Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete syste

Firewall 328

Firewall Data breaches Malware Risk 328

The Last Watchdog

JULY 1, 2024

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

Manufacturing 278

Manufacturing Risk Internet Internet 278

Troy Hunt

JUNE 30, 2024

Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.

Data breaches 250

Data breaches Government InfoSec Passwords 250

Javvad Malik

JULY 5, 2024

As I sit here, reflecting on the recent news of the ransomware attack on pathology lab Synnovis, I can’t help but feel a sense of unease wash over me. It’s not just another headline or statistic; this time, it’s a bit more personal. My neighbour, Oliver Dowson , is one of the many individuals directly affected by this breach, his heart valve replacement surgery postponed indefinitely due to the fallout.

Healthcare 208

Healthcare Data breaches Cybersecurity Cybercrime 208

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JULY 2, 2024

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.

Surveillance 263

Surveillance 263

Tech Republic Security

JULY 1, 2024

Security analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.

Software 204

Software 204

Lohrman on Security

JUNE 30, 2024

I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.

Government 196

Government 196

Schneier on Security

JULY 1, 2024

A new paper , “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

260

260

Tech Republic Security

JULY 5, 2024

Travelling for work can open employees up to a new host of security threats, including insecure Wi-Fi networks, infected public charging ports and Bluetooth attacks.

Big data 196

Big data VPN Mobile 196

Troy Hunt

JULY 5, 2024

It's a long one this week, in part due to the constant flood of new breaches and disclosures I discuss. I regularly have disclosure notices forwarded to me by followers who find themselves in new breaches, and it's always fascinating to hear how they're worded. You get a real sense of how much personal ownership a company is taking, how much blame they're putting back on the hackers and increasingly, how much they've been written by lawyers.

Data breaches 234

Data breaches Banking Software 234

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JULY 5, 2024

On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this... The post Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak appeared first on Cybersecurity News.

DNS 145

DNS Cybersecurity 145

The Hacker News

JULY 5, 2024

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.

DDOS 145

DDOS Banking 145

Tech Republic Security

JULY 3, 2024

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 194

Software Information Security 194

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other employees, but they did not access the source code of the company’s systems.

Artificial Intelligence 145

Artificial Intelligence Technology Risk Hacking 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JULY 3, 2024

Recently, a critical local privilege escalation vulnerability has been identified in MSI Center, a popular system management application for Windows OS. Tracked as CVE-2024-37726, this vulnerability affects all versions of MSI Center up to... The post CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

JULY 3, 2024

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests.

Accountability 145

Accountability 145

Tech Republic Security

JULY 3, 2024

Bitwarden vs KeePass: Who comes out on top? Dive into our 2024 analysis and make the best decision for your security needs!

Password Management 181

Password Management Passwords 181

Malwarebytes

JULY 1, 2024

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.

Wireless 144

Wireless Cybercrime Media Encryption 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

JULY 1, 2024

The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)... The post CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

JULY 1, 2024

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

145

145

Tech Republic Security

JULY 2, 2024

Which is better, Surfshark or IPVanish? Use our guide to help you compare pricing, features and more.

VPN 169

VPN 169

Security Affairs

JULY 2, 2024

Prudential Financial confirmed that more than 2.5 million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the data breach it suffered in February 2024 affected over 2.5 million individuals. The incident occurred on February 4, 2024, and was discovered on February 5, 2024.

Data breaches 143

Data breaches Insurance Cyber Attacks Ransomware 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JULY 5, 2024

The cybercriminals who claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k barcodes for free for Taylor Swift’s ERAS Tour.

Data breaches 142

Data breaches Phishing Risk Cybersecurity 142

The Hacker News

JULY 1, 2024

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

Scams 145

Scams 145

Tech Republic Security

JULY 4, 2024

Rates have declined by 15% since the market peak in 2022, according to Howden Insurance Brokers.

Insurance 165

Insurance Cyber Insurance Marketing Backups 165

Security Affairs

JULY 5, 2024

Hackers compromised Ethereum ‘s mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum’s mailing list provider and on the night of June 23, they sent an email to the 35,794 addresses. The email was sent from the address ‘updates@blog.ethereum.org’ and included a link to a malicious site running a crypto drainer. “This website had a crypto drainer running in the background, and if a user initiate

Phishing 143

Phishing Hacking Risk Information Security 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JULY 3, 2024

While it's unlikely that quantum computers are currently in the hands of cybercriminals or hostile nation-states, they will be. The post How to Achieve Crypto Resilience for a Post-Quantum World appeared first on Security Boulevard.

Security Awareness 141

Security Awareness Risk Government Cybersecurity 141

The Hacker News

JULY 1, 2024

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.

Malware 145

Malware Authentication Software 145

Tech Republic Security

JULY 1, 2024

Is Surfshark better than AVG? Is AVG Secure VPN worth it? Find out which VPN is better with our guide.

VPN 148

VPN 148

Security Affairs

JUNE 30, 2024

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Accountability 143

Accountability Hacking Architecture Malware 143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity