Schneier on Security
DECEMBER 11, 2023
It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.
Joseph Steinberg
DECEMBER 11, 2023
Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Washington, DC — December 11, 2023 — The International Association of Chiefs of Police (IACP) has appointed long-time information-security-industry veteran and cybersecurity expert witness, Joseph Steinberg, to the organization’s Computer Crime & Digital Evidence Committee.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
DECEMBER 11, 2023
A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.
Bleeping Computer
DECEMBER 11, 2023
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 11, 2023
Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices.
Bleeping Computer
DECEMBER 11, 2023
Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 11, 2023
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [.
Tech Republic Security
DECEMBER 11, 2023
Hotspot Shield’s speed-oriented features may not be enough to overcome its lack of testing and questionable data logs. Read more in our full review below.
Bleeping Computer
DECEMBER 11, 2023
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. [.
Security Boulevard
DECEMBER 11, 2023
The post The top cyber security news stories of 2023 appeared first on Click Armor. The post The top cyber security news stories of 2023 appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 11, 2023
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. [.
Security Affairs
DECEMBER 11, 2023
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164 , could lead to remote code execution.
Bleeping Computer
DECEMBER 11, 2023
The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. [.
Security Affairs
DECEMBER 11, 2023
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
DECEMBER 11, 2023
AI has been around for a while now, but governments are only starting to issue legislation to regulate it. Is it too late? Have we learned nothing from late IoT regulations that left the market swamped with old insecure devices?
Security Boulevard
DECEMBER 11, 2023
SMBs are low-hanging fruit for cybercriminals because they have limited IT resources, staff and cybersecurity defenses. The post Why Cybersecurity Needs To Be an SMB Priority appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 11, 2023
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [.
Security Boulevard
DECEMBER 11, 2023
Take a look at Fred’s must-reads for the holiday season. I always enjoy thinking back over the last year, remembering the new books that I’ve enjoyed and learned from, but also the books I’ve read in the past that resurfaced in life and work this year. When putting together a book and film recommendation list,… The post Fred Burton’s 2023 Holiday Reading List appeared first on Ontic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
DECEMBER 11, 2023
headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/headerpwn@v0.0.3 Use headerpwn allows you to test various headers on a target URL and analyze the... The post headerpwn: A fuzzer for analyzing how servers respond to different HTTP headers appeared first on Penetration Testing.
Security Affairs
DECEMBER 11, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-41265 (CVSS score 9.6)- Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an atta
Penetration Testing
DECEMBER 11, 2023
In the shadowy world of cyber threats, PlugX stands out as a sophisticated and insidious malware, leaving a digital trail of espionage and evasion. Recently, the Splunk Threat Research Team (STRT) unraveled the mystery... The post PlugX malware: The Enigma of Cyber Espionage Unveiled appeared first on Penetration Testing.
WIRED Threat Level
DECEMBER 11, 2023
Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
DECEMBER 11, 2023
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
WIRED Threat Level
DECEMBER 11, 2023
With its war against Russia raging on, Ukraine has begun raising funds to rebuild homes and structures one by one using its own crowdfunding platform.
The Hacker News
DECEMBER 11, 2023
The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts.
Thales Cloud Protection & Licensing
DECEMBER 11, 2023
How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification madhav Tue, 12/12/2023 - 05:21 Given the pace of data growth and the complexity of hybrid IT environments, the discovery and classification of sensitive data is no simple task. In a recent study , IDC predicted the global datasphere will more than double in size from 2022 to 2026, and that 80% of that data will be unstructured.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
DECEMBER 11, 2023
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.
Penetration Testing
DECEMBER 11, 2023
In the shadowy realm of cyber warfare, the Sandman APT group emerges as a formidable force. Associated with China-based threat clusters, Sandman exemplifies the escalating sophistication in global cyber espionage, particularly with its adoption... The post Unmasking Sandman APT: SentinelLabs Decodes China’s Cyber Shadow appeared first on Penetration Testing.
SecureWorld News
DECEMBER 11, 2023
Have you been thinking about digital trust? How do you trust an algorithm that's making thousands of decisions a second when you don't even know how it works? And how do you trust a company that is silently tracking your movements every day, collecting data on you, and not telling you what they do with that data? With our digital global economy being founded on trust, we need to establish a meaningful definition of "digital trust.
Penetration Testing
DECEMBER 11, 2023
In the world of cybersecurity, the name ELECTRUM has become synonymous with precision, stealth, and disruption. This group, known for its meticulous cyber attacks on Ukrainian electric utilities, represents a new era of cyber... The post Unmasking ELECTRUM: Cyber Predators of the Ukrainian Grid appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
265 
Let's personalize your content