Krebs on Security
MAY 6, 2024
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.
Schneier on Security
MAY 2, 2024
The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MAY 2, 2024
How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.
The Last Watchdog
MAY 3, 2024
Businesses today need protection from increasingly frequent and sophisticated DDoS attacks. Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect their networks, they’ll need to enable accurate attack detection while keeping operations manageable and efficient.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 7, 2024
VPNs are popular due to the fact they add security and privacy to what are otherwise daily open Wi-Fi and public internet channels. But can VPNs be tracked by the police?
The Hacker News
MAY 6, 2024
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
MAY 3, 2024
The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.
Penetration Testing
MAY 3, 2024
A significant security vulnerability has been identified in WordPress, the world’s most popular content management system, which could potentially allow attackers to take control of affected websites. The vulnerability, tracked as CVE-2024-4439 and rated... The post CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core appeared first on Penetration Testing.
WIRED Threat Level
MAY 6, 2024
The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.
Tech Republic Security
MAY 3, 2024
The U.K.'s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Elie
MAY 8, 2024
This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows
Bleeping Computer
MAY 1, 2024
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. [.
Schneier on Security
MAY 7, 2024
This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa
Penetration Testing
MAY 2, 2024
Security researcher Florian Port at Insinuator recently uncovered a critical flaw in Jitsi Meet, the popular open-source video conferencing platform. The vulnerability (CVE-2024-33530) allows unauthorized individuals to gain the meeting password, potentially bypassing security... The post CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MAY 8, 2024
PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical. The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.
Tech Republic Security
MAY 1, 2024
Are virtual private networks legal to use? Discover if VPNs are legal, restricted or banned in your geolocation and what activities are legal vs. illegal when using a VPN.
WIRED Threat Level
MAY 8, 2024
An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.
Bleeping Computer
MAY 3, 2024
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
MAY 3, 2024
I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.
Penetration Testing
MAY 2, 2024
Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.
Security Boulevard
MAY 2, 2024
Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product. The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.
Tech Republic Security
MAY 8, 2024
The production of deepfakes is accelerating at more than 1,500% in Australia, forcing organisations to create and adopt standards like Content Credentials.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
MAY 5, 2024
Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. According to the countdown active on the seized, law enforcement that are currently controlling the website will reveal the identities of the LockBitSupps and other members of the gang on May 7, 2024, at 14:00:00 UTC.
Bleeping Computer
MAY 1, 2024
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. [.
Schneier on Security
MAY 1, 2024
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.
Penetration Testing
MAY 6, 2024
The very backbone of Virtual Private Networks (VPNs), praised for their ability to secure online activities, is under scrutiny following a breakthrough discovery by Dani Cronce and Lizzie Moratti from Leviathan Security Group. Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on Penetration Testing.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Security Boulevard
MAY 3, 2024
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability. The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.
Tech Republic Security
MAY 3, 2024
According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.
The Hacker News
MAY 2, 2024
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.
Bleeping Computer
MAY 7, 2024
The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
247 
Let's personalize your content