Krebs on Security
AUGUST 15, 2024
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records.
Schneier on Security
AUGUST 16, 2024
The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 12, 2024
LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.
Troy Hunt
AUGUST 10, 2024
When is a breach a breach? If it's been breached then re-breached , is the second incident still a breach? Here's what the masses said when I asked if they'd want to know when something like this happened to their data: If you're in a breach and your data is aggregated by a third party, then *they* have a breach that discloses your data (again), would you want to know?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
AUGUST 13, 2024
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.
Schneier on Security
AUGUST 15, 2024
From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 13, 2024
On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.
Security Affairs
AUGUST 16, 2024
Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsoft urges customers to fix a critical TCP/IP remote code execution (RCE) flaw, tracked as CVE-2024-38063 (CVSS score 9.8), in the TCP/IP stack. The vulnerability impacts all systems with IPv6 enabled (IPv6 is enabled by default).
Schneier on Security
AUGUST 14, 2024
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
Security Boulevard
AUGUST 16, 2024
Evolving threat actor tactics are capitalizing on business and technology consolidation to launch widespread ransomware attacks and requiring organizations to rethink how to address new vulnerabilities to stay secure and resilient. The post Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
AUGUST 16, 2024
NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.
Security Affairs
AUGUST 16, 2024
Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. Researchers form mobile security firm iVerify reported that the issue stems from a pre-installed Android app called “Showcase.apk,” which runs with excessive system privileges, allowing it to remotely execute co
Schneier on Security
AUGUST 12, 2024
Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes.
Security Boulevard
AUGUST 16, 2024
Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity. The post Striking a Balance Between Business Growth, Risk Management and Cybersecurity appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 13, 2024
A StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications
Security Affairs
AUGUST 14, 2024
Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.
Schneier on Security
AUGUST 13, 2024
Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation.
WIRED Threat Level
AUGUST 14, 2024
Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
AUGUST 14, 2024
Cybersecurity professionals are experiencing high levels of stress, which can have both business and personal implications. Here’s how they can improve their mental health.
Security Affairs
AUGUST 10, 2024
Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow. An extortion attempt had a tragic outcome, cybercriminals took control of a cow milking robot and demanded a ransom from a farmer, but he did not pay, resulting in the death of a cow. In November 2023, farmer Vital Bircher received a message from his milking robot on his phone, then he noticed that the device’s display was blank and was missing essential da
Schneier on Security
AUGUST 14, 2024
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.
The Hacker News
AUGUST 12, 2024
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
AUGUST 12, 2024
The CEO of a burgeoning cybersecurity firm spoke to TechRepublic about XDR, ransomware, the Crowdstrike outage and what organisations can do to prepare for cyberattacks.
Security Affairs
AUGUST 12, 2024
Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).
WIRED Threat Level
AUGUST 15, 2024
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
The Hacker News
AUGUST 16, 2024
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
AUGUST 15, 2024
ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.
Security Boulevard
AUGUST 16, 2024
Trust is vital to upholding the entire ecosystem in which all businesses operate, and the erosion of trust has considerable consequences for everyone. The post Holding Trust for Ransom: What’s at Stake as Business Trust Erodes appeared first on Security Boulevard.
WIRED Threat Level
AUGUST 16, 2024
Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.
Security Affairs
AUGUST 14, 2024
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
342 
Let's personalize your content