Schneier on Security

MAY 3, 2024

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.

273

273

The Last Watchdog

MAY 3, 2024

Businesses today need protection from increasingly frequent and sophisticated DDoS attacks. Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect their networks, they’ll need to enable accurate attack detection while keeping operations manageable and efficient.

DDOS 229

DDOS Risk 229

Schneier on Security

MAY 3, 2024

I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.

Internet 240

Internet Internet 240

Tech Republic Security

MAY 3, 2024

According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.

Ransomware 163

Ransomware Cybersecurity 163

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

Cybersecurity

Penetration Testing

MAY 3, 2024

A significant security vulnerability has been identified in WordPress, the world’s most popular content management system, which could potentially allow attackers to take control of affected websites. The vulnerability, tracked as CVE-2024-4439 and rated... The post CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing 143

Tech Republic Security

MAY 3, 2024

The U.K.'s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.

Technology 150

Technology 150

Tech Republic Security

MAY 3, 2024

The year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.

Digital transformation 129

Digital transformation Big data Artificial Intelligence Technology 129

Bleeping Computer

MAY 3, 2024

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. [.

Authentication 135

Authentication Hacking 135

Security Boulevard

MAY 3, 2024

Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability. The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.

Passwords 132

Passwords Cybersecurity Data privacy Software 132

Bleeping Computer

MAY 3, 2024

Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [.

Accountability 130

Accountability Authentication Passwords 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

MAY 3, 2024

SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024 , opening here on Monday, Microsoft is putting its money where its mouth is. Related: Shedding light on LLM vulnerabilities More precisely the software titan is putting money within reach of its senior executives’ mouths. Screenshot In a huge development, Microsoft announced today that it is revising its security practices, organizational structure, and, most importantly, its executive compensation in an at

Software 100

Software Engineering Internet Internet 100

Security Affairs

MAY 3, 2024

Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan based on the leaked ZeuS source code. After a hiatus of almost two years, Zloader reappeared with new obfuscation techniques, domain generation algorithm (DGA), and network communication.

Malware 120

Malware Banking Hacking Cybercrime 120

The Hacker News

MAY 3, 2024

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.

Malware 119

Malware 119

Bleeping Computer

MAY 3, 2024

Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. [.

Software 124

Software 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MAY 3, 2024

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State.

Government 110

Government Cybersecurity 110

Security Affairs

MAY 3, 2024

LockBit ransomware operators have published sensitive data allegedly stolen from the Simone Veil hospital in Cannes. In April, a cyber attack hit the Hospital Simone Veil in Cannes (CHC-SV), impacting medical procedures and forcing personnel to return to pen and paper. Non-urgent surgical procedures and consultations scheduled at the time of the attack were postponed.

Cyber Attacks 110

Cyber Attacks Ransomware Healthcare Media 110

Bleeping Computer

MAY 3, 2024

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [.

DNS 108

DNS VPN 108

WIRED Threat Level

MAY 3, 2024

“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more. And they’re not afraid to show it off online.

Scams 102

Scams 102

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MAY 3, 2024

Microsoft devised an attack technique, dubbed ‘Dirty Stream,’ impacting widely used Android applications, billions of installations are at risk. Microsoft is warning Android users about a new attack technique, named Dirty Stream, that can allow threat actors to take control of apps and steal sensitive data. The IT giant describes Dirty Stream as an attack pattern, linked to path traversal, that affects various popular Android apps.

Risk 97

Risk Accountability Hacking Mobile 97

Malwarebytes

MAY 3, 2024

Microsoft is rolling out passkey support for all consumer accounts. Passkeys are a very secure replacement for passwords that can’t be cracked, guessed or phished, and let you log in easily, without having to type a password every time. After enabling them in Windows 11 last year, Microsoft account owners can now generate passkeys across multiple platforms including Windows, Android, and iOS.

Accountability 93

Accountability Passwords Phishing Authentication 93

Security Affairs

MAY 3, 2024

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are u

Phishing 96

Phishing Cryptocurrency Internet Internet 96

The Hacker News

MAY 3, 2024

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence.

DDOS 91

DDOS Cyber threats 91

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

MAY 3, 2024

BadExclusions Now With Better Opsec BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs Hook_Checker.exe in all folders and subfolders of... The post BadExclusionsNWBO: identify folder custom or undocumented exclusions on AV/EDR appeared first on Penetration Testing.

Penetration Testing 80

Penetration Testing 80

The Hacker News

MAY 3, 2024

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.

Risk 89

Risk Technology 89

Security Boulevard

MAY 3, 2024

Failure to configure authentication allowed malicious actors to exploit Airsoftc3.com's database, exposing the sensitive data of a vast number of the gaming site's users. The post Airsoft Data Breach Exposes Data of 75,000 Players appeared first on Security Boulevard.

Data breaches 78

Data breaches Authentication Social Engineering Data privacy 78

Penetration Testing

MAY 3, 2024

Hackers are actively exploiting a vulnerability in the LiteSpeed Cache Plugin for WordPress, a tool currently installed on over 5 million websites worldwide. The vulnerability, known as CVE-2023-40000, allows attackers to create administrative accounts,... The post WordPress Sites Under Widespread Attack – LiteSpeed Cache Plugin Exploit Puts Millions at Risk appeared first on Penetration Testing.

Penetration Testing 77

Penetration Testing Risk Accountability 77

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MAY 3, 2024

This year, virtual CISOs must begin making a difference in our industry. For the longest time, small and medium businesses (SMBs) have been abandoned by the cybersecurity industry. But, SMBs need security leaders to guide them through the maze of cyber risk and craft practical strategies that align with their unique ever-evolving business objectives.

CISO 72

CISO Cybersecurity Cyber Risk Risk 72

Penetration Testing

MAY 3, 2024

Nvidia has released a security advisory addressing critical vulnerabilities in its Triton Inference Server, a widely-used platform that streamlines AI inferencing across various environments, including cloud, data centers, and edge devices. The vulnerabilities, if... The post CVE-2024-0087: NVIDIA Releases Security Patch for Critical Flaw in Triton Inference Server appeared first on Penetration Testing.

Penetration Testing 63

Penetration Testing 63

Security Boulevard

MAY 3, 2024

Prisma SASE 3.0 promises to make it simpler and faster to apply zero-trust policies. The post Palo Alto Networks Extends SASE Reach to Unmanaged Devices appeared first on Security Boulevard.

Risk 72

Risk Government 72

Penetration Testing

MAY 3, 2024

The United States has formally denounced a series of cyberattacks orchestrated by Russia’s General Staff Main Intelligence Directorate (GRU), commonly identified as APT28, targeting multiple European Union member states including Germany, Czechia, Lithuania, Poland,... The post US Denounces Russian Cyberattacks Targeting Germany, EU Nations appeared first on Penetration Testing.

Penetration Testing 59

Penetration Testing 59

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity