Schneier on Security
DECEMBER 6, 2023
Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.
Krebs on Security
DECEMBER 6, 2023
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 6, 2023
Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support.
We Live Security
DECEMBER 6, 2023
Smart cars include many new functions that make our lives easier, but they also do so by intruding upon personal privacy through an incessant amount of tracking, which can make these cars targets of cyberattacks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 6, 2023
Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.
Bleeping Computer
DECEMBER 6, 2023
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 6, 2023
Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [.
Security Affairs
DECEMBER 6, 2023
Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue is not a flaw in the feature or an iOS vulnerability.
Bleeping Computer
DECEMBER 6, 2023
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. [.
WIRED Threat Level
DECEMBER 6, 2023
Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
DECEMBER 6, 2023
The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then. Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular.
WIRED Threat Level
DECEMBER 6, 2023
Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.
Security Affairs
DECEMBER 6, 2023
Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.
Bleeping Computer
DECEMBER 6, 2023
Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 6, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vuln
Digital Guardian
DECEMBER 6, 2023
Data masking or data obfuscation has become a popular way to modify data to make it difficult to ascertain what's authentic vs. what's been modified. In today's blog we look at three different data masking techniques.
Security Boulevard
DECEMBER 6, 2023
SALT LAKE CITY, — Ostrich Cyber-Risk (Ostrich) , a pioneer and prestigious provider of cyber-risk management solutions, is excited to announce a partnership with C-Risk , a leading service provider of cyber risk management in Europe. Tom Callaghan, Co-Founder of C-Risk, commented, "C-Risk has built a portfolio of services which help our clients to unlock the value of quantitative risk management.
Bleeping Computer
DECEMBER 6, 2023
A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 6, 2023
Defense-in-depth is a cybersecurity strategy that emphasizes deploying multiple layers of security controls and countermeasures to protect critical assets and mitigate the impact of potential attacks. The post Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.
Security Affairs
DECEMBER 6, 2023
GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously known as Book Keeper) app is one of the thousands of apps on the Google Play Store with sensitive data hard-coded into the client side of an app.
Security Boulevard
DECEMBER 6, 2023
Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics , give us unique visibility into trends in mobile security. Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024.
Penetration Testing
DECEMBER 6, 2023
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed... The post PipeViewer: shows detailed information about named pipes in Windows appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 6, 2023
Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. [.
Graham Cluley
DECEMBER 6, 2023
$10 million reward is focused on hackers working on behalf of the North Korean government, who are using cryptocurrency mixers to launder the funds they are stealing from financial institutions and businesses. Read more in my article on the Hot for Security blog.
Penetration Testing
DECEMBER 6, 2023
A critical security vulnerability patched in the recent WordPress 6.4.2 update could have allowed attackers to take full control of vulnerable websites. While the vulnerability itself resided within WordPress core, its potential for harm... The post Critical WordPress Vulnerability Patched: Remote Code Execution Possible appeared first on Penetration Testing.
Thales Cloud Protection & Licensing
DECEMBER 6, 2023
Securing the Cloud Frontier: Navigating the Complexities of SaaS Data Protection in the Multi-Cloud Era madhav Thu, 12/07/2023 - 05:34 In the rapidly evolving digital landscape, Software as a Service (SaaS) has emerged as a cornerstone of modern business operations. Valued at nearly $200 billion and projected to dominate the enterprise-software market, SaaS offers unparalleled business opportunities and efficiencies.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
DECEMBER 6, 2023
Ready or not, here comes 2024. From resilience to board priorities, Splunk executives across security, IT and engineering weigh in on what to expect in the era of AI. AI: The hype will pay off, but business impact will take another 12-24 months. C-suite transformation: CISOs, CTOs and CIOs will have expanded roles in the.
The Hacker News
DECEMBER 6, 2023
Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet.
SecureList
DECEMBER 6, 2023
Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch” They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into
Security Boulevard
DECEMBER 6, 2023
Hackers linked to Russia’s military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North America and Europe. The advanced persistent threat (APT) group Fancy Bear has used phishing schemes in attacks before, but the number of emails.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
262 
Let's personalize your content