Krebs on Security
MAY 6, 2024
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.
Schneier on Security
MAY 6, 2024
Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision—and an even more obscure typo. Read this.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 2, 2024
The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec
Troy Hunt
MAY 2, 2024
How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
MAY 3, 2024
Businesses today need protection from increasingly frequent and sophisticated DDoS attacks. Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect their networks, they’ll need to enable accurate attack detection while keeping operations manageable and efficient.
Joseph Steinberg
APRIL 30, 2024
The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
APRIL 30, 2024
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly
Tech Republic Security
MAY 3, 2024
The U.K.'s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.
Penetration Testing
MAY 2, 2024
Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.
Bleeping Computer
MAY 3, 2024
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
MAY 3, 2024
I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.
Security Boulevard
MAY 3, 2024
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability. The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.
Tech Republic Security
MAY 3, 2024
According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.
Penetration Testing
MAY 2, 2024
Security researcher Florian Port at Insinuator recently uncovered a critical flaw in Jitsi Meet, the popular open-source video conferencing platform. The vulnerability (CVE-2024-33530) allows unauthorized individuals to gain the meeting password, potentially bypassing security... The post CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MAY 1, 2024
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. [.
Schneier on Security
MAY 1, 2024
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.
Security Boulevard
MAY 2, 2024
Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product. The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.
Tech Republic Security
MAY 1, 2024
Are virtual private networks legal to use? Discover if VPNs are legal, restricted or banned in your geolocation and what activities are legal vs. illegal when using a VPN.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
MAY 6, 2024
The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.
Bleeping Computer
MAY 1, 2024
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. [.
Penetration Testing
APRIL 30, 2024
The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content... The post DVAC: An intentionally vulnerable Android Application appeared first on Penetration Testing.
Tech Republic Security
MAY 3, 2024
The year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
The Hacker News
MAY 6, 2024
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.
Bleeping Computer
MAY 5, 2024
Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts. [.
Schneier on Security
APRIL 30, 2024
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.
Penetration Testing
MAY 2, 2024
A new report by TrendMicro lifts the veil on the shadowy world of router exploitation. Those unassuming internet gateways, often overlooked in cybersecurity discussions, have become a prime battleground where criminals and nation-state hackers... The post Compromised Routers: Tool of Choice for Crime & Espionage appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
APRIL 30, 2024
Nice Cup of IoTea? The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.
The Hacker News
MAY 6, 2024
Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs.
Bleeping Computer
MAY 3, 2024
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [.
Tech Republic Security
MAY 2, 2024
TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
211 
Let's personalize your content