Schneier on Security
DECEMBER 24, 2024
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Security Affairs
DECEMBER 24, 2024
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337 , in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
DECEMBER 24, 2024
Researchers Jonathan Beierle and Logan Goins have uncovered a novel offensive tactic leveraging Microsofts Windows Defender Application Control (WDAC). Their research highlights how adversaries can weaponize WDAC to disable Endpoint... The post Weaponizing Windows Defender: New Attack Bypasses EDR appeared first on Cybersecurity News.
Hacker's King
DECEMBER 24, 2024
As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. With the advent of new technologies and rising cyber threats , 2025 promises significant shifts in the cybersecurity domain. Here are the top 10 trends to watch out for in 2025: Rise of AI-Driven Cyberattacks Cybercriminals are increasingly leveraging artificial intelligence (AI) to develop sophisticated attack methods.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Penetration Testing
DECEMBER 24, 2024
Renowned for cyber espionage activities targeting critical sectors in the Middle East, OilRig, also known as APT34 or Helix Kitten operates with precision, exploiting vulnerabilities and employing advanced techniques to... The post CVE-2024-30088 Under Attack: OilRig Targets Windows Kernel Vulnerability appeared first on Cybersecurity News.
Security Affairs
DECEMBER 24, 2024
Adobe released out-of-bandsecurity updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it. Adobe released out-of-bandsecurity updates to address a critical vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Experts warn of the availability of a proof-of-concept (PoC) exploit code for this vulnerability.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
DECEMBER 24, 2024
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said.
Penetration Testing
DECEMBER 24, 2024
A critical-severity security flaw has been uncovered in Apache Traffic Control, a popular open-source platform used to build large-scale content delivery networks (CDNs). This vulnerability, identified as CVE-2024-45387 and assigned... The post CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control appeared first on Cybersecurity News.
Zero Day
DECEMBER 24, 2024
In just two years, AI has gone from hype to essential skill, offering massive productivity gains and increasing creativity among teams who use it. Here's how.
Penetration Testing
DECEMBER 24, 2024
A recent study reveals a novel attack that compromises the security of Wi-Fi Protected Access 3 (WPA3) networks. Conducted by researchers Kyle Chadee, Wayne Goodridge, and Koffka Khan from the... The post WPA3 Security Cracked? Researchers Bypass Advanced Encryption with Social Engineering appeared first on Cybersecurity News.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Zero Day
DECEMBER 24, 2024
I've used and covered Linux for nearly 30 years. Here's my top pick for my favorite open-source distro in 2024.
Penetration Testing
DECEMBER 24, 2024
A newly disclosed vulnerability, CVE-2024-23945, with a CVSS score of 8.7, has been identified in Apache Hive and Apache Spark, two widely used systems for large-scale data processing and analytics.... The post CVE-2024-23945: Serious Vulnerability in Apache Hive and Spark Could Lead to Exploitation appeared first on Cybersecurity News.
Zero Day
DECEMBER 24, 2024
If you're looking for a laptop with Linux pre-installed, Tuxedo Computers' Infinity Book Pro 14 (Gen 9) has a gorgeous display and impressive performance.
Penetration Testing
DECEMBER 24, 2024
Multiple critical security vulnerabilities have been discovered in Gogs, a popular open-source self-hosted Git service. These vulnerabilities, with CVSS scores ranging from 7.7 to 9.9, could allow attackers to execute... The post Critical Vulnerabilities Found in Gogs Self-Hosted Git Service: Urgent Update Required appeared first on Cybersecurity News.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Zero Day
DECEMBER 24, 2024
If you're a mobile gamer, the Redmagic 10 Pro was designed specifically for you, and I highly recommend it.
Penetration Testing
DECEMBER 24, 2024
The notorious cyber-espionage group Cloud Atlas, active since 2014, has been observed leveraging a new arsenal in its ongoing campaigns against Eastern Europe and Central Asia, according to a detailed... The post Cloud Atlas Deploys VBCloud backdoor in Latest Cyber Espionage Campaign appeared first on Cybersecurity News.
Zero Day
DECEMBER 24, 2024
Need a research assistant to help you distill dense, complex material? AI-powered Illuminate transforms published papers into audio discussions.
Security Boulevard
DECEMBER 24, 2024
Many industry regulations require or promote cybersecurity risk assessments to bolster incident response, but what is a cybersecurity risk assessment? For example, cyber risk assessments aren't only required under HIPAA (Health Insurance Portability and Accountability Act). Still, they are also key in strengthening the IT team's and business leaders' confidence level and knowledge of where the organization is most vulnerable and what data is involved in higher-risk treatment environments.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Zero Day
DECEMBER 24, 2024
I learned a troubling lesson that points to a growing issue within the open-source community.
The Hacker News
DECEMBER 24, 2024
Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.
Security Boulevard
DECEMBER 24, 2024
Authors/Presenters: Mark Mager, Eric Forte Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – What To Expect When You’re Exploiting: 0Days, Baby Monitors & Wi-Fi Cams appeared first on Security Boulevard.
The Hacker News
DECEMBER 24, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
DECEMBER 24, 2024
Authors/Presenters: Chad Shortman Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Your Smartcard Is Dumb: A Brief History Of Hacking Access Control Systems appeared first on Security Boulevard.
Zero Day
DECEMBER 24, 2024
Most people never change their TV's default settings. But if you have a Samsung model, try these modifications to improve its visual output.
Security Boulevard
DECEMBER 24, 2024
In our last post, we discussed the powerful, yet potentially risky nature of web pixels. Now, lets dive into how you can assess your organizations use of these digital trackers and uncover potential privacy vulnerabilities. Conducting a Thorough Audit Think of this audit as a detective investigation, where you need to gather all the clues [] The post Unmasking the Risks: Auditing Your Web Pixel Usage appeared first on Feroot Security.
Zero Day
DECEMBER 24, 2024
If you're still using Windows 10, you know the end is nigh. If you want to keep your machine running smoothly and feeling familiar, check out these Linux distros.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 24, 2024
Reading Time: 7 min Resolve "550 5.7.26 This Mail is Unauthenticated" Gmail error in 2024. Learn why Gmail is blocking your emails and fix email authentication issues. The post Best of 2024: Gmail Error: Email Blocked Because Sender is Unauthenticated appeared first on Security Boulevard.
Zero Day
DECEMBER 24, 2024
If you like your watches extra little and maybe not-so smart, Casio has something for you.
Security Boulevard
DECEMBER 24, 2024
Explore the top 5 DNS vulnerabilities and learn how to protect your network from threats like spoofing and cache poisoning. The post 5 Common DNS Vulnerabilities and How to Protect Your Network appeared first on Security Boulevard.
Zero Day
DECEMBER 24, 2024
Shokz' OpenFit Air earbuds improve on the previous model with new colors and a comfortable, lightweight design. And now they're available for less than $100.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
315 
Let's personalize your content