Sat.Dec 09, 2023 - Fri.Dec 15, 2023

article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

The Last Watchdog

Here’s part two of Last Watchdog’s year-end tête-à-tête with top cybersecurity experts. Part three to follow on Friday. We asked two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? •What should I be most concerned about – and focus on – in 2024? Their guidance: Brandon Colley , Principal Security Consultant, Trimarc Security Colley Some 10-year-old vulnerabilities are still wildly prevalent.

article thumbnail

New Windows/Linux Firmware Attack

Schneier on Security

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.

Firmware 338
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Washington, DC — December 11, 2023 — The International Association of Chiefs of Police (IACP) has appointed long-time information-security-industry veteran and cybersecurity expert witness, Joseph Steinberg, to the organization’s Computer Crime & Digital Evidence Committee.

article thumbnail

2023 Cyber Review: The Year GenAI Stole the Show

Lohrman on Security

This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

article thumbnail

A Robot the Size of the World

Schneier on Security

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).

Internet 324

More Trending

article thumbnail

Microsoft Patch Tuesday, December 2023 Edition

Krebs on Security

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete c

Internet 253
article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Related: Adopting an assume-breach mindset With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on two questions that all company leaders should have top of mind: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at

article thumbnail

Facebook Enables Messenger End-to-End Encryption by Default

Schneier on Security

It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.

article thumbnail

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Tech Republic Security

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

OilRig’s persistent attacks using cloud service-powered downloaders

We Live Security

ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.

145
145
article thumbnail

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? •What should I be most concerned about – and focus on – in 2024?

article thumbnail

Surveillance Cameras Disguised as Clothes Hooks

Schneier on Security

This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them.

article thumbnail

4 Different Types of VPNs & When to Use Them

Tech Republic Security

Learn about the different types of VPNs and when to use them. Find out which type of VPN suits your needs with this comprehensive guide.

VPN 181
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

Security Affairs

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha

Hacking 145
article thumbnail

GUEST ESSAY: Adopting an ‘assume-breach mindset’ to defend company networks in 2024

The Last Watchdog

Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.

article thumbnail

Surveillance by the US Postal Service

Schneier on Security

This is not about mass surveillance of mail , this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves : To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company, and, most damning of all, hid a camera inside one of the targeted blue post boxes which captured the suspect’s full face as they allegedly helped themselves to swathes of peoples’ mail.

article thumbnail

Google Adds Gemini Pro API to AI Studio and Vertex AI

Tech Republic Security

Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The sound of you typing on your keyboard could reveal your password

Malwarebytes

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.

Passwords 144
article thumbnail

Researcher discovered a new lock screen bypass bug for Android 14 and 13

Security Affairs

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

article thumbnail

Why a Master’s in Cyber Security is Your Ticket to a Thriving Career

IT Security Guru

Have you ever wondered who keeps our online world safe from all the bad guys? The heroes who do this have a special kind of training – they have a Master’s degree in something called Cyber Security. It’s like being a detective in the digital world, where you need to solve online mysteries and catch cybercriminals. This field is expanding as corporations everywhere seek digital detectives to protect their data.

Banking 142
article thumbnail

Mozilla VPN Review (2023): Features, Pricing, and Security

Tech Republic Security

Mozilla VPN’s fast performance may not be enough to make up for its small server network and lack of features. Learn more about it in our full review below.

VPN 159
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

“Amazon got hacked” messages are a false alarm

Malwarebytes

Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these (depending on the social media platform): “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery addresses. Remove it! I had 2 added to mine.” Hub lockers are local secure places for people to pick up their Amazon order rather than risk them being left on a doorstep, so the concern was that someone

Hacking 142
article thumbnail

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over 197K app users and nearly 23K drivers were exposed.

VPN 141
article thumbnail

Ubiquiti users report having access to others’ UniFi routers, cameras

Bleeping Computer

Since yesterday, customers of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's cloud services. [.

article thumbnail

How to Use Google’s Titan Security Keys With Passkey Support

Tech Republic Security

Learn how to use Titan Security Keys with passkey support to enhance your online security. Follow these step-by-step instructions.

Mobile 154
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Silent but deadly: The rise of zero-click attacks

We Live Security

A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.

Media 141
article thumbnail

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

Security Affairs

The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.

Software 141
article thumbnail

The sound of you typing on your keyboard could reveal your password

Malwarebytes

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.

Passwords 140
article thumbnail

Get a VPN for Yourself and Your Employees This Holiday Season

Tech Republic Security

Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices.

VPN 153
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!