Schneier on Security
SEPTEMBER 27, 2024
NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
Krebs on Security
SEPTEMBER 25, 2024
The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 24, 2024
Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.
Tech Republic Security
SEPTEMBER 27, 2024
Google Password Manager is a free password management service built into Chrome and Google apps. Learn how it works and how secure it is in this detailed review.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Schneier on Security
SEPTEMBER 23, 2024
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.
Krebs on Security
SEPTEMBER 26, 2024
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 24, 2024
The Secure Future Initiative was created around the same time the U.S. Cyber Safety Review Board chided Redmond for having a poor security culture.
Schneier on Security
SEPTEMBER 25, 2024
Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.
WIRED Threat Level
SEPTEMBER 26, 2024
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
Penetration Testing
SEPTEMBER 25, 2024
A severe security flaw has been identified in the popular WordPress plugin The Events Calendar, affecting all versions up to and including 6.6.4. Designated as CVE-2024-8275, the vulnerability has been... The post Critical SQL Injection Vulnerability Discovered in ‘The Events Calendar’ WordPress Plugin (CVE-2024-8275) appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
SEPTEMBER 27, 2024
Mimecast said a phishing campaign using Atlassian workspaces shows the growing sophistication of cyber threat actors.
Schneier on Security
SEPTEMBER 26, 2024
A good —long, complex—analysis of the EU’s new Cyber Resilience Act.
The Hacker News
SEPTEMBER 26, 2024
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.
Penetration Testing
SEPTEMBER 23, 2024
A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for unauthenticated remote code execution (RCE), has been... The post Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure appeared first on Cybersecurity News.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 25, 2024
U.K. IT pros are adopting a “Titanic mindset,” a study has found, as they are blind to the upcoming iceberg of their data recovery solution.
Schneier on Security
SEPTEMBER 27, 2024
Fishermen are catching more squid as other fish are depleted. Blog moderation policy.
Security Boulevard
SEPTEMBER 26, 2024
Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals. The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 25, 2024
The Hewlett Packard Enterprise (HPE) Product Security Response Team has issued a critical advisory concerning multiple command injection vulnerabilities (CVE-2024-42505, CVE-2024-42506, CVE-2024-42507) affecting Aruba Access Points running Instant AOS-8 and... The post CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action appeared first on Cybersecurity News.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
SEPTEMBER 25, 2024
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
Google Security
SEPTEMBER 25, 2024
Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding , a secure-by-design approach that prioritizes transitioning to memory-safe languages.
Security Boulevard
SEPTEMBER 27, 2024
An outline of the six most significant cloud security threats facing your organization and tips for reducing your exposure and strengthening defenses. The post Top 6 Cloud Security Threats to Watch Out For appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 22, 2024
In a concerning development for organizations relying on Keycloak for secure identity and access management, a high-severity vulnerability has been discovered in its SAML signature validation process. Tracked as CVE-2024-8698,... The post CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
SEPTEMBER 23, 2024
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform.
Tech Republic Security
SEPTEMBER 27, 2024
Setting up a conference bridge isn't hard, but you don’t want to get it wrong for important calls. Learn how to bridge calls securely.
Security Boulevard
SEPTEMBER 26, 2024
But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare. The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 26, 2024
HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designated as CVE-2024-7594 and... The post HashiCorp Vault Flaw (CVE-2024-759): Unrestricted SSH Access Threatens System Security appeared first on Cybersecurity News.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Trend Micro
SEPTEMBER 26, 2024
On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.
Tech Republic Security
SEPTEMBER 26, 2024
Engage in active learning to build skills, confidence, and competence through practical, hands-on experience with professional feedback.
Security Boulevard
SEPTEMBER 27, 2024
While the FTC has been a pivotal player in advancing data privacy and security standards, the evolving legal landscape underscores the need for clearer statutory guidance. The post Supreme Court Ruling May Question FTC Authority to Regulate Privacy and Security appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 26, 2024
Users of the popular VLC media player are being urged to update their software immediately following the discovery of a critical vulnerability that could allow malicious actors to crash the... The post VLC Media Player Update Needed: CVE-2024-46461 Discovered appeared first on Cybersecurity News.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
300 
Let's personalize your content