Schneier on Security
AUGUST 9, 2024
Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out.
The Last Watchdog
AUGUST 3, 2024
When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 7, 2024
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.
Lohrman on Security
AUGUST 4, 2024
As Delta Air Lines, and many other public and private organizations, tally the business costs from the unprecedented incident caused by a CrowdStrike update, lawyers debate contract language.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
AUGUST 6, 2024
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of dollars. We need one. To be sure, there is the White House’s Cyber Safety Review Board.
Tech Republic Security
AUGUST 5, 2024
Australia’s public sector agencies are under increasing pressure to improve their readiness for cyber attacks and data breaches, as surveys and investigations find their preparedness lackluster.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
AUGUST 8, 2024
Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.
Schneier on Security
AUGUST 5, 2024
Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread.
Tech Republic Security
AUGUST 9, 2024
Businesses in China, the U.K. and the U.S. are using generative AI more than Australia. But the Aussies lead in understanding, planning for, and implementing generative AI use policies.
WIRED Threat Level
AUGUST 9, 2024
Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
AUGUST 4, 2024
In a recent security bulletin, Microsoft disclosed a critical vulnerability in Windows File Explorer, identified as CVE-2024-38100, with a CVSS score of 7.8. This flaw, discovered by Andrea Pierini from Semperis, allows attackers to... The post CVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks appeared first on Cybersecurity News.
Bleeping Computer
AUGUST 7, 2024
SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.
Tech Republic Security
AUGUST 6, 2024
IBM’s recent Cost of a Data Breach report found that the average cost of a data breach in Australia reached a record-high in 2024. Explore additional key findings and how the Australian government is mitigating these threats.
Security Affairs
AUGUST 4, 2024
Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
AUGUST 8, 2024
The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.
The Hacker News
AUGUST 8, 2024
Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.
Tech Republic Security
AUGUST 9, 2024
Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware.
Security Affairs
AUGUST 4, 2024
A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
AUGUST 6, 2024
If you’ve been following any news about ransomware , you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And it’s back, with full force, demanding four figure ransoms to unencrypt data.
The Hacker News
AUGUST 9, 2024
Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences.
Tech Republic Security
AUGUST 9, 2024
Discover the difference between types of IVR testing tools, ensuring optimal performance and security for your business phone system. Plus, we’ll show you when to DIY or call in the pros.
Security Affairs
AUGUST 7, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
AUGUST 6, 2024
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [.
The Hacker News
AUGUST 9, 2024
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.
Tech Republic Security
AUGUST 8, 2024
Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.
Security Affairs
AUGUST 4, 2024
China-linked group APT41 breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. Cisco Talos researchers reported that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41 group. The campaign started as early as July 2023 and threat actors delivered the ShadowPad malware, Cobalt Strike , and other post-exploitation tools.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
AUGUST 3, 2024
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.
Security Boulevard
AUGUST 7, 2024
Rubrik at the Black Hat USA 2024 conference today revealed it is partnering with the Mandiant arm of Google to reduce the amount of time organizations require to recover from a cybersecurity breach. The post Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability appeared first on Security Boulevard.
Tech Republic Security
AUGUST 7, 2024
Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.
Security Affairs
AUGUST 6, 2024
Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices. Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. The incident impacted users globally, the attackers remotely wiped a small percentage of devices, according to the company.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
260 
Let's personalize your content