Cyber Security Informer

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers.

Malware

Malware Software Risk

Demystifying Cybersecurity’s Public Companies

Security Boulevard

JANUARY 19, 2024

It's a lot harder to come up with a list of public cybersecurity companies than you'd think. The post Demystifying Cybersecurity’s Public Companies appeared first on Security Boulevard. Here are the reasons why, plus an honest attempt to get the list right.

Cybersecurity

Cisco discloses root escalation flaw with public exploit code

Bleeping Computer

APRIL 17, 2024

Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. [.]

CISA makes its "Malware Next-Gen" analysis system publicly available

Bleeping Computer

APRIL 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [.]

Malware

Malware Cybersecurity Government

Cyber Public Health

Schneier on Security

NOVEMBER 25, 2020

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

Cybersecurity

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. city administrators that at least five different public DC Health websites were leaking sensitive information.

Banking

Banking Government Information Security Authentication

Navigating Public Company Cybersecurity Disclosures

Security Boulevard

DECEMBER 7, 2023

Transparency in the disclosure of cybersecurity incidents for public companies is no longer good practice – it’s now a regulatory necessity. The imminent requirement for public companies to disclose current material cybersecurity incidents is set to reshape the disclosure landscape for public companies.

Cybersecurity

Cybersecurity Information Security Government

Me on Public-Interest Tech

Schneier on Security

JUNE 3, 2022

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “ The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists.” ” It was something I was really proud of, and it’s finally up on the net.

Internet

Internet Internet Technology

Google moves to keep public sector cybersecurity vulnerabilities leashed

Tech Republic Security

APRIL 21, 2023

launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. The post Google moves to keep public sector cybersecurity vulnerabilities leashed appeared first on TechRepublic. Google Cloud and The Center for Internet Security, Inc.,

Cybersecurity

Cybersecurity Cyber threats Internet Internet

CISA Announces Malware Next-Gen Analysis for Public Access

Security Boulevard

APRIL 23, 2024

What is Malware Next-Gen It […] The post CISA Announces Malware Next-Gen Analysis for Public Access appeared first on TuxCare. The post CISA Announces Malware Next-Gen Analysis for Public Access appeared first on Security Boulevard.

Malware

Malware Cybersecurity Cyber threats Government

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Schneier on Security

FEBRUARY 14, 2024

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly.

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Security Affairs

APRIL 18, 2024

Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists.

Authentication

Authentication Hacking Information Security

Toronto Public Library Under Cyberattack

Heimadal Security

OCTOBER 31, 2023

Canada’s largest public library system reported a cyberattack that took down its website, member services pages, and limited access to its digital collections. The Toronto Public Library provides more than 12 million items across 100 branches to more than 1.2 million members.

Cybersecurity

Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover

Penetration Testing

APRIL 25, 2024

The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide.

Penetration Testing

Penetration Testing Risk

Cybersecurity for the Public Interest

Schneier on Security

MAY 3, 2019

We need public-interest technologists. The Ford Foundation defines public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." We need public-interest technologists in policy discussions. Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

Penetration Testing

MARCH 18, 2024

However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Accountability

Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks

Penetration Testing

APRIL 18, 2024

This vulnerability could allow authenticated attackers with... The post Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Authentication Risk

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

The Hacker News

FEBRUARY 29, 2024

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories.

How SE Helped Me in Public Speaking

Security Through Education

MARCH 4, 2024

Public speaking is something that many people struggle with. In fact, 75% of the population has a fear of public speaking. Here are some influence techniques that help, both as a professional social engineer and a public speaker. Just the mere mention of it may start to make your heart race, if it is a fear of yours!

Social Engineering

Social Engineering Engineering Risk Security Awareness

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. Always verify the authenticity of Wi-Fi networks before connecting, especially in public places.

DNS

DNS VPN Encryption Passwords

Cybersecurity for the Public Interest

Schneier on Security

MARCH 5, 2019

We need public-interest technologists. The Ford Foundation defines public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." We need public-interest technologists in policy discussions. Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

Protect yourself and your business on public Wi-Fi

Tech Republic Security

DECEMBER 6, 2022

The post Protect yourself and your business on public Wi-Fi appeared first on TechRepublic. At 75% off, this affordable VPN service is more affordable than ever and capable of defending your business from cybercrime while browsing the internet.

VPN

VPN Cybercrime Internet Internet

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Security Affairs

DECEMBER 18, 2023

A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. PA Digitale provides its service to 1300 public administrations, including 540 municipalities. Threat actors employed the Lockbit 3.0 reported the ACN.

Ransomware

Ransomware Cyber Attacks Media Government

Public AI as an Alternative to Corporate AI

Security Boulevard

MARCH 21, 2024

When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public. The post Public AI as an Alternative to Corporate AI appeared first on Security Boulevard. Given how transformative this technology will be for the world, this is a problem.

Government

Government Technology Artificial Intelligence

Hackers are exploiting critical Apache Struts flaw using public PoC

Bleeping Computer

DECEMBER 13, 2023

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. [.]

When Is Data "Public"? (And 2.5M Public Factual Records in HIBP)

Troy Hunt

DECEMBER 24, 2019

When is data "public"? And what does "public" even mean? Does it mean it's merely visible to the public? Or does it mean the public can do anything they like with it? unsettling: To be clear, all of this info must have been willingly public at some point. So what's the problem? Should it appear in HIBP?

Data breaches

Data breaches Mobile Marketing Media

45k Jenkins servers exposed to RCE attacks using public exploits

Bleeping Computer

JANUARY 29, 2024

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. [.]

EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation

Tech Republic Security

NOVEMBER 3, 2023

In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. Get tips on mitigating this cybersecurity threat.

Cybersecurity

Cybersecurity Software

Meta is using your public Facebook and Instagram posts to train its AI

Malwarebytes

OCTOBER 2, 2023

In an interview with Reuters , Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant. If others can see it, it’s public knowledge and the tech giants are of the opinion they can use it to train their AI.

Media

Media Artificial Intelligence Risk Cybersecurity

DuckDuckGo browser for Windows available for everyone as public beta

Bleeping Computer

JUNE 22, 2023

DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download with no restrictions. [.]

Software

The Hidden Dangers of Public Wi-Fi

The Hacker News

AUGUST 24, 2023

Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. Next, let's explore the risks of connecting to public Wi-Fi, both for you personally and for businesses.

Risk

MDIC Annual Public Forum

Adam Shostack

AUGUST 13, 2020

I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!

Google Public DNS’s approach to fight against cache poisoning attacks

Google Security

MARCH 28, 2024

Tianhao Chi and Puneet Sood, Google Public DNS The Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.

DNS

DNS Internet Internet Encryption

Two public schools in Michigan hit by a ransomware attack

Security Affairs

NOVEMBER 17, 2022

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. SecurityAffairs – hacking, Public schools).

Ransomware

Ransomware Cybercrime Hacking Cybersecurity

Securing Public Sector Against IoT Malware in 2024

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. In this blog post, we’ll explore the potential impact of IoT malware on the public sector — a story of innovation, risk, and the need for resilience.

IoT

IoT Malware Education Government

Boston Public Library Hit by Cyberattack

Heimadal Security

AUGUST 30, 2021

The Boston Public Library is used by more than 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. On Wednesday morning, 8/25, the Boston Public Library experienced […]. On Wednesday morning, 8/25, the Boston Public Library experienced […].

Cybersecurity

Cybersecurity Malware

USENIX Security ’23 – PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information

Security Boulevard

APRIL 20, 2024

Permalink The post USENIX Security ’23 – PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information appeared first on Security Boulevard. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Right of Publicity Claims Will Rise as States Address AI Deepfakes and Voice Cloning

SecureWorld News

APRIL 16, 2024

Right of Publicity (ROP) claims, like the state statutes and common law upon which they rely, are varied in substance and outcome. Tennessee's ELVIS Act Liability Prior to the amendment, Tennessee's existing right of publicity law, the Personal Rights Protection Act of 1984, Tenn. Code § 47-25-1101 et seq.

Artificial Intelligence

Artificial Intelligence Advertising Technology Internet

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

The Hacker News

NOVEMBER 23, 2023

These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain

Risk

Risk Cybersecurity

Spotify reportedly makes users' private playlists public

Bleeping Computer

JULY 14, 2023

In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. [.]

Technology

Technology Software

Boston Public Library hit by Cyber Attack

CyberSecurity Insiders

AUGUST 29, 2021

Boston Public Library (BPL) branches based in Massachusetts have been witnessing a digital disruption since Wednesday last week, all because of a cyber attack. Note- Founded in 1848, the Boston Public Library, also called the Library for the Commonwealth, is open to all local public and is being run by state funding.

Cyber Attacks

Cyber Attacks Wireless Mobile Internet

Toronto Public Library confirms data stolen in ransomware attack

Bleeping Computer

NOVEMBER 15, 2023

The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. [.]

Ransomware

Boston Public Library discloses cyberattack

Security Affairs

AUGUST 30, 2021

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading.

Technology

Technology Hacking Cybersecurity Information Security

Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips

Security Boulevard

JANUARY 31, 2024

As we all heard back in July 2023, as of February 1st, 2024 AWS will start charging for public IPv4 addresses. The post Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips appeared first on Security Boulevard. The pricing is per resource, per hour.

FBI Advising People to Avoid Public Charging Stations

Demystifying Cybersecurity’s Public Companies

Trending Sources

Cisco discloses root escalation flaw with public exploit code

CISA makes its "Malware Next-Gen" analysis system publicly available

Cyber Public Health

Many Public Salesforce Sites are Leaking Private Data

Navigating Public Company Cybersecurity Disclosures

Me on Public-Interest Tech

Google moves to keep public sector cybersecurity vulnerabilities leashed

CISA Announces Malware Next-Gen Analysis for Public Access

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Toronto Public Library Under Cyberattack

Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover

Cybersecurity for the Public Interest

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

How SE Helped Me in Public Speaking

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Cybersecurity for the Public Interest

Protect yourself and your business on public Wi-Fi

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Public AI as an Alternative to Corporate AI

Hackers are exploiting critical Apache Struts flaw using public PoC

When Is Data "Public"? (And 2.5M Public Factual Records in HIBP)

45k Jenkins servers exposed to RCE attacks using public exploits

EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation

Meta is using your public Facebook and Instagram posts to train its AI

DuckDuckGo browser for Windows available for everyone as public beta

The Hidden Dangers of Public Wi-Fi

MDIC Annual Public Forum

Google Public DNS’s approach to fight against cache poisoning attacks

Two public schools in Michigan hit by a ransomware attack

Securing Public Sector Against IoT Malware in 2024

Boston Public Library Hit by Cyberattack

USENIX Security ’23 – PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information

Right of Publicity Claims Will Rise as States Address AI Deepfakes and Voice Cloning

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Spotify reportedly makes users' private playlists public

Boston Public Library hit by Cyber Attack

Toronto Public Library confirms data stolen in ransomware attack

Boston Public Library discloses cyberattack

Unveiling the AWS Public IP Puzzle: Solvo’s Query and Cost-Saving Tips

Stay Connected