match each other.

Artificial Intelligence 221

Artificial Intelligence 221

The Hacker News

MAY 6, 2024

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.

144

144

WIRED Threat Level

MAY 6, 2024

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

Spyware 143

Spyware Hacking 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 10, 2024

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.

Ransomware 150

Ransomware Big data Social Engineering Artificial Intelligence 150

Duo's Security Blog

MAY 7, 2024

Cisco Duo plays pivotal role in safeguarding identities for organizations of all sizes and industries, providing a simple way to defend against identity-based attacks. However, challenges to zero trust security still exist; organizations must maintain strong security in mixed-IT environments while balancing increases in staffing, spending and agent fatigue.

DNS 141

DNS Authentication Risk Engineering 141

Security Affairs

MAY 5, 2024

Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. According to the countdown active on the seized, law enforcement that are currently controlling the website will reveal the identities of the LockBitSupps and other members of the gang on May 7, 2024, at 14:00:00 UTC.

Ransomware 141

Ransomware Cybercrime Cyber Attacks Encryption 141

WIRED Threat Level

MAY 8, 2024

An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.

140

140

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MAY 6, 2024

Additional enforcement means non-compliant email may be delivered to spam folders. Here’s what Google Workspace administrators and Gmail users need to know.

Cybersecurity 155

Cybersecurity 155

Penetration Testing

MAY 9, 2024

Google has rushed out an emergency security update for its Chrome browser to address a critical vulnerability already being exploited by threat actors. The flaw, designated CVE-2024-4671, is a “use after free” bug located... The post Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671 appeared first on Penetration Testing.

Penetration Testing 140

Penetration Testing 140

Security Affairs

MAY 9, 2024

Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY.

Authentication 140

Authentication Hacking Information Security 140

Bleeping Computer

MAY 10, 2024

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [.

Data breaches 133

Data breaches 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MAY 6, 2024

Informatica PowerCenter, Microsoft Playwright and Oracle Database SQL top Udemy’s list of most popular tech courses.

Big data 170

Big data Artificial Intelligence 170

Security Boulevard

MAY 6, 2024

War of the words: Fancy Bear actions are “intolerable and unacceptable,” complains German foreign minister Annalena Baerbock. The post Germany Warns Russia: Hacking Will Have Consequences appeared first on Security Boulevard.

Hacking 135

Hacking Risk Government Malware 135

Elie

MAY 8, 2024

This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows

149

149

Bleeping Computer

MAY 8, 2024

Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. [.

132

132

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

MAY 4, 2024

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S.

Hacking 134

Hacking 134

Security Boulevard

MAY 8, 2024

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical. The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Spyware Media Data privacy 131

Security Affairs

MAY 10, 2024

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the wild since the start of the year.

Engineering 131

Engineering Hacking Information Security 131

Bleeping Computer

MAY 9, 2024

Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. [.

Data breaches 145

Data breaches 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity