Schneier on Security

JULY 1, 2024

If you’ve been reading my blog, you’ve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that we’re writing a book on the topic. This isn’t a book about deep fakes, or misinformation. This is a book about what happens when AI writes laws, adjudicates disputes, audits bureaucratic actions, assists in political strategy, and advises citizens on what candidates and issues to support.

Artificial Intelligence 315

Artificial Intelligence Government Technology 315

The Last Watchdog

JULY 1, 2024

The coalescing of the next-gen security platforms that will carry us forward continues. Related: Jump starting vulnerability management Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

Manufacturing 278

Manufacturing Risk Internet Internet 278

Schneier on Security

JULY 1, 2024

A new paper , “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

292

292

Tech Republic Security

JULY 1, 2024

Security analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.

Software 212

Software 212

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Penetration Testing

JULY 1, 2024

The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)... The post CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JULY 1, 2024

Is Surfshark better than AVG? Is AVG Secure VPN worth it? Find out which VPN is better with our guide.

VPN 186

VPN 186

Malwarebytes

JULY 1, 2024

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.

Wireless 143

Wireless Cybercrime Media Encryption 143

The Hacker News

JULY 1, 2024

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.

Malware 144

Malware Authentication Software 144

Security Affairs

JULY 1, 2024

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the release of version 9.8 on July 01, 2024. “A critical vulnerability in sshd(8) was present

Internet 140

Internet Internet Risk Hacking 140

The Hacker News

JULY 1, 2024

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

Scams 144

Scams 144

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

We Live Security

JULY 1, 2024

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Scams 137

Scams Hacking Malware 137

The Hacker News

JULY 1, 2024

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024.

Software 141

Software Malware Hacking Cybersecurity 141

Security Affairs

JULY 1, 2024

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critical vulnerability CVE-2024-0769 (CVSS score 9.8) impacting all D-Link DIR-859 WiFi routers. The vulnerability is a path traversal issue that can lead to information disclosure.

Passwords 135

Passwords Accountability Authentication Internet 135

Bleeping Computer

JULY 1, 2024

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.

135

135

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

JULY 1, 2024

SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer. The post ‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk appeared first on Security Boulevard.

Risk 135

Risk Hacking Social Engineering Authentication 135

Bleeping Computer

JULY 1, 2024

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. [.

Malware 133

Malware 133

The Hacker News

JULY 1, 2024

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest.

Spyware 133

Spyware Social Engineering Mobile Engineering 133

Security Affairs

JULY 1, 2024

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. Juniper Networks has released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-2973 (CVSS score of 10.0), that could lead to an authentication bypass in some of its routers.

Authentication 130

Authentication Firewall Hacking 130

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Malwarebytes

JULY 1, 2024

This week on the Lock and Code podcast … More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans’ phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after terrorists attacked the United States on September 11, 2001, Congress responded with the passage of The USA Patriot Act.

Surveillance 127

Surveillance Government Big data Cybersecurity 127

Security Boulevard

JULY 1, 2024

Digital nomads go where the wind takes them around the globe, often working from coffee shops, co-working locations or public libraries. They rely on connecting to their work life via their mobile hotspot or public wi-fi connections. The post Remote Rigor: Safeguarding Data in the Age of Digital Nomads appeared first on Security Boulevard.

Mobile 126

Mobile Security Awareness Risk Government 126

The Hacker News

JULY 1, 2024

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year.

124

124

Security Boulevard

JULY 1, 2024

While AI helps automatically detect and respond to rapidly evolving threats, XAI helps security professionals understand how these decisions are being made. The post What is the Role of Explainable AI (XAI) In Security? appeared first on Security Boulevard.

Security Awareness 121

Security Awareness Cybersecurity 121

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

JULY 1, 2024

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. [.

Data breaches 117

Data breaches Financial Services 117

Security Boulevard

JULY 1, 2024

As employers scramble to find or train security talent, organizations that ignore the inclusive approach may weaken their competitive posture in the battle for talent and overall security. The post Cybersecurity Workforce Sustainability has a Problem. DEI Could be the Solution. appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity CISO 119

The Hacker News

JULY 1, 2024

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act (DMA).

Advertising 116

Advertising Media Marketing 116

Security Boulevard

JULY 1, 2024

The Cyber Trust Mark is a labeling initiative for consumer IoT devices in the United States that builds on work undertaken by the FCC and NIST, establishing data privacy and cybersecurity standards for connected devices. The post Cyber Trust Mark: The Impacts and Incentives of Early Adoption appeared first on Security Boulevard.

Data privacy 119

Data privacy IoT Cybersecurity Security Awareness 119

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

GlobalSign

JULY 1, 2024

Avoid disruptions to your business by switching to GlobalSign, and ensure that your certificates are publicly trusted by all major browsers.

111

111

SecureWorld News

JULY 1, 2024

We are midway through 2024, and data privacy continues to dominate headlines and strategic business decisions across industries. Seventeen data privacy laws have been adopted across the U.S., and legislatures are continuing to consider, debate, and adopt new laws every month. On July 1st, three new state privacy laws go into effect: (1) Texas ; (2) Oregon ; and (3) Florida.

Data privacy 108

Data privacy Small Business Data collection Government 108

Bleeping Computer

JULY 1, 2024

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. [.

106

106

WIRED Threat Level

JULY 1, 2024

While Kaspersky and TikTok make very different kinds of software, the US has targeted both over national security concerns. But the looming bans have larger implications for internet freedom.

Internet 103

Internet Internet Software Hacking 103

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!