Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Internet 349

Internet Internet Wireless Government 349

Schneier on Security

FEBRUARY 13, 2024

Molly White—of “ Web3 is Going Just Great ” fame— reviews Chris Dixon’s blockchain solutions book: Read Write Own : In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how “for decades, technologists have dreamed of building a grassroots internet access provider” He describes one project that &

Internet 286

Internet Internet 286

Lohrman on Security

FEBRUARY 11, 2024

When we persevere through difficulties our results are often better than initially expected. Here’s a story of how pandemic disappointments and travel problems led to new professional opportunities.

232

232

The Last Watchdog

FEBRUARY 11, 2024

Every industry is dealing with a myriad of cyber threats in 2024. It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure. Related: The case for augmented reality training Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate , especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance office

Cyber Risk 234

Cyber Risk Risk Financial Services Cyber threats 234

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

FEBRUARY 13, 2024

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits.

Engineering 248

Engineering Internet Internet Software 248

Schneier on Security

FEBRUARY 15, 2024

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself, but many exploits are due to logic fails, and less progress has been made scanning for those.

Software 284

Software Marketing Cybersecurity 284

Penetration Testing

FEBRUARY 13, 2024

Zoom, the popular video conferencing platform, has addressed several critical security vulnerabilities affecting its Windows, iOS, and Android clients. A total of 7 security flaws were fixed. IT teams and individual users should patch... The post CVE-2024-24691 (CVSS 9.6): Critical Zoom Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [.

Malware 143

Malware 143

Schneier on Security

FEBRUARY 14, 2024

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a lot about the security of these systems, and this paper is an example of that learning.

272

272

Tech Republic Security

FEBRUARY 16, 2024

Sora is in red teamers' and selected artists' hands for now, as OpenAI tries to prevent AI video from being used for misinformation or offensive content.

Artificial Intelligence 194

Artificial Intelligence Software 194

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

FEBRUARY 10, 2024

A proof-of-concept (PoC) exploit code and technical details have been made available for a zero-day security flaw, tracked as CVE-2022-4262 (CVSS 8.8), affecting Google Chrome. The heart of this vulnerability lies within the Chrome... The post Google Chrome Zero-Day PoC Code Released appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Elie

FEBRUARY 16, 2024

This research study presented at NeurIPS 2024 introduces RETVec, a robust and multilingual text vectorizer that provides efficiency and resilience against typos and adversarial attacks for neural-based text processing.

137

137

Schneier on Security

FEBRUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024.

256

256

Tech Republic Security

FEBRUARY 12, 2024

Google Cloud’s Director of Office of the CISO Nick Godfrey reminds business leaders to integrate security into conversations around financial and business targets.

CISO 185

CISO Digital transformation Artificial Intelligence Ransomware 185

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

FEBRUARY 11, 2024

A serious security flaw has been unearthed in the popular database software PostgreSQL, raising concerns for businesses and systems administrators. This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with... The post CVE-2024-0985: PostgreSQL’s Critical Security Flaw Exposed appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing System Administration Software 144

Trend Micro

FEBRUARY 12, 2024

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

Marketing 141

Marketing 141

Schneier on Security

FEBRUARY 12, 2024

Matt Burgess tries to only use passkeys. The results are mixed.

Passwords 288

Passwords 288

Tech Republic Security

FEBRUARY 13, 2024

The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.

Cybersecurity 217

Cybersecurity 217

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

FEBRUARY 15, 2024

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating system used by the Utah-based software company for the device is CentOS 6.4.

Firmware 141

Firmware Engineering Software 141

Malwarebytes

FEBRUARY 15, 2024

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam , where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can. This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a visit to your door.

Scams 142

Scams Energy and Utilities Advertising Mobile 142

Bleeping Computer

FEBRUARY 11, 2024

ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. [.

DNS 141

DNS Software 141

Tech Republic Security

FEBRUARY 16, 2024

Learn about passphrases and understand how you can use these strong yet memorable phrases to safeguard your accounts against hackers.

Accountability 191

Accountability Password Management Passwords 191

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

FEBRUARY 13, 2024

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity.

Software 142

Software 142

Security Affairs

FEBRUARY 16, 2024

U.S. CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a threat actor gained access to an unnamed state government organization’s network environment via an administrator account belonging to a former employee.

Government 144

Government VPN Accountability Authentication 144

WIRED Threat Level

FEBRUARY 16, 2024

A surprise disclosure of a national security threat by the House Intelligence chair was part of an effort to block legislation that aimed to limit cops and spies from buying Americans' private data.

Surveillance 139

Surveillance 139

Tech Republic Security

FEBRUARY 14, 2024

Maintaining security is important in business, and iProVPN uses AES 256-bit encryption to keep your data secure — even on public Wi-Fi networks.

Encryption 165

Encryption VPN 165

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

FEBRUARY 12, 2024

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA).

Ransomware 142

Ransomware Encryption Internet Internet 142

Malwarebytes

FEBRUARY 12, 2024

The Federal Communications Commission (FCC) has announced that calls made with voices generated with the help of Artificial Intelligence (AI) will be considered “artificial” under the Telephone Consumer Protection Act (TCPA). Effective immediately, that makes robocalls that implement voice cloning technology and target consumers illegal. Robocalls are automated phone calls, often associated with scams, which can be a nuisance to individuals and businesses alike.

Scams 140

Scams Artificial Intelligence Consumer Protection Technology 140

Digital Shadows

FEBRUARY 13, 2024

ReliaQuest has detected a variant of the SocGholish malware that uses Python instead of PowerShell for persistence, signaling an evolution in the TTPs of threat actors utilizing this malware.

Malware 138

Malware 138

Tech Republic Security

FEBRUARY 15, 2024

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized. Using a guide and pre-formatted malware response checklist, written by Erik Eckel.

Malware 141

Malware Social Engineering Engineering Software 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity