Schneier on Security
AUGUST 14, 2024
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
Tech Republic Security
AUGUST 14, 2024
Cybersecurity professionals are experiencing high levels of stress, which can have both business and personal implications. Here’s how they can improve their mental health.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 14, 2024
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.
Tech Republic Security
AUGUST 14, 2024
Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
WIRED Threat Level
AUGUST 14, 2024
Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.
Tech Republic Security
AUGUST 14, 2024
CBA's x15ventures is transforming fintech AI with its Xccelerate program, boosting innovation and setting new industry benchmarks in AI technology.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
AUGUST 14, 2024
See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste. The post August Patch Pileup: Microsoft’s Zero-Day Doozy Dump appeared first on Security Boulevard.
Security Affairs
AUGUST 14, 2024
Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.
Security Boulevard
AUGUST 14, 2024
By pushing past the hurdles that can make threat modeling challenging, business leaders can take full advantage of threat models to give their organizations a leg up in the battle against cyberattacks. The post Putting Threat Modeling Into Practice: A Guide for Business Leaders appeared first on Security Boulevard.
Penetration Testing
AUGUST 14, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities, which could allow attackers to execute... The post CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available appeared first on Cybersecurity News.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Boulevard
AUGUST 14, 2024
As data protection laws take hold across the world and the consequences of data loss become more severe, let’s take a closer look at the transformative potential that LLMs bring to the table. The post How LLMs are Revolutionizing Data Loss Prevention appeared first on Security Boulevard.
Security Affairs
AUGUST 14, 2024
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.
Security Boulevard
AUGUST 14, 2024
DigiCert today announced it is acquiring Vercara, a provider of Domain Name System (DNS) and distributed denial-of-service (DDoS) security services delivered via the cloud. The post DigiCert Acquires Vercara to Extend Cybersecurity Services appeared first on Security Boulevard.
Security Affairs
AUGUST 14, 2024
Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak of their personal information by the ThreeAM (3AM) ransomware gang. Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center that provides a wide range of medical services, including emergency care, surgical services, cancer care, and specialized
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
AUGUST 14, 2024
A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S.
Graham Cluley
AUGUST 14, 2024
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
The Hacker News
AUGUST 14, 2024
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments.
Security Boulevard
AUGUST 14, 2024
Rather than rely only on GitOps, teams should first implement AI and analytics capabilities to reduce human configuration security errors. The post Will GitOps Solve Configuration Security Issues? appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
AUGUST 14, 2024
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.
SecureWorld News
AUGUST 14, 2024
The U.S. National Institute of Standards and Technology (NIST) announced the finalization of three post-quantum cryptography standards, marking a significant milestone in the effort to secure digital communications against the looming threat of quantum computing. The new standards , developed over an eight-year period, are designed to withstand attacks from future quantum computers, which could potentially break current encryption methods within a decade.
The Hacker News
AUGUST 14, 2024
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC.
Penetration Testing
AUGUST 14, 2024
In the intricate world of web technologies, a profound understanding of a website or host extends far beyond surface-level interactions. It involves delving into the underlying infrastructure, security protocols, and... The post Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment appeared first on Cybersecurity News.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
AUGUST 14, 2024
China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. Trend Micro researchers observed the APT targeting countries like Italy, Germany, UAE, and Qatar, and the group is suspected to have targeted also entities in Georgia and Romania.
Penetration Testing
AUGUST 14, 2024
In a recent August Patch Tuesday, Microsoft urgently addressed a critical security vulnerability within the Windows TCP/IP stack, identified as CVE-2024-38063. With a CVSS score of 9.8, this flaw has... The post Windows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit Details Due to High Risk appeared first on Cybersecurity News.
Tech Republic Security
AUGUST 14, 2024
As financial technology offers advancements and innovations, it also brings along new risks for financial crimes. Recognizing terms and ideas related to financial crime can help businesses enforce safeguards, identify suspicious activities and prevent financial losses caused by tech-related crimes. Maria Carrisa Sanchez, writing for TechRepublic Premium, presents this glossary of terms and concepts to.
Penetration Testing
AUGUST 14, 2024
A high-severity vulnerability (CVE-2024-39091, CVSS 8.8) has been discovered in the MIPC camera framework, a widely-used software platform for home security cameras. This vulnerability could allow attackers to gain complete... The post CVE-2024-39091: Critical Vulnerability in MIPC Camera Framework Puts Millions at Risk appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
AUGUST 14, 2024
Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His Royal Highness Prince William to reach an estimated 890,000 people via Meta's social media platforms.
Penetration Testing
AUGUST 14, 2024
A recently uncovered vulnerability in GitHub Actions artifacts has the potential to compromise high-profile open-source projects and expose sensitive credentials, including GitHub tokens and third-party cloud service keys. Dubbed “ArtiPACKED”... The post ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials appeared first on Cybersecurity News.
Malwarebytes
AUGUST 14, 2024
In what may come as a surprise to nobody at all, there’s been yet another complaint about using social media data to train Artificial Intelligence (AI). This time the complaint is against X (formerly Twitter) and Grok, the conversational AI chatbot developed by Elon Musk’s company xAI. Grok is a large language model (LLM) chatbot able to generate text and engage in conversations with users.
Penetration Testing
AUGUST 14, 2024
At DEF CON 32, a new tool named Shwmae was introduced, capable of bypassing the security of Windows Hello—a biometric authentication system developed by Microsoft. Shwmae is designed for use... The post Bypassing Windows Hello: Shwmae Tool Debuts at DEF CON 32 appeared first on Cybersecurity News.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Expert insights. Personalized for you.
245 
Let's personalize your content