Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

IoT 247

IoT Software Manufacturing Internet 247

Jane Frankland

JANUARY 12, 2024

In that moment, I found myself at a crossroads. Facing a perplexed gaze, I turned my back on one of cybersecurity’s most high profile CISOs, my hands pressed firmly against my ears, belting out a powerful melody. I knew it was a crazy act, and perhaps it was unfair of me to subject him to it, but I wanted him to understand a pressing need in cybersecurity.

Cybersecurity 182

Cybersecurity Risk Banking CISO 182

Tech Republic Security

JANUARY 12, 2024

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 159

VPN Cybersecurity Network Security 159

Bleeping Computer

JANUARY 12, 2024

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

144

144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 134

Passwords Firewall Marketing Authentication 134

Bleeping Computer

JANUARY 12, 2024

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [.

Firewall 143

Firewall 143

Bleeping Computer

JANUARY 12, 2024

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. [.

Accountability 126

Accountability 126

The Last Watchdog

JANUARY 12, 2024

Washington, DC, Jan. 12, 2024 – Trimarc Security , the professional services company with extensive expertise in securing Active Directory for enterprise organizations, today announced the early access availability of its new product, Trimarc Vision. Trimarc Vision is a powerful security posture analysis product that provides visibility into the most important security components of Active Directory.

Risk 100

Risk Media 100

Security Affairs

JANUARY 12, 2024

Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The database was closed after researchers informed Liquipedia’s admins about the issue.

Authentication 119

Authentication Media Accountability Encryption 119

Security Boulevard

JANUARY 12, 2024

Here's how osquery can empower security teams, enabling them to respond effectively and efficiently to the constant stream of cyberattacks. The post Improving Cybersecurity Response With Open Source Endpoint Visibility appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity Malware 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

JANUARY 12, 2024

A new security vulnerability was found in Apache Solr, an open-source enterprise-search platform renowned for its robust full-text search, real-time indexing, and seamless integration with databases and NoSQL systems. This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 117

Penetration Testing 117

Security Boulevard

JANUARY 12, 2024

The post How to Recover After Failing a Cybersecurity Audit appeared first on Digital Defense. The post How to Recover After Failing a Cybersecurity Audit appeared first on Security Boulevard.

Cybersecurity 116

Cybersecurity 116

Security Affairs

JANUARY 12, 2024

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches.

Firewall 112

Firewall Hacking Software Information Security 112

Security Boulevard

JANUARY 12, 2024

The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Click Armor. The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Security Boulevard.

Security Awareness 109

Security Awareness CISO 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JANUARY 12, 2024

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [.

Malware 109

Malware 109

Malwarebytes

JANUARY 12, 2024

Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some of them can have some adverse effects on your privacy, and sometimes even your safety.

Manufacturing 106

Manufacturing Wireless VPN Advertising 106

Hacker Combat

JANUARY 12, 2024

If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and. The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.

102

102

WIRED Threat Level

JANUARY 12, 2024

The US Securities and Exchange Commission and security firm Mandiant both had their X accounts breached, possibly due to changes to X’s two-factor authentication settings. Here’s how to fix yours.

Accountability 91

Accountability Hacking Authentication 91

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JANUARY 12, 2024

Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark ? A benchmark was run across... The post Subdominator: CLI tool for detecting subdomain takeovers appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing 97

Hacker Combat

JANUARY 12, 2024

If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for. The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.

89

89

Bleeping Computer

JANUARY 12, 2024

Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. [.

Ransomware 100

Ransomware 100

Security Boulevard

JANUARY 12, 2024

As 2024 kicks off, here's where cloud-native supply chain security stands and what to expect in the immediate future. The post The State of Open Source Cloud-Native Security appeared first on Security Boulevard.

Software 86

Software Risk Mobile Government 86

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

JANUARY 12, 2024

Sebastien Raoult, 22, a citizen of Epinal, France, was arrested in Morocco in 2022 and extradited to the United States in 2023. According to the U.S. Department of Justice, Raoult participated in large-scale computer... The post Notorious French Hacker Faces Justice in U.S. for Major Frauds appeared first on Penetration Testing.

Penetration Testing 90

Penetration Testing 90

The Hacker News

JANUARY 12, 2024

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

Ransomware 89

Ransomware 89

Penetration Testing

JANUARY 12, 2024

The Beijing Office of Justice said it had found a way to bypass AirDrop’s encryption, allowing it to see the content and source of data transfers. The Beijing Municipal Bureau of Justice confirmed that... The post China Cracks Apple’s AirDrop Feature appeared first on Penetration Testing.

Penetration Testing 87

Penetration Testing Encryption 87

InfoWorld on Security

JANUARY 12, 2024

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the right direction. However, it’s rarely discussed as a path to enhanced security. The links to cloud security Effective cloud finops requires a strong understanding of cloud usage patterns.

Accountability 80

Accountability 80

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JANUARY 12, 2024

Under active exploitation since last year—but still no patch available. The post Ivanti VPN Zero-Day Combo Chained ‘by China’ appeared first on Security Boulevard.

VPN 82

VPN Data privacy Security Awareness Risk 82

The Hacker News

JANUARY 12, 2024

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

VPN 83

VPN Malware Authentication 83

Heimadal Security

JANUARY 12, 2024

Kevin Mitnick, once dubbed the World’s Most Famous Hacker said that “hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business.” As defenders, it’s our job to put them out of business or, at the very least, provide some good […] The post Google Workspace: Cybersecurity Friend or Foe?

Cybersecurity 72

Cybersecurity Hacking 72

The Hacker News

JANUARY 12, 2024

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address.

Passwords 80

Passwords Accountability 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.