Schneier on Security
JULY 25, 2024
I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard.
Troy Hunt
JULY 24, 2024
Just over 13 years ago, Microsoft gave me my first "Most Valuable Professional" award. Out of the blue, as far as I was concerned. It wasn't something I'd planned for and it certainly wasn't something I'd expected, but it has become a cornerstone of my professional identity. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 24, 2024
Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and t
Joseph Steinberg
JULY 23, 2024
CyberSecurity Expert Witness and Board Member , Joseph Steinberg, will, tomorrow, Wednesday, July 24th, 2024, speak with the public as part of a panel of experts from Columbia University, discussing both the recent CrowdStrike-Microsoft cybersecurity incident, and the incident’s ongoing global impact. On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 million devices running Microsoft Windows, disrupting air travel, hospitals, gov
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Lohrman on Security
JULY 21, 2024
Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.
Tech Republic Security
JULY 23, 2024
Australia is among the APAC governments forging closer ties with the private sector due to the realisation that the public sector can no longer fight the increase in cyber criminals alone.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JULY 25, 2024
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [.
Penetration Testing
JULY 25, 2024
A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers. This flaw could allow unauthorized users to access sensitive data on cloud servers,... The post CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk appeared first on Cybersecurity News.
Tech Republic Security
JULY 24, 2024
Remind employees to be wary of fake apps and too-good-to-be-true streaming options on the eve of the Games.
Schneier on Security
JULY 26, 2024
This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptogra
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JULY 24, 2024
Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas. The post CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates appeared first on Security Boulevard.
Bleeping Computer
JULY 26, 2024
Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [.
Penetration Testing
JULY 26, 2024
On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.
Tech Republic Security
JULY 24, 2024
The hybrid multicloud strategies that many Australian enterprises have adopted over the last decade could be made more complex by new AI applications. The only solutions could be rationalisation or an abstraction layer.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
JULY 22, 2024
This is a fantastic video. It’s an Iranian spider-tailed horned viper ( Pseudocerastes urarachnoides ). Its tail looks like a spider, which the snake uses to fool passing birds looking for a meal.
Security Affairs
JULY 24, 2024
A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients.
Bleeping Computer
JULY 24, 2024
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [.
WIRED Threat Level
JULY 24, 2024
A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 24, 2024
Discover whether NordVPN’s better speeds and extra features are worth the cost, or if you’ll be satisfied with PIA VPN’s more affordable pricing.
Schneier on Security
JULY 23, 2024
It’s heavily redacted , but still interesting. Many more ODNI documents here.
Penetration Testing
JULY 24, 2024
A critical vulnerability, designated CVE-2024-39700, has been discovered in the widely-used JupyterLab extension template. This flaw could enable attackers to remotely execute code on affected systems, potentially leading to widespread compromise and data breaches.... The post CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered appeared first on Cybersecurity News.
Bleeping Computer
JULY 24, 2024
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JULY 24, 2024
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
Security Boulevard
JULY 23, 2024
Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.
Graham Cluley
JULY 25, 2024
The US Department of Homeland Security has unveiled a dog-like robot that it says has been adapted to jam the connectivity of smart home devices. Read more in my article on the Hot for Security blog.
Penetration Testing
JULY 25, 2024
Starting with OneUI 6.1.1, Samsung has implemented a default setting that blocks users from sideloading APK files. This setting is now applied to Samsung’s latest Android devices, even if the REQUEST_INSTALL_PACKAGES permission has been... The post New Auto Blocker in Samsung OneUI 6.1.1: Blocking APK Sideloading for Enhanced Security appeared first on Cybersecurity News.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
JULY 21, 2024
Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. [.
The Hacker News
JULY 23, 2024
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today.
Security Boulevard
JULY 24, 2024
Identifying and addressing underlying issues and the root cause of them can lead to risk reduction, cost savings and better overall performance of a vulnerability management program. The post The Value in Root Cause Analysis for Vulnerability Management appeared first on Security Boulevard.
Tech Republic Security
JULY 23, 2024
Bitwarden’s affordability and extensive MFA options give it the slight edge over Dashlane’s uber-polished password management experience. Read more below.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
248 
Let's personalize your content