Schneier on Security
JULY 26, 2023
Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.
Krebs on Security
JULY 26, 2023
The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov , the former founder and CEO of one of Russia’s largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JULY 26, 2023
Seattle, Wash., July 26, 2023 — Protect AI , the artificial intelligence (AI) and machine learning (ML) security company, today announced it has closed a $35M Series A round of funding. The round was led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures.
Tech Republic Security
JULY 26, 2023
Protect your company by learning maximum security practices in this bundle, while it's available at the best-on-web price of only $79.99.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
JULY 26, 2023
Wiz researchers discovered two Linux vulnerabilities in the Ubuntu kernel that can allow an unprivileged local user to gain elevated privileges. Wiz Research discovered two privilege escalation vulnerabilities, tracked as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module in the Linux distro Ubuntu. According to the researchers, the flaws impact 40% of the users of the popular Linux distribution.
The Hacker News
JULY 26, 2023
A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
JULY 26, 2023
Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. "This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.
Security Affairs
JULY 26, 2023
Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as CVE-2023-30799 (CVSS score: 9.1), that can be exploited in large-scale attacks to target over 500,000 RouterOS systems. “MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue.
Dark Reading
JULY 26, 2023
Hackers have three key pathways — the OS, apps, and malware — for leveraging the popular home fitness equipment as initial access for data compromise, ransomware, and more
Security Affairs
JULY 26, 2023
Swedish software firm Ortivus suffered a cyberattack that has resulted in at least two British ambulance services losing access to electronic patient records. Two British ambulance services were not able to access electronic patient records after a cyber attack that hit their software provider Ortivus. Ortivus was a Swedish software company specializing in providing solutions for the healthcare and medical industry.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
JULY 26, 2023
We will kill WEI: A thinly veiled attempt to track you and make more ad money. The post ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ appeared first on Security Boulevard.
Security Affairs
JULY 26, 2023
US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog.
The Hacker News
JULY 26, 2023
A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on.
Bleeping Computer
JULY 26, 2023
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. [.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JULY 26, 2023
After scammers duped a friend with a hacked Twitter account and a “deal” on a MacBook, I enlisted the help of a fellow threat researcher to trace the criminals’ offline identities.
Security Boulevard
JULY 26, 2023
Today’s disruptive environment has caused small and medium-sized businesses (SMBs) to face unprecedented technological hurdles. And thanks to limited resources and a lack of cybersecurity experts, many SMBs are finding themselves even more vulnerable to costly attacks. As MSPs and MSSPs offer a range of essential services, businesses can reduce risks and optimize operations even […] The post 3 Ways MSPs/MSSPs are Helping SMBs Do More with Less Around Email Security – Consolidation Without Compro
SecureWorld News
JULY 26, 2023
With organizations and practices of all sizes across the healthcare industry adopting more advanced systems , privacy can no longer be an afterthought. Instead, it must be a cornerstone embedded from the beginning. To help make the shift, we will examine the core principles of privacy by design, a preemptive and integrated strategy for safeguarding patient data from the earliest stages of healthcare system development and process design.
Security Boulevard
JULY 26, 2023
Introduction The defence sector, vital to national security, is increasingly becoming a hotspot for insider risks. With a diverse array of entities, from large contractors to SMEs, and an intricate supply chain, the sector is an attractive target for both internal and external actors. Insider risks in the defence sector have resulted in significant information […] Het bericht Insider Risk in the Defence Sector verscheen eerst op Signpost Six.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
JULY 26, 2023
The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed.
Heimadal Security
JULY 26, 2023
Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties. Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical. TETRA is used for communication by police, fire and ambulance services, transportation agencies, utilities, military and border control organizations, […] The post Terrestrial Trunked Radio System Vu
Bleeping Computer
JULY 26, 2023
Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. [.
Security Boulevard
JULY 26, 2023
Learn how to create, setup and enable DKIM Office 365 records for multiple domains on the Defender portal. The post How to Setup Microsoft Office 365 DKIM record? appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
JULY 26, 2023
The Norwegian National Security Authority (NSM) revealed that threat actors exploited the CVE-2023-35078 zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to target the Norwegian Government. According to the Norwegian authorities, the attack did not impact the Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, or the Ministry of Foreign Affairs.
Security Boulevard
JULY 26, 2023
Whether you are new to Linux or a seasoned Linux systems administrator, knowing the hardware and firmware on your systems is essential. Firmware that is out-of-date can pose security and operational risks. I advise you to keep up with firmware updates before you are impacted by an attacker with a shiny new exploit or some […] The post Linux Commands To Check The State Of Firmware appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
Heimadal Security
JULY 26, 2023
Researchers found a critical ‘Super Admin’ privilege elevation vulnerability that impacts MikroTik devices. Over 900,000 RouterOS routers are at risk and security specialists advise users to apply available patches immediately. CVE-2023-30799 enables remote and authenticated threat actors to escalate privileges from admin to super-admin on the Winbox or HTTP interface.
Security Boulevard
JULY 26, 2023
A Rezilion report argued most organizations are wasting their limited remediation resources on vulnerabilities that may never be exploited. The post Rezilion: Devs Wasting Time on Wrong Cybersecurity Vulnerabilities appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
JULY 26, 2023
Earlier this week, the Norwegian National Security Authority (NSM) disclosed that a series of attacks targeting government agencies exploited a previously unknown Zero-Day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) software, formerly known as MobileIron Core. The vulnerability, tracked as CVE-2023-35078, allowed attackers to bypass authentication and gain unauthorized remote access to EPMM servers.
Security Boulevard
JULY 26, 2023
The massive box office brought in by the “Barbie” movie during its opening weekend—$162 million—surprised even some Hollywood industry watchers despite the commercial hype in the weeks leading up to its release. What isn’t surprising are the online fraudsters who have latched onto the surefire summer blockbuster, with threat researchers from McAfee tracking a range.
SecureBlitz
JULY 26, 2023
In our digital-driven world, education has also adapted, embracing technology as a crucial learning tool. This adaptation has brought about a profound shift in education, moving from traditional chalk and board methods to technologically supported strategies. The writing app has emerged as a significant component of this shift, becoming an invaluable app for students to […] The post A Market-Leading Writing App That Will Help Every Student Stick To Their Study Plan and Excel in Writing Pro
Security Boulevard
JULY 26, 2023
LEESBURG, Va. – July 26, 2023 – Cofense, the leading provider of phishing detection and response (PDR) solutions, today announced the general availability of Cofense Protect+ MSP, a multi-tenant, advanced email security and protection solution that keeps organizations protected from today’s sophisticated email attacks Today’s managed service providers (MSPs) and managed security service providers (MSSPs) are […] The post Cofense Announces General Availability of Protect+ MSP appeared first on
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
246 
Let's personalize your content