Schneier on Security

AUGUST 5, 2024

Ford has a new patent application for a system where cars monitor each other’s speeds, and then report then to some central authority. Slashdot thread.

Surveillance 327

Surveillance 327

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.

Banking 282

Banking Cybercrime Accountability Retail 282

The Last Watchdog

AUGUST 3, 2024

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

Hacking 246

Hacking Internet Internet Software 246

Lohrman on Security

AUGUST 4, 2024

As Delta Air Lines, and many other public and private organizations, tally the business costs from the unprecedented incident caused by a CrowdStrike update, lawyers debate contract language.

Insurance 198

Insurance 198

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

AUGUST 9, 2024

Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out.

307

307

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim’s operations.

Ransomware 257

Ransomware Insurance Healthcare Education 257

The Last Watchdog

AUGUST 5, 2024

LAS VEGAS — Humans, unsurprisingly, remain the weak link in cybersecurity. Related: Digital identity best practices We’re gullible – and we can’t get away from relying on usernames and passwords. Steady advances in software and hardware mechanisms to secure identities and privileged access have helped; yet crippling network breaches that start by fooling or spoofing a single human user continue to proliferate.

System Administration 173

System Administration Passwords Encryption Internet 173

Penetration Testing

AUGUST 8, 2024

Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

AUGUST 8, 2024

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

AUGUST 9, 2024

Businesses in China, the U.K. and the U.S. are using generative AI more than Australia. But the Aussies lead in understanding, planning for, and implementing generative AI use policies.

Artificial Intelligence 185

Artificial Intelligence Big data 185

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Last Watchdog

AUGUST 6, 2024

LAS VEGAS — As Black Hat USA 2024 plays out here this week, the disruptive impact of GenAI/LLM at many different levels will be in the spotlight. Related : GenAI introduces fresh risks We’re in early days. The productivity gains are ramping up – but so are the exposures. I had the chance to visit with Amod Gupta , head of product at Traceable ; we discussed how GenAI/LLM is reverberating at the API level, where hyper-interconnectivity continues to intensify.

Risk 147

Risk Internet Internet Cybersecurity 147

Security Affairs

AUGUST 4, 2024

Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. A proposed class action claims that Jerico Pictures Inc., operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April.

Data breaches 145

Data breaches Hacking Information Security 145

Penetration Testing

AUGUST 4, 2024

In a recent security bulletin, Microsoft disclosed a critical vulnerability in Windows File Explorer, identified as CVE-2024-38100, with a CVSS score of 7.8. This flaw, discovered by Andrea Pierini from Semperis, allows attackers to... The post CVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

AUGUST 7, 2024

Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.

Cybersecurity 178

Cybersecurity Artificial Intelligence 178

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

AUGUST 7, 2024

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.

143

143

Security Affairs

AUGUST 7, 2024

Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts. Sonar’s Vulnerability Research Team discovered a critical Cross-Site Scripting (XSS) vulnerability in the popular open-source webmail software Roundcube. Roundcube is included by default in the server hosting panel cPanel which has millions of installations worldwide.

Passwords 144

Passwords Government Accountability Software 144

The Hacker News

AUGUST 9, 2024

Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences.

Cybersecurity 143

Cybersecurity 143

Tech Republic Security

AUGUST 6, 2024

IBM’s recent Cost of a Data Breach report found that the average cost of a data breach in Australia reached a record-high in 2024. Explore additional key findings and how the Australian government is mitigating these threats.

Data breaches 158

Data breaches Government Artificial Intelligence Cybersecurity 158

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

AUGUST 9, 2024

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

Hacking 142

Hacking 142

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations.

Malware 143

Malware DNS Firewall Software 143

The Hacker News

AUGUST 9, 2024

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.

141

141

Tech Republic Security

AUGUST 5, 2024

If you’re on the hunt for Urban VPN alternatives, check out our in-depth analysis of Proton VPN, TunnelBear and other VPN providers.

VPN 156

VPN 156

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

AUGUST 6, 2024

If you’ve been following any news about ransomware , you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And it’s back, with full force, demanding four figure ransoms to unencrypt data.

Ransomware 141

Ransomware Artificial Intelligence Encryption Software 141

Security Affairs

AUGUST 7, 2024

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.

Spyware 142

Spyware Malware Encryption Data collection 142

The Hacker News

AUGUST 7, 2024

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.

Software 140

Software Cybersecurity 140

Tech Republic Security

AUGUST 9, 2024

Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware.

Malware 152

Malware Internet Internet DNS 152

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

AUGUST 3, 2024

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.

Software 139

Software Malware Internet Internet 139

Security Affairs

AUGUST 6, 2024

Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices. Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. The incident impacted users globally, the attackers remotely wiped a small percentage of devices, according to the company.

Mobile 142

Mobile Education Hacking Cybercrime 142

The Hacker News

AUGUST 9, 2024

The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a "laptop farm" to help get North Koreans remote jobs with American and British companies.

138

138

Tech Republic Security

AUGUST 8, 2024

Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.

Banking 152

Banking Authentication Software Network Security 152

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk