Thu.Sep 12, 2024

article thumbnail

Microsoft Is Adding New Cryptography Algorithms

Schneier on Security

Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Firmware 318
article thumbnail

News alert: Aembit raises $25M Series A funding for non-human Identity and Access Management

The Last Watchdog

Silver Spring, MD, Sept.12, 2024, CyberNewsWire – – Aembit , the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.

Marketing 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Cloud Strengthens Backup Service With Untouchable Vaults

Tech Republic Security

The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.

Backups 149
article thumbnail

Facebook scrapes photos of kids from Australian user profiles to train its AI

Malwarebytes

Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian

Media 145
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

The 6 Best Penetration Testing Companies for 2024

Tech Republic Security

Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.

article thumbnail

Proofpoint Adds Ability to Dynamically Apply Granular Security Controls

Security Boulevard

Proofpoint this week at its Protect conference launched a series of efforts through which it plans to provide cybersecurity teams with more granular controls in real-time, over what applications and services are accessed by end users. The post Proofpoint Adds Ability to Dynamically Apply Granular Security Controls appeared first on Security Boulevard.

More Trending

article thumbnail

Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth

Security Boulevard

In today's digital age, cybersecurity compliance is no longer just a legal necessity or a defensive measure; it has become a catalyst for innovation and growth. The post Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth appeared first on Security Boulevard.

article thumbnail

CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

Penetration Testing

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit... The post CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw appeared first on Cybersecurity News.

Software 121
article thumbnail

Why Breaking into Cybersecurity Isn’t as Easy as You Think

Security Boulevard

We're told over and over again that there are hundreds of thousands of cybersecurity vacancies in the U.S. and millions worldwide. But from what I hear, many new entrants to the application security field find it difficult to land jobs. Why? The post Why Breaking into Cybersecurity Isn’t as Easy as You Think appeared first on Security Boulevard.

article thumbnail

CVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker Desktop

Penetration Testing

Docker Desktop, the go-to application for containerized application development, has recently been found to harbor two critical security vulnerabilities that could enable remote code execution (RCE) attacks. Docker Desktop offers... The post CVE-2024-8695 & CVE-2024-8696: Two Critical RCE Flaws Discovered in Docker Desktop appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

BYOD Policies Fueling Security Risks

Security Boulevard

The use of employee mobile devices at work, or bring your own device (BYOD), is a significant and growing threat to organizational security. The post BYOD Policies Fueling Security Risks appeared first on Security Boulevard.

Risk 121
article thumbnail

WordPress plugin and theme developers told they must use 2FA

Graham Cluley

Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites. Read more in my article on the Tripwire State of Security blog.

Malware 120
article thumbnail

Scammers advertise fake AppleCare+ service via GitHub repos

Malwarebytes

We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub , the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple.

article thumbnail

Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released

Penetration Testing

According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. These attacks, primarily targeting... The post Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released appeared first on Cybersecurity News.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Apple Vision Pro’s Eye Tracking Exposed What People Type

WIRED Threat Level

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

Passwords 119
article thumbnail

Cybersecurity giant Fortinet discloses a data breach

Security Affairs

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and

article thumbnail

Tines Leverages LLMs to Simplify Security Automation

Security Boulevard

Tines today added an artificial intelligence (AI) chat interface to its no-code platform for automation cybersecurity workflows. The post Tines Leverages LLMs to Simplify Security Automation appeared first on Security Boulevard.

article thumbnail

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Tech Republic Security

Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers.

Software 117
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

The Hacker News

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages.

Malware 105
article thumbnail

How Business Owners Can Evolve with a Changing Technological Landscape

Tech Republic Security

Check out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.

article thumbnail

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Malwarebytes

Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email. That was until the scammers were “kind enough” to send one to one of our co-workers. your partner is cheating on you and we have proof “Hi (target’s name], [Partner’s name] is cheating on you.

Scams 105
article thumbnail

Cyber Threats Intensify in Mexico: Insights from Mandiant on Espionage and Extortion

Penetration Testing

A new report from Mandiant revealed the increasing cyber threats faced by Mexico, with a complex mix of global espionage and local cybercrime targeting both users and enterprises. As the... The post Cyber Threats Intensify in Mexico: Insights from Mandiant on Espionage and Extortion appeared first on Cybersecurity News.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

The Hacker News

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.

101
101
article thumbnail

5 Best Practices for Effective Employee Cybersecurity Education

GlobalSign

Keeping your organization safe starts with your employees, learn how to make sure they’re equipped to understand cyber threats and keep your company secure.

Education 105
article thumbnail

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

The Hacker News

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void).

Malware 99
article thumbnail

UK NCA arrested a teenager linked to the attack on Transport for London

Security Affairs

U.K. police arrested a 17-year-old teenager allegedly linked to the cyberattack on London’s public transportation agency, Transport for London. U.K.’s National Crime Agency announced the arrest of a 17-year-old teenager from Walsall who is allegedly linked to the cyberattack that recently hit Transport for London. “The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.” states the

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

The Hacker News

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.

article thumbnail

Every iPhone 16 model compared: Should you buy the standard, Plus, Pro, or Max?

Zero Day

Apple unveiled the new iPhone 16 series with camera improvements and larger displays, but which one is right for you? Here's how each model compares.

98
article thumbnail

Top 3 Threat Report Insights for Q2 2024

The Hacker News

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024.

article thumbnail

iPhone 16 Pro vs. iPhone 14 Pro: Is the latest model worth the upgrade?

Zero Day

Apple's new iPhone 16 Pro has some notable improvements, but do they warrant upgrading from the now two-year-old iPhone 14 Pro? Here's how to decide.

98
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.