Schneier on Security

APRIL 26, 2024

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance 187

Insurance Surveillance 187

Tech Republic Security

APRIL 26, 2024

Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop.

Software 109

Software 109

Bleeping Computer

APRIL 26, 2024

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). [.

Software 81

Software 81

The Hacker News

APRIL 26, 2024

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday.

Malware 78

Malware Banking 78

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

APRIL 26, 2024

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser Foundation Health Plan, Inc. (KFHP) and its regional operating subsidiaries; Kaiser Foundation Hospitals; and the regional Permanente Medical Groups.

Data breaches 76

Data breaches Healthcare Mobile Advertising 76

The Hacker News

APRIL 26, 2024

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices.

75

75

Bleeping Computer

APRIL 26, 2024

Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. [.

Data breaches 83

Data breaches Healthcare 83

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector.

Cryptocurrency 71

Cryptocurrency Cybercrime Education Scams 71

Security Boulevard

APRIL 26, 2024

Insight #1 AI is clearly becoming a problem, with headlines capturing incidents such as a deepfake audio impersonating a Chief Information Security Officer (CISO) and explicit deepfake photographs of high-school students being passed around in a Nevada, Iowa High School. We as an industry need to get our hands around all of this before it gets even worse.

CISO 70

CISO Cybersecurity Information Security Artificial Intelligence 70

Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities.

Internet 71

Internet Internet Software Hacking 71

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

APRIL 26, 2024

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.

Software 69

Software Firewall 69

Security Boulevard

APRIL 26, 2024

Unlock the dynamic interplay between cybersecurity and agility in today’s business landscape. Explore how organizations can fortify their defenses, foster innovation, and thrive amidst uncertainty. In an era defined by rapid technology advances, geopolitical complexities, and economic uncertainties, organizations face a daunting challenge: how to thrive amidst constant disruption and change.

Cybersecurity 67

Cybersecurity Technology CISO 67

The Hacker News

APRIL 26, 2024

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks.

68

68

Penetration Testing

APRIL 26, 2024

Attention server administrators! A serious security vulnerability in Webmin, a widely used web-based system administration tool for Unix-like servers, has been discovered. This critical flaw could allow attackers with minimal access to a system... The post Security Update for Webmin: Addressing Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 66

Penetration Testing System Administration 66

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 26, 2024

Authors/Presenters: Binbin Zhao, Shouling Ji, Xuhong Zhang, Yuan Tian, Qinying Wang, Yuwen Pu, Chenyang Lyu, Raheem Beyah Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Firmware 62

Firmware IoT Network Security 62

Penetration Testing

APRIL 26, 2024

Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security... The post Hanwha Vision Announces Critical Security Updates for NVR and DVR Models appeared first on Penetration Testing.

Penetration Testing 66

Penetration Testing Surveillance Technology Cybersecurity 66

Security Boulevard

APRIL 26, 2024

Reading Time: 5 min SPF can be configured to trigger a Hardfail or Softfail error when sender authentication fails. Learn SPF Softfail vs Hardfail difference and best practices. The post SPF Softfail Vs Hardfail: What’s the Difference? appeared first on Security Boulevard.

Authentication 62

Authentication Cybersecurity 62

Bleeping Computer

APRIL 26, 2024

Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [.

Mobile 72

Mobile Technology Software 72

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

APRIL 26, 2024

ReversingLabs TitaniumScale delivers high-volume, high-speed file analysis that seamlessly integrates into existing infrastructure and effectively scales with business needs. Powered by RL’s proprietary, AI-driven complex binary analysis , files and objects can be fully inspected and classified in mere seconds. This unprecedented processing speed means enterprises can scale to millions of files a day with incredible efficacy of analysis.

Threat Detection 62

Threat Detection Technology 62

CompTIA on Cybersecurity

APRIL 26, 2024

The U.S. Department of Defense (DoD) is making a huge impact on cybersecurity skills training as organizations align course offerings with Department of Defense Manual 8140.03 (DoDM 8140.03). Don't get left behind!

Cybersecurity 52

Cybersecurity 52

Security Boulevard

APRIL 26, 2024

Reading Time: 8 min Fixing SPF Permerror: Resolving authentication hiccups to enhance email deliverability and limiting too many DNS lookups The post Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit appeared first on Security Boulevard.

DNS 62

DNS Authentication Cybersecurity 62

SecureBlitz

APRIL 26, 2024

In this post, I will show the #1 reason why organizations skip security. Imagine you have the best recipe in the world for chocolate, and you decide to make a business out of it: you rent a place, buy the required machinery and hire the best manpower available. You have spent all this time, money […] The post The #1 Reason Why Organizations Skip Security appeared first on SecureBlitz Cybersecurity.

Cybersecurity 52

Cybersecurity 52

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

APRIL 26, 2024

Segregation of Duties in Oracle ERP Cloud: A Comprehensive Guide to RemediationControlling Risk: An Approach to Automating the Management ofSegregation of Duties and Corrective Actions in Oracle ERP Cloud.As your organization adopts digital transformation initiatives, you are increasingly exposed to new risks, such as insufficient Segregation of Duties (SoD), excessive […] The post Segregation of Duties Remediation in Oracle ERP Cloud appeared first on SafePaaS.

Digital transformation 62

Digital transformation Risk 62

Digital Guardian

APRIL 26, 2024

A major data privacy bill and proposed regulation have taken steps forward to becoming reality this past week. Meanwhile, China looms large as a significant cybersecurity threat and agencies are taking action to prepare. Catch up on these stories and more in this week's Friday Five.

Data privacy 52

Data privacy Cybersecurity 52

Security Boulevard

APRIL 26, 2024

Authors/Presenters: Xueqiang Wang, Yifan Zhang, XiaoFeng Wang, Yan Jia, Luyi Xing Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Software 62

Software Network Security 62

Digital Shadows

APRIL 26, 2024

ReliaQuest Labs at USF bridges education to cybersecurity careers, offering real-world experience and high job placement rates.

Cybersecurity 52

Cybersecurity Education 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

APRIL 26, 2024

We recently hosted a webinar on integrating development and security functions to increase organizational resilience. Industry leaders from Repsol, SAP, Payhawk, Rakutan, Vodafone, and IQUW discussed how aligning these crucial areas enhances efficiency. Of course this isn’t a new topic and yet, we keep talking about it. In case you missed the webinar, we rounded […] The post Bridging the Gap: Uniting Development and AppSec appeared first on OX Security.

Software 62

Software 62

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

Architecture 73

Architecture Network Security Firewall Risk 73

Security Boulevard

APRIL 26, 2024

A cluttered digital space can lead to stress, decreased productivity, and even make you more susceptible to cyber threats. So, let’s dive into the comprehensive guide to mastering your digital wellbeing this spring with our ultimate cyber spring-cleaning series. The post The ultimate cyber spring-cleaning checklist appeared first on Security Boulevard.

Cyber threats 62

Cyber threats 62

Schneier on Security

APRIL 26, 2024

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

150

150

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.