Schneier on Security

MAY 16, 2024

Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis.

DNS 258

DNS Firewall Engineering Network Security 258

Lohrman on Security

MAY 12, 2024

As another RSA Conference in San Francisco ended on May 10, 2024, the global impact that cybersecurity and artificial intelligence bring to every area of life has become much more apparent.

Artificial Intelligence 236

Artificial Intelligence Cybersecurity 236

Krebs on Security

MAY 14, 2024

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Social Engineering 215

Social Engineering Backups Malware Banking 215

The Last Watchdog

MAY 16, 2024

Hardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment. Related: World’s largest bank hit by ransomware attack While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an expanding network attack surface, hardware security solutions can serve as a last line of defense against unauthorized access to sensitive data and tampering with systems.

Healthcare 147

Healthcare Banking Technology Internet 147

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

Cybersecurity

Tech Republic Security

MAY 13, 2024

AI PCs could soon see organisations invest in whole fleets of new managed devices, but Absolute Security data shows they are failing to maintain endpoint protection and patching the devices they have.

Big data 167

Big data Artificial Intelligence Mobile Network Security 167

Schneier on Security

MAY 14, 2024

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

269

269

Bleeping Computer

MAY 16, 2024

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. [.

VPN 135

VPN 135

Security Boulevard

MAY 15, 2024

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense. The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Phishing 133

Phishing Social Engineering Data privacy Authentication 133

Tech Republic Security

MAY 16, 2024

Cisco’s Splunk acquisition was finalised in March 2024. Splunk’s Craig Bates says the combined offering could enhance observability and put data to work for security professionals in an age of AI threat defence.

Big data 147

Big data Artificial Intelligence 147

Schneier on Security

MAY 17, 2024

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.

Hacking 220

Hacking Accountability Ransomware Internet 220

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

MAY 14, 2024

German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day. The most significant new... The post CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing Software 143

Bleeping Computer

MAY 14, 2024

VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [.

Software 144

Software 144

We Live Security

MAY 14, 2024

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

Cryptocurrency 134

Cryptocurrency Malware 134

Tech Republic Security

MAY 15, 2024

Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.

VPN 164

VPN 164

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

MAY 17, 2024

When asked what makes this an “emotional support squid” and not just another stuffed animal, its creator says: They’re emotional support squid because they’re large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for travelling, and, on a more personal note, when my mum was sick in the hospital I gave her one and she said it brought her “great comfort” to have her squid tucked up

183

183

The Hacker News

MAY 16, 2024

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic.

Wireless 126

Wireless 126

Bleeping Computer

MAY 13, 2024

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [.

DNS 141

DNS Phishing 141

We Live Security

MAY 15, 2024

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

138

138

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 17, 2024

It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist. The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

Cryptocurrency 115

Cryptocurrency Scams Cybersecurity Network Security 115

Schneier on Security

MAY 13, 2024

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls. There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment.

Risk 211

Risk Internet Internet Technology 211

The Hacker News

MAY 15, 2024

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

Engineering 125

Engineering 125

Bleeping Computer

MAY 17, 2024

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. [.

Authentication 128

Authentication 128

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

MAY 17, 2024

Regardless of how badly your files, or their formats, are damaged, EaseUS Fixo can restore your office files, videos and photos, even in batches. Get a lifetime subscription for $49.99 at TechRepublic Academy.

100

100

Penetration Testing

MAY 17, 2024

A new critical-severity security vulnerability, tracked as CVE-2024-22120, has been discovered in Zabbix, the popular open-source IT infrastructure monitoring tool. With a CVSS score of 9.1, this time-based SQL injection flaw poses a significant... The post CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Schneier on Security

MAY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.

196

196

The Hacker News

MAY 14, 2024

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.

Engineering 133

Engineering 133

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

MAY 14, 2024

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [.

Hacking 132

Hacking 132

Tech Republic Security

MAY 17, 2024

This $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.

Cybersecurity 107

Cybersecurity 107

Security Boulevard

MAY 13, 2024

Just like enterprises, cybercriminals are embracing generative AI to shape their attacks, from creating more convincing phishing emails and spreading disinformation to model poisoning, prompt injections, and deepfakes. Now comes LLMjacking. Threat researchers with cybersecurity firm Sysdig recently detected bad actors using stolen credentials to target large language models (LLMs) – which are foundational to.

Phishing 124

Phishing Cybersecurity Mobile Network Security 124

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media.

Authentication 111

Authentication Phishing Password Management Scams 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity