Schneier on Security
SEPTEMBER 20, 2023
In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S.
The Last Watchdog
SEPTEMBER 20, 2023
Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 20, 2023
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
Security Affairs
SEPTEMBER 20, 2023
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName , severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 20, 2023
IT solutions and managed services provider Logicalis is planning to help skills-deprived Australian CIOs and IT managers get projects done with a new plug-and-play Talent Services offering.
Security Affairs
SEPTEMBER 20, 2023
Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
SEPTEMBER 20, 2023
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH).
Bleeping Computer
SEPTEMBER 20, 2023
Signal has announced that it upgraded its end-to-end communication protocol to use quantum-resistant encryption keys to protect users from future attacks. [.
Dark Reading
SEPTEMBER 20, 2023
A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.
Bleeping Computer
SEPTEMBER 20, 2023
T-Mobile customers today were able to see other people's account and billing information after logging into the company's official mobile application. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
SEPTEMBER 20, 2023
The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet. Cuban discovered some of the transactions taking place and was able to save about $2.5m of tokens by logging in and sending what remained to a safe location.
Security Affairs
SEPTEMBER 20, 2023
Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics. Finnish Customs announced the seizure of the dark web marketplace Piilopuoti as part of an international law enforcement operation. The dark web marketplace PIILOPUOTI has been active since May 18, 2022. “The site operated as a hidden service in the encrypted Tor network.
The Hacker News
SEPTEMBER 20, 2023
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware.
Security Affairs
SEPTEMBER 20, 2023
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week. The International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
SEPTEMBER 20, 2023
The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.
Security Affairs
SEPTEMBER 20, 2023
GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user. The issue resides in GitLab EE and affects all versions starting from 13.12 and prior to 16.2.7, all versions starting from 16.3 before 16.3.4. “An issue has been
Bleeping Computer
SEPTEMBER 20, 2023
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack. [.
The Hacker News
SEPTEMBER 20, 2023
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Digital Guardian
SEPTEMBER 20, 2023
Pretexting attacks come in all kinds of shapes and sizes. Read this blog to familiarize yourself with pretexting and how you can help your employees from falling victim to a pretexting attack.
Tech Republic Security
SEPTEMBER 20, 2023
SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers. The purpose of this SSL Certificate Best Practices Policy from TechRepublic.
Trend Micro
SEPTEMBER 20, 2023
This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud.
Dark Reading
SEPTEMBER 20, 2023
The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Graham Cluley
SEPTEMBER 20, 2023
Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a "material impact" after hackers attacked its systems. Read more in my article on the Hot for Security blog.
The Hacker News
SEPTEMBER 20, 2023
Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower.
Bleeping Computer
SEPTEMBER 20, 2023
Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. [.
Identity IQ
SEPTEMBER 20, 2023
Roblox Scams: What Parents Need to Know IdentityIQ By now, you’ve more than likely heard the cheerful chatter of your child and their friends discussing Roblox and even been nagged on more than one occasion to buy them some Robux. In this vast digital playground, creativity and imagination come to life in the form of games designed by players worldwide.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
SEPTEMBER 20, 2023
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023. [.
The Hacker News
SEPTEMBER 20, 2023
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server.
Dark Reading
SEPTEMBER 20, 2023
The group known as "Cyber Avengers" has targeted other Israeli services in the past and often publishes technical details of its hits.
The Hacker News
SEPTEMBER 20, 2023
Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
273 
Let's personalize your content