Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars ­easily matching the most costly previous cyberattacks, such as NotPetya.

Marketing 324

Marketing Software Internet Internet 324

The Last Watchdog

JULY 25, 2024

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

Technology 317

Technology Ransomware Software Cyber Attacks 317

Krebs on Security

JULY 26, 2024

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google

Accountability 297

Accountability Authentication Cryptocurrency Web Fraud 297

Joseph Steinberg

JULY 23, 2024

CyberSecurity Expert Witness and Board Member , Joseph Steinberg, will, tomorrow, Wednesday, July 24th, 2024, speak with the public as part of a panel of experts from Columbia University, discussing both the recent CrowdStrike-Microsoft cybersecurity incident, and the incident’s ongoing global impact. On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 million devices running Microsoft Windows, disrupting air travel, hospitals, gov

Artificial Intelligence 284

Artificial Intelligence Cybersecurity Government Technology 284

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

JULY 26, 2024

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra

Firmware 320

Firmware Encryption Manufacturing Passwords 320

Troy Hunt

JULY 24, 2024

Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was

Data breaches 271

Data breaches 271

Lohrman on Security

JULY 21, 2024

Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.

Ransomware 262

Ransomware Government 262

Schneier on Security

JULY 24, 2024

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t

Internet 309

Internet Internet Computers and Electronics Media 309

Troy Hunt

JULY 21, 2024

It feels weird to be writing anything right now that isn't somehow related to Friday's CrowdStrike incident, but given I recorded this video just a few hours before all hell broke loose, it'll have to wait until next week. This week, the issue that really has me worked up is data breach victim notification or more specifically, lack thereof.

Data breaches 235

Data breaches InfoSec Spyware Government 235

Tech Republic Security

JULY 24, 2024

Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.

eCommerce 199

eCommerce Malware 199

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services.

DNS 145

DNS Software Internet Internet 145

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.

Architecture 305

Architecture Data privacy 305

WIRED Threat Level

JULY 24, 2024

A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.

Data collection 145

Data collection Engineering 145

Tech Republic Security

JULY 23, 2024

Australia is among the APAC governments forging closer ties with the private sector due to the realisation that the public sector can no longer fight the increase in cyber criminals alone.

Government 187

Government Ransomware 187

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JULY 24, 2024

A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients.

Data breaches 145

Data breaches Insurance Accountability Banking 145

Schneier on Security

JULY 23, 2024

It’s heavily redacted , but still interesting. Many more ODNI documents here.

251

251

Security Boulevard

JULY 24, 2024

Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas. The post CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates appeared first on Security Boulevard.

IoT 144

IoT Security Awareness Software Risk 144

Tech Republic Security

JULY 24, 2024

Discover whether NordVPN’s better speeds and extra features are worth the cost, or if you’ll be satisfied with PIA VPN’s more affordable pricing.

VPN 173

VPN Internet Internet 173

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JULY 23, 2024

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure.

DDOS 145

DDOS Government Hacking Accountability 145

Schneier on Security

JULY 22, 2024

This is a fantastic video. It’s an Iranian spider-tailed horned viper ( Pseudocerastes urarachnoides ). Its tail looks like a spider, which the snake uses to fool passing birds looking for a meal.

238

238

The Hacker News

JULY 26, 2024

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.

Ransomware 144

Ransomware Healthcare Government Technology 144

Tech Republic Security

JULY 24, 2024

The hybrid multicloud strategies that many Australian enterprises have adopted over the last decade could be made more complex by new AI applications. The only solutions could be rationalisation or an abstraction layer.

Artificial Intelligence 165

Artificial Intelligence 165

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JULY 25, 2024

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the Aut

Engineering 144

Engineering Hacking Risk Information Security 144

Malwarebytes

JULY 25, 2024

Some Windows users may see a BitLocker Recovery screen after applying the Microsoft patch Tuesday updates. BitLocker is a Windows security feature that encrypts entire drives. It prevents someone that has obtained a stolen or lost device from reading the files stored on that drive. Unfortunately, though, Microsoft launched an update this month that has caused problems for some Windows systems.

Encryption 143

Encryption Firmware Accountability Risk 143

The Hacker News

JULY 24, 2024

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.

Cybersecurity 144

Cybersecurity 144

Tech Republic Security

JULY 22, 2024

Which VPN is better, Surfshark or CyberGhost? Compare these VPNs with our guide and find out which one is best for you.

VPN 156

VPN 156

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 20, 2024

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit from the recent IT outage caused by the faulty update of the cybersecurity firm to distribute Remcos RAT malware. The threat actors attempted to distribute the Remcos RAT to the customers of the cybersecurity firm in Latin America under the guise of providing an emergency fix for the problem.

Malware 145

Malware Advertising Cryptocurrency Cybersecurity 145

We Live Security

JULY 22, 2024

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos.

144

144

The Hacker News

JULY 20, 2024

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.

Malware 145

Malware Cybersecurity 145

Tech Republic Security

JULY 23, 2024

Bitwarden’s affordability and extensive MFA options give it the slight edge over Dashlane’s uber-polished password management experience. Read more below.

Password Management 154

Password Management Passwords 154

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity