Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa

VPN 308

VPN Encryption Internet Internet 308

Krebs on Security

MAY 6, 2024

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

VPN 265

VPN Wireless Internet Internet 265

Tech Republic Security

MAY 8, 2024

The production of deepfakes is accelerating at more than 1,500% in Australia, forcing organisations to create and adopt standards like Content Credentials.

Artificial Intelligence 187

Artificial Intelligence Big data 187

Penetration Testing

MAY 8, 2024

The Go programming language, known for its simplicity and efficiency in software development, has recently issued a crucial security advisory addressing two severe vulnerabilities. These flaws, identified in the Go environment, could potentially allow... The post CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

MAY 9, 2024

There’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs).

Financial Services 254

Financial Services Cybercrime Technology Artificial Intelligence 254

The Hacker News

MAY 10, 2024

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.

143

143

Penetration Testing

MAY 7, 2024

A significant security flaw has been identified in PDF.js, a widely-used, Mozilla-supported PDF viewer developed with HTML5, and React-PDF, a popular npm package for displaying PDFs within React applications. This vulnerability, which allows for... The post CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Schneier on Security

MAY 6, 2024

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.

265

265

The Hacker News

MAY 6, 2024

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.

144

144

Tech Republic Security

MAY 7, 2024

The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.

Manufacturing 157

Manufacturing Artificial Intelligence Big data Technology 157

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MAY 8, 2024

An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.

144

144

Duo's Security Blog

MAY 9, 2024

User experience and security protocols have historically been at odds. To improve security outcomes, users are forced to jump through more hoops to gain access to sensitive resources. Duo is rethinking this paradigm with the launch of Session Trust’s continuous policy. Challenge with sessions When a user logs in to a new application, the website sends a cookie that is stored in the browser.

Risk 142

Risk Passwords Accountability Malware 142

Penetration Testing

MAY 9, 2024

Google has rushed out an emergency security update for its Chrome browser to address a critical vulnerability already being exploited by threat actors. The flaw, designated CVE-2024-4671, is a “use after free” bug located... The post Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671 appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing 138

Tech Republic Security

MAY 10, 2024

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.

Ransomware 152

Ransomware Big data Social Engineering Artificial Intelligence 152

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MAY 6, 2024

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

Spyware 143

Spyware Hacking 143

Malwarebytes

MAY 10, 2024

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

Data breaches 137

Data breaches Passwords Phishing Big data 137

Bleeping Computer

MAY 10, 2024

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [.

Data breaches 133

Data breaches 133

Tech Republic Security

MAY 6, 2024

Additional enforcement means non-compliant email may be delivered to spam folders. Here’s what Google Workspace administrators and Gmail users need to know.

Cybersecurity 158

Cybersecurity 158

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 6, 2024

War of the words: Fancy Bear actions are “intolerable and unacceptable,” complains German foreign minister Annalena Baerbock. The post Germany Warns Russia: Hacking Will Have Consequences appeared first on Security Boulevard.

Hacking 134

Hacking Risk Government Malware 134

Elie

MAY 8, 2024

This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows

149

149

Bleeping Computer

MAY 8, 2024

Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. [.

132

132

Tech Republic Security

MAY 6, 2024

Informatica PowerCenter, Microsoft Playwright and Oracle Database SQL top Udemy’s list of most popular tech courses.

Big data 172

Big data Artificial Intelligence 172

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

MAY 6, 2024

The very backbone of Virtual Private Networks (VPNs), praised for their ability to secure online activities, is under scrutiny following a breakthrough discovery by Dani Cronce and Lizzie Moratti from Leviathan Security Group. Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on Penetration Testing.

VPN 132

VPN Penetration Testing 132

The Hacker News

MAY 4, 2024

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S.

Hacking 131

Hacking 131

Security Boulevard

MAY 8, 2024

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical. The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

Social Engineering 130

Social Engineering Spyware Media Data privacy 130

Security Affairs

MAY 5, 2024

Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. According to the countdown active on the seized, law enforcement that are currently controlling the website will reveal the identities of the LockBitSupps and other members of the gang on May 7, 2024, at 14:00:00 UTC.

Ransomware 129

Ransomware Cybercrime Cyber Attacks Encryption 129

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 9, 2024

Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. [.

Data breaches 145

Data breaches 145

The Hacker News

MAY 7, 2024

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week.

Social Engineering 129

Social Engineering Media Engineering Hacking 129

Security Boulevard

MAY 9, 2024

Stagnating security budgets and mounting job pressures are weighing on CISOs, a quarter of whom expressed discontent with their salary and overall compensation. Show me the money: The average total compensation for tech CISOs stands at $710,000. The post One in Four Tech CISOs Unhappy with Compensation appeared first on Security Boulevard.

CISO 128

CISO Cybersecurity 128

Penetration Testing

MAY 9, 2024

Researchers at eSentire’s Threat Response Unit (TRU) have uncovered a disturbing trend in FIN7 attacks demonstrating the notorious cybercrime group’s evolving tactics for infiltrating systems. FIN7’s campaign targets users with malicious websites disguised as... The post FIN7 Hackers Using Signed Malware and Fake Google Ads to Evade Defenses appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Malware Cybercrime 127

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity