Schneier on Security
JANUARY 26, 2024
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.
Joseph Steinberg
JANUARY 26, 2024
The Polish version of the second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first edition counterparts published in several languages, the new Polish-language Second Edition, Cyberbezpiecze ństwo dla bystrzaków w 2 , is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of readers’ technical skillsets.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JANUARY 26, 2024
A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.
Bleeping Computer
JANUARY 26, 2024
Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JANUARY 26, 2024
Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.
Bleeping Computer
JANUARY 26, 2024
The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 26, 2024
Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. [.
Security Boulevard
JANUARY 26, 2024
Check Point researchers last year saw a 587% increase between August and September of phishing attacks enticing unsuspecting targets to click on QR codes that then redirect them to malicious pages used for harvesting credentials. The cybersecurity firm’s report was one of several last year that talked about a rapid rise in such QR code-focused. The post QR Code Scammers are Changing Tactics to Evade Detection appeared first on Security Boulevard.
Bleeping Computer
JANUARY 26, 2024
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. [.
Security Boulevard
JANUARY 26, 2024
There was an alarming surge of user-submitted web vulnerability submissions in 2023—with a 30% increase compared to 2022—as open-scoped bug bounty programs evolved. The post Web Vulnerability Submissions Exploded in 2023 appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JANUARY 26, 2024
Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team ( @Synacktiv ) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The bug hunters chained two vulnerabilities to hack the Tesla infotainment system, they earned $100,000 and 10 Master of Pwn Points.
Bleeping Computer
JANUARY 26, 2024
Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. [.
WIRED Threat Level
JANUARY 26, 2024
US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.
Security Boulevard
JANUARY 26, 2024
A lower percentage of ransomware victims are paying, as new regulations begin to elicit more and more public disclosure of ransomware incidents. The post New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JANUARY 26, 2024
The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. Vladimir Dunaev was extradited to the U.S. in October 2021.
Security Boulevard
JANUARY 26, 2024
Insight #1 Spray and pray: That’s the modus operandi behind the latest successful attack against Microsoft, which resulted in compromise of the company’s email systems. The attackers reportedly got in through an old testing environment, which seemingly had no multi-factor authentication (MFA) stopping them. Lesson learned: Just because it’s not a production system doesn't mean it can't be used as an avenue to get into your production systems.
Bleeping Computer
JANUARY 26, 2024
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. [.
Security Boulevard
JANUARY 26, 2024
Cybersecurity is a vast and complex field, and it’s made more complicated as technology – both infrastructure and in terms of cyberattacks – grows more and more sophisticated. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different. There are dozens, if not hundreds, of specialized […] The post Cybersecurity Standards vs Procedures vs Controls vs Policies appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Duo's Security Blog
JANUARY 26, 2024
In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords. And this is just the cost of resetting passwords.
Security Boulevard
JANUARY 26, 2024
The post Cyber security and AI: Should machines be included in your training program? appeared first on Click Armor. The post Cyber security and AI: Should machines be included in your training program? appeared first on Security Boulevard.
Penetration Testing
JANUARY 26, 2024
The technical details and proof-of-concept (PoC) code targeting a critical CVE-2024-23897 vulnerability in Jenkins was published one day after the vendor’s advisory came out. Jenkins, the open-source automation server that has become indispensable for... The post Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory appeared first on Penetration Testing.
Security Boulevard
JANUARY 26, 2024
The development of privacy-enhancing technologies (PETs) can resolve the tension between data privacy and utility. The post Why We Need to Cultivate a Confidential Computing Ecosystem appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JANUARY 26, 2024
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021.
Bleeping Computer
JANUARY 26, 2024
Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. [.
Malwarebytes
JANUARY 26, 2024
US law enforcement will no longer be able to request footage through the Neighbors app produced by Ring video doorbells and surveillance cameras. Until now Ring’s Request for Assistance (RFA) function allowed law enforcement to ask for and obtain user footage, but this function will be retired. Along with other changes, Ring announced on its blog how public safety agencies like fire and police departments can still use the Neighbors app to share helpful safety tips, updates, and community events
SecureBlitz
JANUARY 26, 2024
Learn how to troubleshoot antivirus problems in this comprehensive guide. Antivirus software plays a crucial role in protecting our computers from malware, viruses, and other online threats. However, there may be instances where you encounter issues with your antivirus program, such as it not turning on or failing to detect threats. In this comprehensive guide, […] The post How to Troubleshoot Antivirus Problems: A Comprehensive Guide appeared first on SecureBlitz Cybersecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JANUARY 26, 2024
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity.
Security Boulevard
JANUARY 26, 2024
If your organization is running an older version of Atlassian Confluence Server that’s affected by CVE-2023-22527 — the critical remote-code execution (RCE) zero day discovered recently — you either The post Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security appeared first on Security Boulevard.
Penetration Testing
JANUARY 26, 2024
Docker Remote API Scanner and Exploit This repository contains a Docker Remote API Scanner and Exploit tool designed for educational and research purposes. It enables users to perform security assessments and experiments related to... The post DockerExploit: Docker Remote API Scanner and Exploit appeared first on Penetration Testing.
Security Boulevard
JANUARY 26, 2024
The rise in cyber attacks has become a major worry. This issue is for organizations where data storage and technical operations are the driving force for business operations. Indeed, cyber attacks are becoming increasingly complex and frequent. This poses a serious risk to data security, business continuity, and the reputation of organizations. Kratikal being a […] The post How Kratikal Helps Businesses Prevent Cyber Attacks?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
266 
Let's personalize your content