Schneier on Security
JANUARY 31, 2024
In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.
Tech Republic Security
JANUARY 31, 2024
Cyber threat hunting is the proactive process of searching for and detecting potential threats or malicious activities within a network or system.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JANUARY 31, 2024
In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization. Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.
Tech Republic Security
JANUARY 31, 2024
Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. Desktops are routinely stationary devices and laptops are harder to lose than smartphones or tablets, being more sizable. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 31, 2024
It’s still relatively early in the year, but bad actors are already targeting accounting and finance organizations as well as filers in the United States with tax-related scams. Researchers at cybersecurity company Proofpoint wrote in a report this week that the return of tax season reliably brought the threat group TA576 back into action. “TA576. The post Tax Season is Upon Us, and So Are the Scammers appeared first on Security Boulevard.
Tech Republic Security
JANUARY 31, 2024
Get the ultimate online protection of privacy and security for up to five devices, including speedy servers, unlimited bandwidth, kill switch and more.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 31, 2024
This tutorial will guide you on how to use KeePass to manage and secure your passwords. Learn how to set it up and make the most of its features.
Security Boulevard
JANUARY 31, 2024
For all the benefits that SaaS provides, data protection and security is most often found wanting. The post Confronting the SaaS Data Protection and Security Crisis appeared first on Security Boulevard.
Malwarebytes
JANUARY 31, 2024
On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the “ mother of all breaches ” (MOAB). Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup. Prevention platform SpyCloud compared the MOAB data with its own recaptured dataset and found at least 94% of the data was either public, old, or otherwise widely-known.
Bleeping Computer
JANUARY 31, 2024
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JANUARY 31, 2024
Requesting the removal of your most confidential data from the internet is a complicated process unless you have Incogni, which can do it in a few clicks.
The Last Watchdog
JANUARY 31, 2024
San Francisco, Calif., Jan. 31, 2024 – Reken, an AI & cybersecurity company, today announced the close of its $10M oversubscribed seed round, led by Greycroft and FPV Ventures. Other investors in the round include Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners. The funding will be used for core research and development to build new AI technology and products to protect against generative AI threats, such as deepfake social engineering and autono
Security Affairs
JANUARY 31, 2024
Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. On October 27th, the Cybernews research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company
PCI perspectives
JANUARY 31, 2024
With 31 March 2024 rapidly approaching, Lauren Holloway, Director, Data Security Standards, shares some key questions, answers, and resources to help entities successfully transition to PCI DSS v4.0.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Pen Test Partners
JANUARY 31, 2024
We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights One of the iOS apps had ATS (application transport security) intentionally disabled, exposing the app to interception attacks over Wi-Fi This could enable
Malwarebytes
JANUARY 31, 2024
Italy’s Data Protection Authority (GPDP) has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence (AI) chatbot that can engage in conversations with users, and answer their questions. It does this using natural, human-like language, a trick which is accomplished by training the underlying algorithm with large amounts of data from t
Security Boulevard
JANUARY 31, 2024
The United States is hitting two Egyptian nationals with sanctions for allegedly creating and maintaining a platform used to train members of the ISIS terrorist group in cybersecurity and to support its funding and recruitment. The Treasury and State departments are accusing Mu’min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid of launching and managing the.
Bleeping Computer
JANUARY 31, 2024
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JANUARY 31, 2024
The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration. The post Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations appeared first on Security Boulevard.
Security Affairs
JANUARY 31, 2024
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). The software company also warned that one of these two vulnerabilities is under active exploitation in the wild.
Bleeping Computer
JANUARY 31, 2024
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. [.
Tech Republic Security
JANUARY 31, 2024
Professional cyber threat hunters complement cybersecurity programs focusing on potential threats and vulnerabilities that may breach automated cybersecurity tools and traditional systems. These hunters proactively search for previously unknown or ongoing threats by using their deep understanding of cybersecurity and how cybercriminals operate. This hiring kit from TechRepublic Premium provides a workable framework you can.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
JANUARY 31, 2024
An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes
Security Affairs
JANUARY 31, 2024
Crooks stole around $112 million worth of Ripple XRP from the crypto wallet of Ripple’s co-founder Chris Larsen. This week, crooks stole around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripple’s co-founder and executive chairman Chris Larsen. Larsen pointed out that the hackers compromised his personal XRP accounts, while the @Ripple was not impacted.
Bleeping Computer
JANUARY 31, 2024
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation. [.
Security Affairs
JANUARY 31, 2024
German police seized 50,000 Bitcoin from the former operator of the now-defunct piracy website movie2k.to. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 billion at the current exchange rate) from the former operator of the now-defunct piracy site movie2k. “This is the most extensive security of Bitcoins by law enforcement authorities in the Federal Republic of Germany to date.” reads the press release published by the German police.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JANUARY 31, 2024
For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.
Security Affairs
JANUARY 31, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication.
Bleeping Computer
JANUARY 31, 2024
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers. [.
Malwarebytes
JANUARY 31, 2024
The Federal Communications Commission (FCC) has announced that its recent actions with the Federal Trade Commission (FTC) against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a nuisance to individuals and businesses alike. In November, 2023, the FCC and FTC sent separate, but coordinated, warning letters to specific gateway providers demanding these providers cease to serve as entry
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
244 
Let's personalize your content