Schneier on Security
SEPTEMBER 3, 2024
The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.
Tech Republic Security
SEPTEMBER 3, 2024
Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
SEPTEMBER 3, 2024
Transport for London (TfL), the city’s transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on London’s surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area. In a public notice Transport for London stated: “We are currently dealing with an ongoing cyber security incident.
Tech Republic Security
SEPTEMBER 3, 2024
Many Australian companies are investing in new technology, but others are having a hard time justifying such investments given the current economic climate.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
SEPTEMBER 3, 2024
The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.
Tech Republic Security
SEPTEMBER 3, 2024
A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 3, 2024
Bitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.
Security Affairs
SEPTEMBER 3, 2024
Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. Cisco Talos researchers discovered eight vulnerabilities in Microsoft apps for macOS. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. This could enable access to sensitive resources like the microphone, camera, and screen recording, potentially leading to data leaks or privilege escalation.
Trend Micro
SEPTEMBER 3, 2024
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
We Live Security
SEPTEMBER 3, 2024
Malvertising campaigns typically involve threat actors buying top ad space from search engines to lure potential victims into clicking on their malicious ads
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
SEPTEMBER 3, 2024
The City of Columbus, Ohio is suing a security researcher for sharing stolen data. All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter. What happened is that the City of Columbus was attacked by a ransomware group on July 18, 2024. Due to the timing, it was at first unclear whether the disruption in the public facing services was caused by the CrowdStrike incident or if it was in fact an attack.
Security Affairs
SEPTEMBER 3, 2024
U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is responsible for most of the world’s largest fracking operations.
WIRED Threat Level
SEPTEMBER 3, 2024
Activists claim Japanese industrial robots are being used to build military equipment for Israel. The robot maker denies the claims, but the episode reveals the complex ethics of global manufacturing.
The Hacker News
SEPTEMBER 3, 2024
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
SEPTEMBER 3, 2024
A fully open model — one where the training data is available for inspection and modification — provides a means for addressing another threat: malicious or accidentally bad training data. The post Why NTIA Support of Open-Source AI is Good for Security appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 3, 2024
Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA). Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency , an online platform that allowed crooks to bypass MFA used by customers of several banks and services.
Security Boulevard
SEPTEMBER 3, 2024
Rubrik and Cisco have allied to improve cyber resiliency by integrating their respective data protection and extended detection and response (XDR) platforms. The post Rubrik Allies to Cisco to Improve Cyber Resiliency appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 3, 2024
Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released security updates to address a critical vulnerability, tracked as CVE-2024-7261 (CVSS v3 score of 9.8), impacting multiple models of its business routers. The flaw is an operating system (OS) command injection issue that stems from the improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security router
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
SEPTEMBER 3, 2024
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.
Security Affairs
SEPTEMBER 3, 2024
VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracked as CVE-2024-38811 (CVSS 8.8/10), in its Fusion hypervisor. The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application. “VMware Fusion contains a code-execut
The Hacker News
SEPTEMBER 3, 2024
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.
Security Boulevard
SEPTEMBER 3, 2024
City officials in Columbus, Ohio, filed a complaint against a cybersecurity expert who has been telling local media that the sensitive data stolen by the Rhysida group in a July ransomware attack poses a larger threat to residents and employees than the mayor and others have been saying. The post Columbus Sues Expert, Fueling Debate About Ransomware Attack appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 3, 2024
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said.
SecureList
SEPTEMBER 3, 2024
The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q2 2024: Kaspersky solutions blocked over 664 million attacks from various internet sources. The web antivirus reacted to 113.5 million unique URLs. The file antivirus blocked over 27 million malicious and unwanted objects.
Security Boulevard
SEPTEMBER 3, 2024
Is the network defendable? This serious question is often conveniently left unasked because the answer is uncomfortable. On June 3, 1983, the day before I graduated from high school, MGM released the movie “War Games”. For those who never saw the movie, the plot is essentially a teenage hacker accidentally kicks off an AI computer. The post Is the “Network” Defendable?
SecureWorld News
SEPTEMBER 3, 2024
The cloud has become the hub for delivery of digital applications in the modern digital era. Identity as the digital perimeter and data protection are mission critical to foster digital trust, enable service assurance, and minimize enterprise risk. These factors are illustrated and discussed in depth in my article, The Rise of Data Sovereignty and a Privacy Era.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureList
SEPTEMBER 3, 2024
Targeted attacks XZ backdoor: a supply chain attack in the making On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server process sshd. On a number of systemd -based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is patched to use systemd features and is therefore dependent on the library (Arch Li
Penetration Testing
SEPTEMBER 3, 2024
Recently, security researcher Sergey Kornienko from PixiePoint Security published an analysis and proof-of-concept (PoC) exploit for a critical zero-day vulnerability in the Windows Kernel, identified as CVE-2024-38106. This elevation of... The post CVE-2024-38106: 0-Day Windows Kernel Vulnerability Exploited in the Wild, PoC Published appeared first on Cybersecurity News.
SecureList
SEPTEMBER 3, 2024
Quarterly figures According to Kaspersky Security Network, in Q2 2024: 7 million attacks using malware, adware or unwanted mobile software were blocked. The most common threat to mobile devices was RiskTool software – 41% of all detected threats. A total of 367,418 malicious installation packages were detected, of which: 13,013 packages were for mobile banking Trojans; 1,392 packages were for mobile ransomware Trojans.
eSecurity Planet
SEPTEMBER 3, 2024
Dashlane is a leading password manager designed to simplify and secure your digital life. It consolidates your passwords into a single, encrypted vault. Dashlane helps you keep track of your login credentials and enhances your overall online security. This guide will walk you through how to use Dashlane, offering a step-by-step approach to set up and optimize your experience.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
322 
Let's personalize your content