Schneier on Security
FEBRUARY 1, 2024
Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies.
Krebs on Security
JANUARY 30, 2024
On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 29, 2024
I've always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they've collected over time and by virtue of existing in the same social circles, trades are frequent, and cards flow back and forth on a regular basis.
Joseph Steinberg
JANUARY 30, 2024
Embark on a journey of thought leadership into the dynamic realm of cybersecurity, and be part of the conversation and collective effort to shape the future of the industry, by joining the inaugural webinar of Coro’s new series, Cybersphere. Taking place on Thursday, February 1st, 2024 1:00 PM US Eastern Daylight Savings Time (10:00 AM US Pacific = 5:00 PM UTC/GMT), Securing Tomorrow: Cybersecurity Review 2023 & Forecasting 2024 Threats , will be a thought-provoking session that will f
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperâs affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
FEBRUARY 2, 2024
In 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain (to the police, a judge, or his parents) if he doesn’t think itâs fair. This also works, but still requires another person—Âat least to resolve disputes.
Krebs on Security
FEBRUARY 1, 2024
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
JANUARY 27, 2024
I spent longer than I expected talking about Trello this week, in part because I don't feel the narrative they presented properly acknowledges their responsibility for the incident and in part because I think the impact of scraping in general is misunderstood. I suspect many of us are prone to looking at this in a very binary fashion: if the data is publicly accessible anyway, scraping it poses no risk.
Schneier on Security
FEBRUARY 2, 2024
David Kahn has died. His groundbreaking book, The Codebreakers was the first serious book I read about codebreaking, and one of the primary reasons I entered this field. He will be missed.
Tech Republic Security
JANUARY 31, 2024
Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system.
Lohrman on Security
JANUARY 28, 2024
Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. So whatâs coming in 2024? Hereâs a roundup of top CIO priorities.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youâll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
FEBRUARY 1, 2024
Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers. Discovered on January 10, 2024, by JPCERT/CC, this vulnerability has... The post Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices appeared first on Penetration Testing.
Schneier on Security
JANUARY 30, 2024
It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles.
Tech Republic Security
FEBRUARY 2, 2024
The FBI spotted this state-sponsored attack that highlights how home office setups can be overlooked when it comes to employeesâ cybersecurity.
Security Affairs
JANUARY 29, 2024
Researchers discovered that Mercedes-Benz accidentally left a private key online exposing internal data, including the companyâs source code. RedHunt Labs researchers discovered that Mercedes-Benz unintentionally left a private key accessible online, thereby exposing internal data, including the company’s source code. It’s unclear if the data leak exposed customer data, RedHunt Labs shared its findings with TechCrunch and with the help of the media outlet notified the car maker.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatâs next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
JANUARY 31, 2024
In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization. Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.
Schneier on Security
JANUARY 29, 2024
Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and
Tech Republic Security
JANUARY 29, 2024
New research details the possible effects of ransomware attacks on businesses and staff, society, the economy and national security, highlighting that its impact on mental and physical health is often overlooked.
Bleeping Computer
FEBRUARY 1, 2024
Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnât hand those out too freely. You have stuff thatâs worth protectingâand the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JANUARY 27, 2024
The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology “Planet.” The Russian center processes data received from satellites and also provides relevant p
Schneier on Security
JANUARY 30, 2024
GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article.
Tech Republic Security
JANUARY 29, 2024
The EU says the DMA keeps markets fair and open; Apple says the DMA introduces security problems. Apple is leveling fees against independent app stores.
Bleeping Computer
JANUARY 30, 2024
âUnprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JANUARY 28, 2024
Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.
Schneier on Security
JANUARY 31, 2024
In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.
Tech Republic Security
JANUARY 31, 2024
Get the ultimate online protection of privacy and security for up to five devices, including speedy servers, unlimited bandwidth, kill switch and more.
WIRED Threat Level
JANUARY 31, 2024
For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JANUARY 30, 2024
Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th.
Penetration Testing
JANUARY 29, 2024
FFmpeg, a widely used open-source project for handling multimedia files, has recently been spotlighted for its vulnerabilities. Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.
Tech Republic Security
JANUARY 29, 2024
McAfee True Keyâs focus on simplicity as a password manager may leave users seeking more security and usability features in other options. Learn more in our hands-on review.
Bleeping Computer
FEBRUARY 2, 2024
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. [.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
352 
Let's personalize your content