Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Internet 334

Internet Internet Wireless Government 334

Schneier on Security

FEBRUARY 14, 2024

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a lot about the security of these systems, and this paper is an example of that learning.

243

243

Tech Republic Security

FEBRUARY 14, 2024

In a new report from Google's Threat Analysis Group, the researchers detail how commercial surveillance vendors particularly use spyware and target Google and Apple devices.

Spyware 167

Spyware Surveillance Mobile Cybersecurity 167

Schneier on Security

FEBRUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024.

229

229

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 14, 2024

Maintaining security is important in business, and iProVPN uses AES 256-bit encryption to keep your data secure — even on public Wi-Fi networks.

Encryption 152

Encryption VPN 152

Bleeping Computer

FEBRUARY 14, 2024

The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [.

Encryption 135

Encryption Backups Passwords Software 135

Security Boulevard

FEBRUARY 14, 2024

I❤️POE: Does your home security need a rethink? Wireless cameras are kinda useless, say cops. The post ALERT: Thieves❤️Wi-Fi Camera Jammers appeared first on Security Boulevard.

Wireless 131

Wireless Social Engineering Internet Internet 131

Tech Republic Security

FEBRUARY 14, 2024

A passkey is a security measure used to grant access to a protected system. This guide explains how it works, and provides more information on its uses and benefits.

Password Management 127

Password Management Passwords 127

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.

Software 128

Software Authentication Mobile Hacking 128

Bleeping Computer

FEBRUARY 14, 2024

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [.

127

127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 14, 2024

Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.

Software 126

Software Authentication Ransomware 126

Bleeping Computer

FEBRUARY 14, 2024

A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [.

Malware 125

Malware 125

Security Affairs

FEBRUARY 14, 2024

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’

Hacking 125

Hacking Cybersecurity Information Security 125

Tech Republic Security

FEBRUARY 14, 2024

LogMeOnce has useful features that may be hard to navigate for some. Learn how to get the most out of LogMeOnce in this step-by-step guide.

Password Management 128

Password Management Passwords 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 14, 2024

The rapid growth in the number of generative AI tools and platforms and their expanding adoption by organizations are giving legs to long-held concerns about security and privacy threats from the technology. A report released today by Menlo Security gives legs to those concerns. The cybersecurity firm found that despite repeated warnings from their organizations, The post 55% of Generative AI Inputs Include Sensitive Data: Menlo Security appeared first on Security Boulevard.

Technology 124

Technology Cybersecurity Data privacy Phishing 124

Bleeping Computer

FEBRUARY 14, 2024

The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. [.

Software 124

Software 124

The Last Watchdog

FEBRUARY 14, 2024

Lehi, Utah – Feb. 14, 2024 – DigiCert, a leading global provider of digital trust, today announced new additions to its executive leadership team with the appointments of Jugnu Bhatia as Chief Financial Officer (CFO) and Dave Packer as Chief Revenue Officer (CRO). “DigiCert just closed its largest quarterly bookings in the company history, and I am thrilled to have such exceptional leaders joining our executive team at an important stage in our growth,” said Amit Sinha, CEO of DigiCert.

Marketing 100

Marketing Software Accountability 100

Jane Frankland

FEBRUARY 14, 2024

Every Valentine’s Day, we’re inundated with imagery of passion. In the business world, too, passion is often heralded as a key ingredient for success. But I dare to offer a different perspective, one rooted in the virtues of love. You see, I believe in love. It’s always the answer to a problem. The antidote to fear. The source of inspiration.

Cybersecurity 100

Cybersecurity Authentication Marketing Accountability 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

FEBRUARY 14, 2024

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.

123

123

Bleeping Computer

FEBRUARY 14, 2024

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. [.

125

125

Security Affairs

FEBRUARY 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days. The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

Information Security 121

Information Security Internet Internet Ransomware 121

WIRED Threat Level

FEBRUARY 14, 2024

Romantic chatbots collect huge amounts of data, provide vague information about how they use it, use weak password protections, and aren’t transparent, new research from Mozilla says.

Passwords 120

Passwords 120

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

FEBRUARY 14, 2024

Employees are often heralded as a company's most valuable asset, but these insiders can also be an organization's biggest risk. The post 3 Ways Insider Threats Put Your Company at Risk in 2024 appeared first on Security Boulevard.

Risk 120

Risk Data breaches Security Awareness Government 120

We Live Security

FEBRUARY 14, 2024

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

129

129

Bleeping Computer

FEBRUARY 14, 2024

Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). [.

127

127

Tech Republic Security

FEBRUARY 14, 2024

This policy from TechRepublic Premium provides information on defining an incident, assigning an incident response team, documenting a plan and conducting a response. It can be customized to meet the needs of your organization. Featured text from the policy: DOCUMENT AN INCIDENT RESPONSE PLAN Draw up a plan for incident response and start by including.

104

104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 14, 2024

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication.

Artificial Intelligence 117

Artificial Intelligence Social Engineering Phishing Engineering 117

Bleeping Computer

FEBRUARY 14, 2024

Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. [.

121

121

Security Boulevard

FEBRUARY 14, 2024

A quarter of Valentine’s Day-themed spam emails intercepted by Bitdefender's filters were identified as scams aimed at defrauding recipients. The post Valentine’s Day Scams Woo the Lonely-Hearted appeared first on Security Boulevard.

Scams 116

Scams Phishing Risk Mobile 116

The Hacker News

FEBRUARY 14, 2024

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system.

Cybersecurity 113

Cybersecurity 113

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.