Schneier on Security
JANUARY 2, 2024
TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its alignment with the interests of the Chinese Government.
The Last Watchdog
JANUARY 2, 2024
In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JANUARY 2, 2024
Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.
Security Boulevard
JANUARY 2, 2024
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability. The post Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JANUARY 2, 2024
Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.
Security Boulevard
JANUARY 2, 2024
Google Cloud suggests that it will become simpler for cybersecurity teams to leverage AI to better defend IT environments. The post Google Cloud Report Spotlights 2024 Cybersecurity Challenges appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 2, 2024
Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. [.
Security Affairs
JANUARY 2, 2024
JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. The name of the threat comes from a League of Legends character.
Security Boulevard
JANUARY 2, 2024
One of the big questions that I often get is: How does someone become successful in a cybersecurity career? In this blog I want to share with you the three key lessons I’ve learned during my 18-year journey in the cybersecurity industry. These lessons have paved the way for my success, and I believe they … The Three Keys to Success in Cybersecurity Read More » The post The Three Keys to Success in Cybersecurity appeared first on Security Boulevard.
Security Affairs
JANUARY 2, 2024
Researchers discovered an SSH vulnerability, called Terrapin, that could allow an attacker to downgrade the connection’s security. Security researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin ( CVE-2023-48795 , CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 2, 2024
Palo Alto Network’s cybersecurity recently outlined two vulnerabilities it found in Google Kubernetes Engine (GKE) that, individually, don’t represent much of a threat. However, if a threat actor who already had access to a Kubernetes cluster were to combine the two, they could potentially escalate their privileges and eventually take over the cluster, which could.
Bleeping Computer
JANUARY 2, 2024
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [.
Malwarebytes
JANUARY 2, 2024
Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware.
Bleeping Computer
JANUARY 2, 2024
Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
JANUARY 2, 2024
While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year’s holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a zero-day in Chrome. SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz.
Penetration Testing
JANUARY 2, 2024
Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device. June 2023 marked a pivotal moment when Apple released iOS... The post CVE-2023-32434 Exploited: PoC Unlocks Full Command of iOS Devices appeared first on Penetration Testing.
Veracode Security
JANUARY 2, 2024
Introduction In this first in a series of articles looking at how to remediate common flaws using Veracode Fix – Veracode’s AI security remediation assistant, we will look at finding and fixing one of the most common and persistent flaw types – an SQL injection attack. An SQL injection attack is a malicious exploit where an attacker injects unauthorized SQL code into input fields of a web application, aiming to manipulate the application's database.
Digital Guardian
JANUARY 2, 2024
What is data protection and how does it differ from data security and data privacy? We answer those questions and give pointers on how to develop a data protection strategy in today's blog.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Hack the Box
JANUARY 2, 2024
Want to stand out in a competitive job market? Use these answers to 15 common pentesting interview questions to impress interviewers (or to gauge an interviewee's knowledge)!
Malwarebytes
JANUARY 2, 2024
This week on the Lock and Code podcast… Hackers want to know everything about you: Your credit card number, your ID and passport info, and now, your DNA. On October 1 2023, on a hacking website called BreachForums, a group of cybercriminals claimed that they had stolen—and would soon sell— individual profiles for users of the genetic testing company 23andMe. 23andMe offers direct-to-consumer genetic testing kits that provide customers with different types of information, including potentia
WIRED Threat Level
JANUARY 2, 2024
If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.
CompTIA on Cybersecurity
JANUARY 2, 2024
Artificial intelligence, cybersecurity and new go-to-market activities are just three trends MSPs should follow in 2024. Read more from CompTIA’s Carolyn April.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JANUARY 2, 2024
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
Bleeping Computer
JANUARY 2, 2024
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. [.
Penetration Testing
JANUARY 2, 2024
Proof-of-concept (PoC) code has been released for iOS and macOS vulnerability, CVE-2023-41974, which can be chained to take full control of a mobile device. This vulnerability exposes a critical use-after-free issue in the kernel,... The post $70K Bounty for Revealing CVE-2023-41974 Flaw, PoC Published appeared first on Penetration Testing.
Bleeping Computer
JANUARY 2, 2024
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
JANUARY 2, 2024
In October 2023, NASA took a giant leap for all humankind. in the realm of cybersecurity. It released the Space Security: Best Practices Guide (BPG) , a landmark document designed to safeguard every satellite, communication, and mission from the lurking threats of the digital unknown. But what exactly does this guide offer, and why should you care? Let's blast off and explore the highlights: Universal Applicability: Whether you're building a Mars Rover or sending data from the furthest reaches o
Bleeping Computer
JANUARY 2, 2024
Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. [.
Penetration Testing
JANUARY 2, 2024
ELFEN: Linux Malware Analysis Sandbox ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available... The post ELFEN: Automated Linux Malware Analysis Sandbox appeared first on Penetration Testing.
Security Boulevard
JANUARY 2, 2024
Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
266 
Let's personalize your content