Schneier on Security

AUGUST 15, 2024

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Encryption 259

Encryption Backups Authentication Technology 259

Tech Republic Security

AUGUST 15, 2024

ExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.

VPN 159

VPN Internet Internet 159

WIRED Threat Level

AUGUST 15, 2024

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Hacking 140

Hacking 140

Security Boulevard

AUGUST 15, 2024

There is an increased focus on how advances in artificial intelligence (AI) and machine learning (ML) can negatively impact network security. The post How to Maximize Network Security With AI and ML appeared first on Security Boulevard.

Network Security 115

Network Security Artificial Intelligence Threat Detection Security Awareness 115

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureWorld News

AUGUST 15, 2024

In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.

Data breaches 108

Data breaches Identity Theft Password Management Data collection 108

Security Boulevard

AUGUST 15, 2024

Security is enhanced with the introduction of dynamic zero-trust security, a method that continuously assesses the security posture of devices and users on the network. The post Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security appeared first on Security Boulevard.

Network Security 111

Network Security Cyber threats Security Awareness Cybersecurity 111

Security Boulevard

AUGUST 15, 2024

Recent research shows that human error can account for 95% of all cybersecurity incidents. What’s more shocking is that only one-third of all companies offer cybersecurity awareness training for their employees. The post Human Error – An Overlooked Aspect of Cyber Risk appeared first on Security Boulevard.

Cyber Risk 109

Cyber Risk Risk Accountability Cybersecurity 109

Security Affairs

AUGUST 15, 2024

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the new tool EDRKillShifter.

Ransomware 99

Ransomware Cybercrime Malware Healthcare 99

Security Boulevard

AUGUST 15, 2024

ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language. The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.

Malware 108

Malware Security Awareness Mobile Cybersecurity 108

The Hacker News

AUGUST 15, 2024

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.

Media 102

Media Phishing Government 102

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Malwarebytes

AUGUST 15, 2024

Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con. What does that mean in layman terms? You: Let me check whether my system is fully updated Windows: Sure, all’s well Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago* With a downgrade attack, the victim may have done all they can to keep their computer and software up t

Software 103

Software Risk Cybersecurity 103

The Hacker News

AUGUST 15, 2024

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.

Software 98

Software 98

Penetration Testing

AUGUST 15, 2024

Google Chrome has begun automatically detecting and warning users on the extensions page that Manifest v2-based extensions are nearing deprecation. Although these extensions have not yet been fully disabled, Google... The post Save uBlock Origin: How to Bypass Google’s Chrome Update and Extend Support appeared first on Cybersecurity News.

Cybersecurity 83

Cybersecurity Technology 83

The Hacker News

AUGUST 15, 2024

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments.

Threat Detection 82

Threat Detection 82

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

AUGUST 15, 2024

A newly released report from Germany’s Federal Office for the Protection of the Constitution (BfV) unveils insights into the operations of the Chinese cybersecurity firm i-Soon. The second installment of... The post The i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese Cyber Espionage appeared first on Cybersecurity News.

Cybersecurity 80

Cybersecurity 80

Security Boulevard

AUGUST 15, 2024

DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks. The post DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure appeared first on Security Boulevard.

Cybersecurity 79

Cybersecurity Security Awareness Ransomware 79

Penetration Testing

AUGUST 15, 2024

A serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE-2024-42472 (CVSS 10), allows malicious... The post Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox appeared first on Cybersecurity News.

Cybersecurity 77

Cybersecurity 77

Cisco Security

AUGUST 15, 2024

Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes. Universities need advanced security architectures for effective incident response. Discover how XDR solutions enhance visibility and resilience in complex tech landscapes.

Architecture 73

Architecture Cybersecurity 73

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

AUGUST 15, 2024

Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, rooted in the... The post Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability appeared first on Cybersecurity News.

Risk 68

Risk Technology Cybersecurity 68

Security Boulevard

AUGUST 15, 2024

This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team.

InfoSec 71

InfoSec Cybersecurity Information Security 71

Penetration Testing

AUGUST 15, 2024

Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, impact Zimbra Collaboration versions 9.0 and 10.0, potentially... The post CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks appeared first on Cybersecurity News.

Risk 68

Risk Cybersecurity 68

Security Boulevard

AUGUST 15, 2024

Along with 30,000+ of my closest friends, HYAS participated in both the Black Hat 2024 cyber security conference and others last week in Las Vegas. There have been a lot of articles published on the main themes, focus, and top keywords of BlackHat 2024; Chris Needs, the VP of Product Management at HYAS, published a HYAS view on the conference , so I didn’t see a reason to publish yet another one.

DNS 68

DNS Cyber Insurance Social Engineering Insurance 68

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

AUGUST 15, 2024

Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data, including service account... The post Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability appeared first on Cybersecurity News.

Accountability 68

Accountability Cybersecurity 68

Thales Cloud Protection & Licensing

AUGUST 15, 2024

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and

Encryption 62

Encryption Digital transformation Technology InfoSec 62

Security Boulevard

AUGUST 15, 2024

As cybersecurity, data protection, and personal information security regulations become increasingly stringent, regulatory bodies are taking robust measures to enhance oversight. However, organizations continue to face significant challenges in risk management, particularly in the unified discovery and management of internet assets, where considerable gaps remain.

Risk 63

Risk Cyber Attacks Internet Internet 63

Penetration Testing

AUGUST 15, 2024

SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate networks. It was... The post Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways appeared first on Cybersecurity News.

Cybersecurity 58

Cybersecurity 58

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

AUGUST 15, 2024

Classroom Manager is purpose-built for K-12 cybersecurity, safety, and compliance At ManagedMethods, we pride ourselves on developing products that make cybersecurity, safety, and compliance easy and affordable for K-12 schools. And what has been the most requested product? Classroom management. So, our awesome engineers got to work to answer the call and we’re excited to.

Engineering 63

Engineering Cybersecurity 63

Penetration Testing

AUGUST 15, 2024

Kaspersky Labs has uncovered a series of sophisticated cyberattacks targeting Russian government organizations and IT companies, now dubbed the “EastWind” campaign. The attacks, which began in late July 2024, have... The post EastWind Campaign: New CloudSorcerer Attacks Target Russian Gov Using APT31 and APT27 Tactics appeared first on Cybersecurity News.

Government 58

Government Cybersecurity Malware 58

Security Boulevard

AUGUST 15, 2024

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations josh.pearson@t… Thu, 08/15/2024 - 17:28 As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and

Encryption 63

Encryption Digital transformation Technology InfoSec 63

Penetration Testing

AUGUST 15, 2024

The United Kingdom’s National Cyber Security Centre (NCSC) has called upon organizations across the country to extensively implement cyber deception technologies as part of a national strategy for cyber defense.... The post Beyond Firewalls: NCSC Explores Cyber Deception’s Potential appeared first on Cybersecurity News.

Firewall 55

Firewall Technology Cybersecurity 55

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft