Trending Articles

article thumbnail

Remotely Exploding Pagers

Schneier on Security

Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Supply chain attack? Malicious code update, or natural vulnerability? I have no idea, but I expect we will all learn over the next few days. EDITED TO ADD: I’m reading nine killed and 2,800 injured.

198
198
article thumbnail

Weekly Update 417

Troy Hunt

Today was all about this whole idea of how we index and track data breaches. Not as HIBP, but rather as an industry; we simply don't have a canonical reference of breaches and their associated attributes. When they happened, how many people were impacted, any press on the incident, the official disclosure messaging and so on and so forth. As someone in the video today said, "what about the Airtel data breach?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Is Adding New Cryptography Algorithms

Schneier on Security

Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Firmware 286
article thumbnail

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Where Are Governments in Their Zero-Trust Journey?

Lohrman on Security

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

article thumbnail

LastPass Review 2024: Is it Still Safe and Reliable?

Tech Republic Security

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

More Trending

article thumbnail

The New Era of SOCs: Simplifying Cybersecurity for SMBs

Security Boulevard

A new wave of all-in-one SOC platforms is consolidating the market, bringing enterprise-grade security solutions within reach of SMBs. The post The New Era of SOCs: Simplifying Cybersecurity for SMBs appeared first on Security Boulevard.

article thumbnail

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

The Hacker News

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.

Phishing 122
article thumbnail

The 6 Best Penetration Testing Companies for 2024

Tech Republic Security

Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.

article thumbnail

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 197
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Cybersecurity Alert: Python Libraries Exploited for Malicious Intent

Penetration Testing

A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing... The post Cybersecurity Alert: Python Libraries Exploited for Malicious Intent appeared first on Cybersecurity News.

article thumbnail

Email Security Breaches Rampant Among Critical Infrastructure Organizations

Security Boulevard

A full 80% of organizations within the critical infrastructure vertical experienced email-related security breaches in the past year, according to an OPSWAT survey. The post Email Security Breaches Rampant Among Critical Infrastructure Organizations appeared first on Security Boulevard.

article thumbnail

AI and Cyber Security: Innovations & Challenges

eSecurity Planet

As cyber threats become increasingly sophisticated, integrating artificial intelligence (AI) into cybersecurity is more than a passing trend — it’s a groundbreaking shift in protecting our digital assets. As cyber-attacks grow increasingly complex, leveraging AI becomes crucial for staying ahead of emerging threats. Let’s dive into how AI and cybersecurity are transforming in today’s highly modern and complex times, explore their benefits and challenges, and see how they shape the fu

article thumbnail

DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity

Tech Republic Security

DuckDuckGo now has AI chat, emphasizing privacy and anonymity. Discover how this new offering aims to protect user data in conversations.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Legacy Ivanti Cloud Service Appliance Being Exploited

Schneier on Security

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported. Welcome to the security nightmare that is the Internet of Things.

Internet 196
article thumbnail

Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade

Penetration Testing

Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done by the original owner or with the correct password. Without deactivating Lost Mode,... The post Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade appeared first on Cybersecurity News.

Passwords 128
article thumbnail

Alert: Head Mare Associated With WinRAR Vulnerability Attack

Security Boulevard

As per recent reports, a threat actor group known as Head Mare has been linked with cyberattacks that focus on exploiting a WinRAR Vulnerability. These attacks mainly target organizations located in Russia and Belarus. In this article, we’ll focus on details about Head Mare and the WinRAR vulnerability itself. Let’s begin! Head Mare Origins And […] The post Alert: Head Mare Associated With WinRAR Vulnerability Attack appeared first on TuxCare.

article thumbnail

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Security Affairs

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions. “SolarWinds Access Rights Manager (ARM) was found

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Master IT Fundamentals With This CompTIA Certification Prep Bundle

Tech Republic Security

Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D.C. on September 25, 2024. I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA.

193
193
article thumbnail

How to Investigate ChatGPT activity in Google Workspace

The Hacker News

Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive.

102
102
article thumbnail

Why Are So Many Public Sector Organizations Getting Attacked?

Security Boulevard

Public sector organizations such as schools, hospitals, manufacturing units, essential services and government offices have become a popular target for cybercriminals. The post Why Are So Many Public Sector Organizations Getting Attacked? appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.

Malware 125
article thumbnail

Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps

Tech Republic Security

According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.

article thumbnail

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

Schneier on Security

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

article thumbnail

Facebook scrapes photos of kids from Australian user profiles to train its AI

Malwarebytes

Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian

Media 124
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Five Tools That Can Help Organizations Combat AI-powered Deception

Security Boulevard

As digital exploitation, fraud and deception move deeper into society, it is incumbent on organizations to educate their employees on digital literacy skills, make them aware of the risks posed by phishing and social engineering threats. The post Five Tools That Can Help Organizations Combat AI-powered Deception appeared first on Security Boulevard.

article thumbnail

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

The Hacker News

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.

Malware 114
article thumbnail

Google Cloud Strengthens Backup Service With Untouchable Vaults

Tech Republic Security

The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.

Backups 136
article thumbnail

My TedXBillings Talk

Schneier on Security

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?