Schneier on Security
AUGUST 9, 2024
Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out.
The Last Watchdog
AUGUST 3, 2024
When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 7, 2024
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.
Lohrman on Security
AUGUST 4, 2024
As Delta Air Lines, and many other public and private organizations, tally the business costs from the unprecedented incident caused by a CrowdStrike update, lawyers debate contract language.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Schneier on Security
AUGUST 6, 2024
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of dollars. We need one. To be sure, there is the White House’s Cyber Safety Review Board.
Tech Republic Security
AUGUST 5, 2024
Australia’s public sector agencies are under increasing pressure to improve their readiness for cyber attacks and data breaches, as surveys and investigations find their preparedness lackluster.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
AUGUST 9, 2024
Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
Schneier on Security
AUGUST 5, 2024
Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread.
Tech Republic Security
AUGUST 9, 2024
Businesses in China, the U.K. and the U.S. are using generative AI more than Australia. But the Aussies lead in understanding, planning for, and implementing generative AI use policies.
Penetration Testing
AUGUST 8, 2024
Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Bleeping Computer
AUGUST 7, 2024
SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.
WIRED Threat Level
AUGUST 8, 2024
The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.
Tech Republic Security
AUGUST 6, 2024
IBM’s recent Cost of a Data Breach report found that the average cost of a data breach in Australia reached a record-high in 2024. Explore additional key findings and how the Australian government is mitigating these threats.
Penetration Testing
AUGUST 4, 2024
In a recent security bulletin, Microsoft disclosed a critical vulnerability in Windows File Explorer, identified as CVE-2024-38100, with a CVSS score of 7.8. This flaw, discovered by Andrea Pierini from Semperis, allows attackers to... The post CVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks appeared first on Cybersecurity News.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
AUGUST 9, 2024
Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences.
Trend Micro
AUGUST 8, 2024
Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures.
Tech Republic Security
AUGUST 9, 2024
Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware.
Security Affairs
AUGUST 4, 2024
Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
AUGUST 8, 2024
Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.
Malwarebytes
AUGUST 6, 2024
If you’ve been following any news about ransomware , you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And it’s back, with full force, demanding four figure ransoms to unencrypt data.
Tech Republic Security
AUGUST 9, 2024
Discover the difference between types of IVR testing tools, ensuring optimal performance and security for your business phone system. Plus, we’ll show you when to DIY or call in the pros.
Security Affairs
AUGUST 4, 2024
A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
AUGUST 9, 2024
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.
Penetration Testing
AUGUST 9, 2024
Menlo Security has uncovered a new phishing campaign that exploits Google Drawings to bypass security systems and deceive users, compelling victims to click on fraudulent links designed to steal sensitive... The post Beware: Hackers Use Google Drawings & WhatsApp Links to Steal Data appeared first on Cybersecurity News.
Tech Republic Security
AUGUST 8, 2024
Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.
Bleeping Computer
AUGUST 6, 2024
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
AUGUST 7, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
The Hacker News
AUGUST 9, 2024
Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).
Tech Republic Security
AUGUST 7, 2024
Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.
Bleeping Computer
AUGUST 6, 2024
A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
245 
Let's personalize your content