Schneier on Security

AUGUST 16, 2024

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

288

288

Krebs on Security

AUGUST 13, 2024

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Internet 249

Internet Internet Malware Software 249

Troy Hunt

AUGUST 10, 2024

When is a breach a breach? If it's been breached then re-breached , is the second incident still a breach? Here's what the masses said when I asked if they'd want to know when something like this happened to their data: If you're in a breach and your data is aggregated by a third party, then *they* have a breach that discloses your data (again), would you want to know?

243

243

Lohrman on Security

AUGUST 11, 2024

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry.

Cybersecurity 220

Cybersecurity 220

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

AUGUST 15, 2024

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Encryption 282

Encryption Backups Authentication Technology 282

Tech Republic Security

AUGUST 13, 2024

On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.

Data breaches 218

Data breaches 218

WIRED Threat Level

AUGUST 15, 2024

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Hacking 139

Hacking 139

Schneier on Security

AUGUST 14, 2024

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.

Insurance 265

Insurance Manufacturing Technology Data collection 265

Tech Republic Security

AUGUST 16, 2024

NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.

Encryption 183

Encryption Artificial Intelligence Cybersecurity 183

Security Boulevard

AUGUST 16, 2024

Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity. The post Striking a Balance Between Business Growth, Risk Management and Cybersecurity appeared first on Security Boulevard.

Risk 132

Risk Cybersecurity Security Awareness 132

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Affairs

AUGUST 16, 2024

Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).

Firewall 131

Firewall Engineering Hacking Information Security 131

Schneier on Security

AUGUST 12, 2024

Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes.

Artificial Intelligence 263

Artificial Intelligence Risk 263

Tech Republic Security

AUGUST 13, 2024

A StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications

Cybersecurity 169

Cybersecurity 169

WIRED Threat Level

AUGUST 14, 2024

Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.

Wireless 132

Wireless Hacking 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

AUGUST 13, 2024

Security researchers have disclosed the technical details and proof-of-concept (PoC) exploit codes for three vulnerabilities (CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free”... The post Linux Kernel Vulnerabilities Expose Systems to Privilege Escalation: Flaws Detailed and Exploit Code Released appeared first on Cybersecurity News.

Cybersecurity 131

Cybersecurity 131

Schneier on Security

AUGUST 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.

234

234

Tech Republic Security

AUGUST 14, 2024

Cybersecurity professionals are experiencing high levels of stress, which can have both business and personal implications. Here’s how they can improve their mental health.

CISO 147

CISO Cybersecurity Media 147

The Hacker News

AUGUST 12, 2024

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.

132

132

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

AUGUST 16, 2024

Trust is vital to upholding the entire ecosystem in which all businesses operate, and the erosion of trust has considerable consequences for everyone. The post Holding Trust for Ransom: What’s at Stake as Business Trust Erodes appeared first on Security Boulevard.

Security Awareness 127

Security Awareness Risk Cybercrime Ransomware 127

WIRED Threat Level

AUGUST 16, 2024

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.

Data breaches 127

Data breaches Risk Hacking 127

Tech Republic Security

AUGUST 15, 2024

ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.

VPN 163

VPN Internet Internet 163

Penetration Testing

AUGUST 14, 2024

MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing in the System... The post CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published appeared first on Cybersecurity News.

Manufacturing 126

Manufacturing Cybersecurity 126

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

AUGUST 16, 2024

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.

Risk 127

Risk Malware Software 127

Security Affairs

AUGUST 14, 2024

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Engineering 125

Engineering Hacking Information Security 125

Tech Republic Security

AUGUST 12, 2024

The CEO of a burgeoning cybersecurity firm spoke to TechRepublic about XDR, ransomware, the Crowdstrike outage and what organisations can do to prepare for cyberattacks.

Marketing 149

Marketing Ransomware Cybersecurity Artificial Intelligence 149

Penetration Testing

AUGUST 12, 2024

The PostgreSQL project has issued a security advisory, warning users of a serious vulnerability (CVE-2024-7348). The flaw, which carries a CVSS score of 8.8, exposes users to the risk of... The post Security Flaw in PostgreSQL: CVE-2024-7348 Allows Arbitrary SQL Execution appeared first on Cybersecurity News.

Risk 123

Risk Cybersecurity 123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

AUGUST 16, 2024

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.

Architecture 123

Architecture Cryptocurrency Cybercrime Malware 123

Security Affairs

AUGUST 12, 2024

Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).

Data breaches 125

Data breaches Authentication VPN Hacking 125

Tech Republic Security

AUGUST 14, 2024

Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.

145

145

Thales Cloud Protection & Licensing

AUGUST 13, 2024

The Post-Quantum Cryptography Algorithms are finalized! Now what? josh.pearson@t… Tue, 08/13/2024 - 16:11 With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

Computers and Electronics 118

Computers and Electronics Encryption Technology Internet 118

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity