Troy Hunt
JANUARY 29, 2024
I've always thought of it a bit like baseball cards; a kid has a card of this one player that another kid is keen on, and that kid has a card the first one wants so they make a trade. They both have a bunch of cards they've collected over time and by virtue of existing in the same social circles, trades are frequent, and cards flow back and forth on a regular basis.
Schneier on Security
JANUARY 29, 2024
Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 29, 2024
New research details the possible effects of ransomware attacks on businesses and staff, society, the economy and national security, highlighting that its impact on mental and physical health is often overlooked.
Penetration Testing
JANUARY 29, 2024
FFmpeg, a widely used open-source project for handling multimedia files, has recently been spotlighted for its vulnerabilities. Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 29, 2024
The EU says the DMA keeps markets fair and open; Apple says the DMA introduces security problems. Apple is leveling fees against independent app stores.
Bleeping Computer
JANUARY 29, 2024
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 29, 2024
The indictment of the SolarWinds CISO by the SEC served as a harsh wake-up call to the corporate world. The post What the Charges Against the SolarWinds CISO Mean for Security in 2024 appeared first on Security Boulevard.
Tech Republic Security
JANUARY 29, 2024
Learn how to set up, manage passwords, and enhance your online security with McAfee True Key with this complete beginner's guide.
Security Affairs
JANUARY 29, 2024
The U.S. National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. U.S. Senator Ron Wyden, D-Ore., released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. The data acquired by the intelligence agency can reveal the websites visited by the US citizens and what apps they use.
Bleeping Computer
JANUARY 29, 2024
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 29, 2024
Learn how taking an internal, layered approach to cybersecurity – including training staff, controlling access, monitoring activity, and incident planning – helps protect valuable company data and resources from compromise. The post Protecting Business from the Inside Out: A Layered Approach to Cybersecurity appeared first on Security Boulevard.
Bleeping Computer
JANUARY 29, 2024
Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days. [.
Security Affairs
JANUARY 29, 2024
A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords. NTLMv2, which stands for NT LAN Manager version 2, is an authentication protocol used in Microsoft Windows networks.
Security Boulevard
JANUARY 29, 2024
A Datadog report found that cybercriminal activity aimed specifically at AWS cloud infrastructure services is increasing. The post Datadog Report Surfaces Pair of Sophisticated AWS Attacks appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Duo's Security Blog
JANUARY 29, 2024
As a new semester begins, we at Cisco Duo want to share some findings and trends pertaining to threat activity we have seen across higher education customers. We will outline the trends and attack patterns that are the most prevalent and discuss how to configure Duo policies to best protect your users. What happened? In analyzing de-identified customer data over the latter half of 2023, we found a pattern of threat activity targeting multiple universities using shared attack infrastructure.
Security Affairs
JANUARY 29, 2024
Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia. The news was first reported by The Record Media.
Bleeping Computer
JANUARY 29, 2024
Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. [.
Penetration Testing
JANUARY 29, 2024
Ofuji Fishing Tackles, a renowned fishing tackle wholesaler and manufacturer in Japan has recently faced a severe cyber threat. The company disclosed a potential data breach involving personal customer information, a consequence of a... The post Data Breach at Ofuji Fishing: 200,000 Customers’ Information Compromised appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JANUARY 29, 2024
Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. [.
Security Boulevard
JANUARY 29, 2024
Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to automate various steps in the software development lifecycle. Researchers with SonarSource, a code quality and security firm, in November 2023 alerted the maintainers.
We Live Security
JANUARY 29, 2024
In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike
Security Boulevard
JANUARY 29, 2024
In today's digital age, organizations face the constant threat of cyber attacks. Safeguarding critical data and infrastructure requires a proactive approach, starting with a comprehensive cybersecurity risk assessment. However, choosing a suitable risk assessment model is crucial for articulating your organization's cybersecurity risks clearly, selecting the most effective model for your needs, and implementing a robust and sustainable risk management program.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JANUARY 29, 2024
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. [.
Security Boulevard
JANUARY 29, 2024
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Horizon3.ai. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Security Boulevard.
Penetration Testing
JANUARY 29, 2024
LEAKEY LEAKEY is a tool for validation of leaked API tokens/keys found during pentesting and Red Team Engagements. The script is really useful for Bug Hunters in order to validate and determine the impact... The post LEAKEY: checks and validates for leaked credentials appeared first on Penetration Testing.
Security Boulevard
JANUARY 29, 2024
Quick question: when is it ok to run a networked system without updates? If the answer takes more than 1 second and is anything other than “never,” we need to talk. Imagine this: a major corporation crippled overnight by a cyberattack, all because of one overlooked detail – outdated systems. This isn’t a hypothetical scenario; […] The post Cybersecurity in Review: The Alarming Trend of Unsupported Systems appeared first on TuxCare.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JANUARY 29, 2024
Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. [.
Malwarebytes
JANUARY 29, 2024
This week on the Lock and Code podcast… If the internet helped create the era of mass surveillance, then artificial intelligence will bring about an era of mass spying. That’s the latest prediction from noted cryptographer and computer security professional Bruce Schneier, who, in December, shared a vision of the near future where artificial intelligence—AI—will be able to comb through reams of surveillance data to answer the types of questions that, previously, only humans could.
Bleeping Computer
JANUARY 29, 2024
Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. [.
WIRED Threat Level
JANUARY 29, 2024
Members of Congress say the DOJ is funding the use of AI tools that further discriminatory policing practices. They're demanding higher standards for federal grants.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
276 
Let's personalize your content