Schneier on Security

NOVEMBER 20, 2024

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

Cybersecurity 179

Cybersecurity 179

Zero Day

NOVEMBER 20, 2024

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

Technology 131

Technology 131

The Hacker News

NOVEMBER 20, 2024

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

107

107

Zero Day

NOVEMBER 20, 2024

Your boss has read about the power of generative AI and wants you to stop dithering about potential risks and start delivering results.

Digital transformation 126

Digital transformation Risk Artificial Intelligence Technology 126

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

NOVEMBER 20, 2024

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.

Mobile 103

Mobile Banking 103

Security Affairs

NOVEMBER 20, 2024

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious w

Spyware 103

Spyware Hacking 103

Malwarebytes

NOVEMBER 20, 2024

A mobile network operator has called in the help of Artificial Intelligence (AI) in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up, because Daisy won’t. Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an

Scams 99

Scams Artificial Intelligence Banking Media 99

Penetration Testing

NOVEMBER 20, 2024

Qualys Threat Research Unit uncovers five local privilege escalation flaws, enabling unprivileged users to gain root access. The Qualys Threat Research Unit (TRU) has disclosed five critical vulnerabilities in the... The post Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart appeared first on Cybersecurity News.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

NOVEMBER 20, 2024

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.

Software 94

Software Engineering Risk Cybersecurity 94

Zero Day

NOVEMBER 20, 2024

These handy gadgets make for useful gifts during the holidays. If your loved one likes to be prepared for anything, you can't go wrong with these EDC essentials.

98

98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

NOVEMBER 20, 2024

Microsoft this week launched a raft of cybersecurity initiatives that address everything from making Windows platforms more secure to adding platforms that are more secure by design. The post Microsoft Adds Raft of Zero-Trust Tools and Platforms appeared first on Security Boulevard.

Cybersecurity 82

Cybersecurity Security Awareness 82

Zero Day

NOVEMBER 20, 2024

The emergency updates resolve two zero-day flaws that may have already been exploited in the wild.

115

115

The Hacker News

NOVEMBER 20, 2024

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes.

Cybersecurity 76

Cybersecurity 76

Penetration Testing

NOVEMBER 20, 2024

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the... The post CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution appeared first on Cybersecurity News.

77

77

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Zero Day

NOVEMBER 20, 2024

Do you want to build a website, but you're unsure where to start? You should start with a reputable hosting service. We've tested the top web hosting services that offer solid customer service and good value for the money.

81

81

Security Boulevard

NOVEMBER 20, 2024

BSODs begone! Redmond business leaders line up to say what’s new in Windows security. The post Microsoft Veeps Ignite Fire Under CrowdStrike appeared first on Security Boulevard.

Social Engineering 72

Social Engineering Engineering Security Awareness Risk 72

WIRED Threat Level

NOVEMBER 20, 2024

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Media 96

Media 96

Zero Day

NOVEMBER 20, 2024

Freely available to anyone, Bluesky offers key advantages over X, Threads, and other social networks. Here are 8 ways to achieve social nirvana.

115

115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

NOVEMBER 20, 2024

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers... The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.

72

72

Malwarebytes

NOVEMBER 20, 2024

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves. A co-worker who received such an email pointed it out to our team.

Scams 66

Scams Accountability Passwords Banking 66

Security Affairs

NOVEMBER 20, 2024

Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums announcing they have stolen 44,000 Ford customer records.

Data breaches 66

Data breaches Cybercrime Media Hacking 66

Security Boulevard

NOVEMBER 20, 2024

According to an IANS survey of more than 800 CISOs, roles such as business information security officers (BISOs), chiefs of staff and heads for privacy, program management and data protection are among the top positions being considered to support cybersecurity efforts. The post CISOs Look to Establish Additional Leadership Roles appeared first on Security Boulevard.

CISO 66

CISO Information Security Cybersecurity 66

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Zero Day

NOVEMBER 20, 2024

Merging Android and ChromeOS is a bold first step, but turning Android into a true alternative to MacOS, iPadOS, and Windows requires Google to make some big moves.

96

96

Security Boulevard

NOVEMBER 20, 2024

Scammers are using everything from fraudulent deals and fake ads to spoofed websites and brand impersonation to target online shoppers who are gearing up for Black Friday as the holiday buying season gets underway, according to cybersecurity firms. The post Black Friday Scammers are Hard at Work: Security Experts appeared first on Security Boulevard.

Cybersecurity 66

Cybersecurity Social Engineering Data privacy Scams 66

Penetration Testing

NOVEMBER 20, 2024

Aqua Nautilus security researchers have uncovered a novel attack vector where threat actors exploit misconfigured servers, particularly JupyterLab and Jupyter Notebook environments, to hijack computing resources for illegal live sports... The post New Attack Vector: Misconfigured Jupyter Servers Targeted for Illegal Streaming appeared first on Cybersecurity News.

61

61

SecureWorld News

NOVEMBER 20, 2024

As International Fraud Awareness Week (November 17–23) unfolds, the U.S. Internal Revenue Service ( IRS) is highlighting the critical role taxpayers, businesses, and professionals play in combating tax fraud. With tax scams on the rise, the IRS Office of Fraud Enforcement and IRS Criminal Investigation are amplifying efforts to educate the public on recognizing and reporting fraudulent schemes.

Scams 61

Scams Identity Theft Education Phishing 61

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

NOVEMBER 20, 2024

Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in July 2024 when... The post FrostyGoop: New ICS Malware Exploits Modbus TCP Protocol appeared first on Cybersecurity News.

61

61

Zero Day

NOVEMBER 20, 2024

This deal gets you a lifetime license to Microsoft Office 2019 for Windows or Mac and access to Microsoft Word, Excel, PowerPoint, and more for 88% off.

96

96

Penetration Testing

NOVEMBER 20, 2024

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the... The post WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts appeared first on Cybersecurity News.

61

61

Google Security

NOVEMBER 20, 2024

Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library ( CVE-2024-9143 ) that underpins much of internet infrastructure. The reports themselves aren’t unusual—we’ve reported and helped maintainers fix over 11,000 vulnerabilities in the 8 years of the project.

Architecture 67

Architecture Engineering Internet Internet 67

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government