Schneier on Security
DECEMBER 11, 2023
It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.
Joseph Steinberg
DECEMBER 11, 2023
Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Washington, DC — December 11, 2023 — The International Association of Chiefs of Police (IACP) has appointed long-time information-security-industry veteran and cybersecurity expert witness, Joseph Steinberg, to the organization’s Computer Crime & Digital Evidence Committee.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
DECEMBER 11, 2023
A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.
Tech Republic Security
DECEMBER 11, 2023
Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 11, 2023
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. [.
Tech Republic Security
DECEMBER 11, 2023
Hotspot Shield’s speed-oriented features may not be enough to overcome its lack of testing and questionable data logs. Read more in our full review below.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
DECEMBER 11, 2023
Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these (depending on the social media platform): “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery addresses. Remove it! I had 2 added to mine.” Hub lockers are local secure places for people to pick up their Amazon order rather than risk them being left on a doorstep, so the concern was that someone
Bleeping Computer
DECEMBER 11, 2023
Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. [.
Security Boulevard
DECEMBER 11, 2023
The post The top cyber security news stories of 2023 appeared first on Click Armor. The post The top cyber security news stories of 2023 appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 11, 2023
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 11, 2023
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.
Bleeping Computer
DECEMBER 11, 2023
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [.
Security Affairs
DECEMBER 11, 2023
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data.
Bleeping Computer
DECEMBER 11, 2023
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 11, 2023
SMBs are low-hanging fruit for cybercriminals because they have limited IT resources, staff and cybersecurity defenses. The post Why Cybersecurity Needs To Be an SMB Priority appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 11, 2023
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [.
We Live Security
DECEMBER 11, 2023
AI has been around for a while now, but governments are only starting to issue legislation to regulate it. Is it too late? Have we learned nothing from late IoT regulations that left the market swamped with old insecure devices?
Security Boulevard
DECEMBER 11, 2023
Take a look at Fred’s must-reads for the holiday season. I always enjoy thinking back over the last year, remembering the new books that I’ve enjoyed and learned from, but also the books I’ve read in the past that resurfaced in life and work this year. When putting together a book and film recommendation list,… The post Fred Burton’s 2023 Holiday Reading List appeared first on Ontic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 11, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-41265 (CVSS score 9.6)- Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an atta
Penetration Testing
DECEMBER 11, 2023
headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/headerpwn@v0.0.3 Use headerpwn allows you to test various headers on a target URL and analyze the... The post headerpwn: A fuzzer for analyzing how servers respond to different HTTP headers appeared first on Penetration Testing.
The Hacker News
DECEMBER 11, 2023
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
Penetration Testing
DECEMBER 11, 2023
In the shadowy world of cyber threats, PlugX stands out as a sophisticated and insidious malware, leaving a digital trail of espionage and evasion. Recently, the Splunk Threat Research Team (STRT) unraveled the mystery... The post PlugX malware: The Enigma of Cyber Espionage Unveiled appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
DECEMBER 11, 2023
The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.
WIRED Threat Level
DECEMBER 11, 2023
Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.
SecureWorld News
DECEMBER 11, 2023
Have you been thinking about digital trust? How do you trust an algorithm that's making thousands of decisions a second when you don't even know how it works? And how do you trust a company that is silently tracking your movements every day, collecting data on you, and not telling you what they do with that data? With our digital global economy being founded on trust, we need to establish a meaningful definition of "digital trust.
The Hacker News
DECEMBER 11, 2023
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
DECEMBER 11, 2023
December 15, 2023, marks a significant shift in the cybersecurity landscape for publicly traded companies. The U.S. Securities and Exchange Commission (SEC) has implemented new cyber incident disclosure rules, requiring companies to be more transparent and timely in their communication of cybersecurity breaches and vulnerabilities. The SEC announced its new cyber incident disclosure rules on July 26, 2023, when it appeared the rules were effective immediately.
Thales Cloud Protection & Licensing
DECEMBER 11, 2023
How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification madhav Tue, 12/12/2023 - 05:21 Given the pace of data growth and the complexity of hybrid IT environments, the discovery and classification of sensitive data is no simple task. In a recent study , IDC predicted the global datasphere will more than double in size from 2022 to 2026, and that 80% of that data will be unstructured.
The Hacker News
DECEMBER 11, 2023
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution.
WIRED Threat Level
DECEMBER 11, 2023
With its war against Russia raging on, Ukraine has begun raising funds to rebuild homes and structures one by one using its own crowdfunding platform.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
267 
Let's personalize your content