Schneier on Security
DECEMBER 6, 2023
Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.
Krebs on Security
DECEMBER 6, 2023
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 6, 2023
Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.
WIRED Threat Level
DECEMBER 6, 2023
Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
DECEMBER 6, 2023
Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support.
We Live Security
DECEMBER 6, 2023
Smart cars include many new functions that make our lives easier, but they also do so by intruding upon personal privacy through an incessant amount of tracking, which can make these cars targets of cyberattacks.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureList
DECEMBER 6, 2023
Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch” They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into
Security Affairs
DECEMBER 6, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vuln
WIRED Threat Level
DECEMBER 6, 2023
Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.
Security Affairs
DECEMBER 6, 2023
Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue is not a flaw in the feature or an iOS vulnerability.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
DECEMBER 6, 2023
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [.
Security Affairs
DECEMBER 6, 2023
Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.
Bleeping Computer
DECEMBER 6, 2023
Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [.
Tech Republic Security
DECEMBER 6, 2023
Ready or not, here comes 2024. From resilience to board priorities, Splunk executives across security, IT and engineering weigh in on what to expect in the era of AI. AI: The hype will pay off, but business impact will take another 12-24 months. C-suite transformation: CISOs, CTOs and CIOs will have expanded roles in the.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
DECEMBER 6, 2023
The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then. Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular.
Security Boulevard
DECEMBER 6, 2023
Security teams are wasting time and resources normalizing data to store and analyze it in a separate platform instead of relying on the same data IT teams use to manage operations. The post Survey Surfaces Wasted Efforts Collecting Cybersecurity Data appeared first on Security Boulevard.
Malwarebytes
DECEMBER 6, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) put out a Cybersecurity Advisory (CSA) to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile applications. It can often be found on internet-facing servers.
GlobalSign
DECEMBER 6, 2023
In this blog, we explore 10 steps to enabling better security and efficiency that DevOps environments should be considering
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
DECEMBER 6, 2023
The AI promises of today may become the cybersecurity perils of tomorrow. Discover the emerging opportunities and obstacles Splunk security leaders foresee in 2024: Talent: AI will alleviate skills gaps while creating new functions, such as prompt engineering. Data privacy: With AI and the use of large language models introducing new data privacy concerns, how.
Graham Cluley
DECEMBER 6, 2023
$10 million reward is focused on hackers working on behalf of the North Korean government, who are using cryptocurrency mixers to launder the funds they are stealing from financial institutions and businesses. Read more in my article on the Hot for Security blog.
Penetration Testing
DECEMBER 6, 2023
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed... The post PipeViewer: shows detailed information about named pipes in Windows appeared first on Penetration Testing.
Security Boulevard
DECEMBER 6, 2023
SALT LAKE CITY, — Ostrich Cyber-Risk (Ostrich) , a pioneer and prestigious provider of cyber-risk management solutions, is excited to announce a partnership with C-Risk , a leading service provider of cyber risk management in Europe. Tom Callaghan, Co-Founder of C-Risk, commented, "C-Risk has built a portfolio of services which help our clients to unlock the value of quantitative risk management.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Trend Micro
DECEMBER 6, 2023
Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics, from AI to human factors.
Security Boulevard
DECEMBER 6, 2023
Defense-in-depth is a cybersecurity strategy that emphasizes deploying multiple layers of security controls and countermeasures to protect critical assets and mitigate the impact of potential attacks. The post Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.
Digital Guardian
DECEMBER 6, 2023
Data masking or data obfuscation has become a popular way to modify data to make it difficult to ascertain what's authentic vs. what's been modified. In today's blog we look at three different data masking techniques.
Security Boulevard
DECEMBER 6, 2023
Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics , give us unique visibility into trends in mobile security. Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
DECEMBER 6, 2023
Passwords are like the keys to our online lives, guarding our personal information, financial accounts, and the very fabric of our digital identities. However, as data breaches become more common, leaked passwords have emerged as a major cybersecurity threat. Imagine if the keys to your home were stolen and distributed among criminals. This is essentially what happens when passwords are leaked in data breaches.
The Hacker News
DECEMBER 6, 2023
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.
Malwarebytes
DECEMBER 6, 2023
Google Chrome, Adobe Acrobat Reader, TeamViewer, you name it—there’s no shortage of third-party apps that IT teams need to constantly check for vulnerabilities. But to get a better picture of the problem, let’s bust out some napkin math. The average company uses about 200 applications overall. Assuming at least 75% of these have a vulnerability at any given time, small security teams are tasked with finding and prioritizing over 150 vulnerabilities on a rolling basis.
SecureWorld News
DECEMBER 6, 2023
In a groundbreaking move, New York Governor Kathy Hochul has unveiled a comprehensive cybersecurity strategy that aims to safeguard the state's critical infrastructure, specifically its healthcare sector. This initiative, backed by a substantial $500 million investment, sets forth a series of nation-leading proposed regulations for hospitals, bolstering their defenses against ever-evolving cyber threats.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
341 
Let's personalize your content