The Last Watchdog

FEBRUARY 11, 2024

Every industry is dealing with a myriad of cyber threats in 2024. It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure. Related: The case for augmented reality training Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate , especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance office

Cyber Risk 235

Cyber Risk Risk Financial Services Cyber threats 235

Lohrman on Security

FEBRUARY 11, 2024

When we persevere through difficulties our results are often better than initially expected. Here’s a story of how pandemic disappointments and travel problems led to new professional opportunities.

218

218

Penetration Testing

FEBRUARY 11, 2024

A serious security flaw has been unearthed in the popular database software PostgreSQL, raising concerns for businesses and systems administrators. This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with... The post CVE-2024-0985: PostgreSQL’s Critical Security Flaw Exposed appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing System Administration Software 144

Bleeping Computer

FEBRUARY 11, 2024

ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. [.

DNS 143

DNS Software 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 11, 2024

Raspberry Robin continues to evolve, it was spotted using two new one-day exploits for vulnerabilities either Discord to host samples. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Malware 117

Malware Backups Manufacturing Hacking 117

Penetration Testing

FEBRUARY 11, 2024

A recently discovered security bug in ExpressVPN’s Windows software, tracked as CVE-2024-25728, has forced the popular VPN provider to temporarily disable its ‘split tunneling‘ feature. This serious flaw could have exposed sensitive user information,... The post CVE-2024-25728: ExpressVPN Bug Exposed User Browsing History appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing VPN Software 111

Penetration Testing

FEBRUARY 11, 2024

Disable Windows Defender Privilege tokens are permissions given by the system to a process. For example, if a process has a “SeShutdownPrivilege” token, then it has the right to turn off your computer.​If your... The post Disable Windows Defender: UAC Bypass + Upgrade to SYSTEM appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

The Hacker News

FEBRUARY 11, 2024

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity.

Ransomware 108

Ransomware 108

WIRED Threat Level

FEBRUARY 11, 2024

Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics.

103

103

The Hacker News

FEBRUARY 11, 2024

Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said.

93

93

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 11, 2024

When we persevere through difficulties our results are often better than initially expected. Here’s a story of how pandemic disappointments and travel problems led to new professional opportunities. The post Cyber Mayday and My Journey to Oz appeared first on Security Boulevard.

70

70

Penetration Testing

FEBRUARY 11, 2024

IMDSPOOF IMDSPOOF is a cyber deception tool that spoofs an AWS IMDS service. One way that attackers can escalate privileges or move laterally in a cloud environment is by retrieving AWS Access keys from... The post IMDSpoof: a cyber deception tool that spoofs an AWS IMDS service appeared first on Penetration Testing.

Penetration Testing 69

Penetration Testing 69

Security Boulevard

FEBRUARY 11, 2024

In episode 316, we have the pleasure to chat with Jason Haddix, a prominent influencer in the cybersecurity community. With an intriguing career path, from being a ‘computer kid’, venturing into the nascent dark web, to becoming a respected figure in the Bug Bounty space, his journey is nothing short of inspiration. We dive into […] The post Jason Haddix on Bug Bounties and Cybersecurity Career Growth appeared first on Shared Security Podcast.

Cybersecurity 62

Cybersecurity Data privacy Technology InfoSec 62

SecureWorld News

FEBRUARY 11, 2024

Supply chain finance, sometimes called supplier finance, is an approach to supply chain management in which a supplier receives payments for their invoices early. Suppose you're a small business owner whose bottom line is impacted heavily by the conditions of your supplier relationships. In that case, you may have heard that supply chain finance can help you optimize your working capital while reducing the risk of supply chain disruption.

Small Business 90

Small Business Risk Cybersecurity Banking 90

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 11, 2024

The focus of CISSP is purely Information Security. Having said that, its a very big field. CISSP’s reputation as a certification is for being ‘ a mile wide and an inch deep ’. In fact it’s so wide that rather like the Great Wall of China, you can probably see it from space. That, and not technical depth, is what makes it hard. That’s a limitation too - CISSP means you understand something, but not that you know how to do it.

Information Security 62

Information Security Government Architecture Risk 62

Security Affairs

FEBRUARY 11, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations Exploiting a vulnerable Minifilter Driver to create a process killer Black Basta ransomware

Spyware 95

Spyware Surveillance Identity Theft DDOS 95

Security Boulevard

FEBRUARY 11, 2024

Information risk and security is an infinite field of work and study. You can spend your whole life trying to gain the width or depth of knowledge necessary to do the job competently, and every day feel you know a little less than the day before. At the same time, it’s one of the least mature professions you can find. It has been borne from a computing industry less than a century old, yet in many ways has grown beyond it.

Risk 62

Risk Mobile Marketing Information Security 62

Security Boulevard

FEBRUARY 11, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. The post USENIX Security ’23 – Pardis Emami-Naeini, Janarth Dheenadhayalan, Yuvraj Agarwal, Lorrie Faith Cranor – Are Consumers Willing to Pay for Security and Privacy of IoT Devices?

IoT 62

IoT 62

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 11, 2024

The Certified Information Systems Manager (CISM) qualification is provided by ISACA, and roughly on a par with it’s CISA IT audit qualification. It is a certification for IT security managers, and like CISA tries to strike a balance between technical IT knowledge and business understanding, with a focus on information risk management, information security governance, incident management, and developing and managing an information security program.

Information Security 62

Information Security Risk Government Education 62

Security Boulevard

FEBRUARY 11, 2024

CISA is possibly the one ‘pure’ Information systems audit qualification that is recognised anywhere. It is balanced between technical IT knowledge and business understanding. And it has lovely exam questions - and I should know, as I wrote some of them. There are other IT audit certifications – from the IIA’s aborted QiCA to supporting CPA type accounting quals and tech quals such as CCNA – but none with the universal recognition CISA holds.

Banking 57

Banking Government Accountability Risk 57