Schneier on Security
OCTOBER 2, 2024
Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.
Tech Republic Security
OCTOBER 2, 2024
Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
OCTOBER 2, 2024
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.
Tech Republic Security
OCTOBER 2, 2024
Google Cloud’s virtual machines can now get in-house attestation for VMs that offer AMD encrypted virtualization. Plus, Google VMs now offer more hardware options.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
OCTOBER 2, 2024
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. The social media platform “potentially revealed” that it has shared the IP addresses or phone numbers of over 100 users with law enforcement.
Tech Republic Security
OCTOBER 2, 2024
Obsidian Security expands in APAC to address increasing SaaS threats, focusing on enterprise risks, security gaps, and the shared responsibility model.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
OCTOBER 2, 2024
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
The Hacker News
OCTOBER 2, 2024
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
Elie
OCTOBER 2, 2024
This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.
SecureList
OCTOBER 2, 2024
Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks before they cause significant damage.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
OCTOBER 2, 2024
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor.
The Last Watchdog
OCTOBER 2, 2024
Silver Spring, MD, Oct. 2, 2024, CyberNewswire — Aembit , the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment to address pressing gaps in non-human identity security. Duarte’s journey in cybersecurity began with a passion for penetration testing, sparked by the 1980s cult classic film WarGames.
Security Affairs
OCTOBER 2, 2024
An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities announced a new operation against the LockBit ransomware gang. The police arrested an alleged LockBit developer at France’s request while vacationing outside Russia and two individuals in the UK for supporting a LockBit affiliate.
The Hacker News
OCTOBER 2, 2024
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
OCTOBER 2, 2024
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on vulnerable instances.
The Hacker News
OCTOBER 2, 2024
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.
Security Affairs
OCTOBER 2, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog.
The Hacker News
OCTOBER 2, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Graham Cluley
OCTOBER 2, 2024
From family tree to jail cell? A hacker is alleged to have exploited information on genealogy websites to steal millions from public companies. Meanwhile, Kaspersky's US customers are wondering - what on earth is UltraAV? All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
The Hacker News
OCTOBER 2, 2024
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures.
Security Boulevard
OCTOBER 2, 2024
Cybersecurity professionals are facing increasing levels of stress, with 66% reporting that their roles have become more demanding over the past five years, according to a report from ISACA. The post Cybersecurity Professionals Operate Under Increased Stress Levels appeared first on Security Boulevard.
SecureWorld News
OCTOBER 2, 2024
The invisible hands of artificial intelligence are reaching deeper into our lives than ever before. Have you ever scrolled through Facebook and noticed ads that seem eerily tailored to your interests? Or written a private email, only to later see similar phrases appearing elsewhere online? Perhaps you have even found content from your personal blog replicated in Google AI summaries.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
OCTOBER 2, 2024
US security agencies and international counterparts list six principles critical infrastructure organizations should hold onto to ensure their OT environments are protected against the rising tide of cyberthreats coming their way. The post US and Other Countries Outline Principles for Securing OT appeared first on Security Boulevard.
The Hacker News
OCTOBER 2, 2024
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution.
Trend Micro
OCTOBER 2, 2024
This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
SecureWorld News
OCTOBER 2, 2024
Th e 8th biennial Deloitte-NASCIO Cybersecurity Study reveals a rapidly evolving cybersecurity landscape, with artificial intelligence (AI) and generative AI (GenAI) introducing new challenges. Conducted in spring 2024, the study captures insights from Chief Information Security Officers of all 50 U.S. states and the District of Columbia, marking a period where the impact of COVID-19 has subsided yet new threats have surfaced.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
OCTOBER 2, 2024
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1.
Security Boulevard
OCTOBER 2, 2024
Despite slower hiring trends and tighter budgets, chief information security officer (CISO) compensation continues to rise, with the average U.S.-based CISO earning $565K, and top earners exceeding $1 million. The post Average CISO Compensation Tops $500K appeared first on Security Boulevard.
Cisco Security
OCTOBER 2, 2024
With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage. With effective monitoring into endpoint activity, threats to the network can be detected and neutralized before causing extensive damage.
Penetration Testing
OCTOBER 2, 2024
Cisco has issued a security advisory addressing a critical vulnerability (CVE-2024-20432) in its Nexus Dashboard Fabric Controller (NDFC). This flaw, which carries a severity rating of 9.9 out of 10... The post CVE-2024-20432 (CVSS 9.9): Cisco Nexus Dashboard Fabric Controller Exposed to RCE appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
242 
Let's personalize your content