Schneier on Security

JUNE 14, 2024

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Encryption 327

Encryption 327

Tech Republic Security

JUNE 14, 2024

From saving on flights and hotels to protecting your data when working online, these tips could save you money in the long run.

VPN 187

VPN Mobile Network Security 187

Schneier on Security

JUNE 14, 2024

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

315

315

Tech Republic Security

JUNE 14, 2024

An upcoming blog post for members of the Windows Insider Program will explain how to get the AI-powered Recall feature.

Artificial Intelligence 187

Artificial Intelligence Software 187

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Penetration Testing

JUNE 14, 2024

Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub. The vulnerability could allow attackers to gain SYSTEM privileges,... The post CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

The Hacker News

JUNE 14, 2024

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors.

Manufacturing 137

Manufacturing Authentication 137

The Hacker News

JUNE 14, 2024

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users.

Advertising 133

Advertising 133

Security Affairs

JUNE 14, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerabi

Firmware 131

Firmware Authentication Hacking Risk 131

The Hacker News

JUNE 14, 2024

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.

Data breaches 131

Data breaches Cyber threats Risk 131

Security Boulevard

JUNE 14, 2024

PTaaS involves outsourcing penetration testing activities to a trusted third-party service provider, saving busy internal teams valuable time and offering an objective outsider’s perspective of their systems. The post Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit appeared first on Security Boulevard.

Penetration Testing 130

Penetration Testing Cybersecurity Security Awareness 130

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

JUNE 14, 2024

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and any organizations that do business with them must comply with the Digital Operation Resilience Act, also known as DORA. This regulation from the European Union (EU) is intended to both strengthen IT security and enhance the digital resilience of the European financial market.

Insurance 125

Insurance Technology Risk Information Security 125

Security Boulevard

JUNE 14, 2024

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink. The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

Digital transformation 128

Digital transformation Artificial Intelligence Social Engineering Data privacy 128

Bleeping Computer

JUNE 14, 2024

A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. [.

120

120

The Hacker News

JUNE 14, 2024

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI.

120

120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

JUNE 14, 2024

Companies are achieving revenue growth by addressing the needs of mid-market enterprises, offering tailored solutions that provide high value at a competitive price point. The post SASE Market Growth Continues, Led by Cisco, Zscaler appeared first on Security Boulevard.

Marketing 119

Marketing Cybersecurity 119

SecureWorld News

JUNE 14, 2024

The fourth annual SecureWorld Eastern virtual conference provided a glimpse into the rapidly evolving cyber threat landscape facing nations, businesses, and the very integrity of democratic elections worldwide. As cyberattacks and malicious campaigns grow increasingly sophisticated and pervasive, the event underscored the urgent need for robust defensive strategies across both the public and private sectors.

Cyber threats 119

Cyber threats Backups Risk Government 119

Malwarebytes

JUNE 14, 2024

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets, it is in the top 10 of US banks. In 2020, Truist provided financial services to about 12 million consumer households.

Data breaches 118

Data breaches Banking Passwords Phishing 118

Bleeping Computer

JUNE 14, 2024

NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. [.

Ransomware 116

Ransomware Healthcare 116

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

JUNE 14, 2024

In today's rapidly evolving digital landscape, the importance of data security cannot be overstated. Organisations across the globe are increasingly seeking robust solutions to protect their sensitive information from cyber threats. Among the leaders in providing such solutions is comforte AG, a company renowned for its expertise in data-centric security.

Cyber threats 115

Cyber threats 115

Bleeping Computer

JUNE 14, 2024

Microsoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. [.

116

116

SecureBlitz

JUNE 14, 2024

In this post, we will show you the Kaspersky Antivirus review. In an age where our digital lives are constantly under threat, antivirus software has become an essential tool for protecting our devices and personal information. Among the myriad of options available, Kaspersky Antivirus has consistently stood out for its robust security features and user-friendly […] The post Honest Kaspersky Antivirus Review appeared first on SecureBlitz Cybersecurity.

Antivirus 111

Antivirus Software Cybersecurity 111

Bleeping Computer

JUNE 14, 2024

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [.

Passwords 113

Passwords Password Management Software 113

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

We Live Security

JUNE 14, 2024

The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023

107

107

Bleeping Computer

JUNE 14, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. [.

Ransomware 106

Ransomware Cybersecurity 106

Heimadal Security

JUNE 14, 2024

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least one attack personally. The Dutch police, who responded to a ransomware attack and subsequent data […] The post Crypter Specialist Involved in the Conti and LockBit Attack Arrested appeared first on Heimdal Security Blog.

Antivirus 104

Antivirus Ransomware Malware Software 104

Bleeping Computer

JUNE 14, 2024

PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. [.

Data breaches 94

Data breaches Ransomware Manufacturing 94

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

JUNE 14, 2024

In the last decade, cybersecurity has come a long way. Once upon a time, keeping your IT environment secure largely required passwords, firewalls, and antivirus. In the days since, the move to cloud technology has thrown up a whole range of advanced tools and defenses to protect organizations that have employees and data distributed around […] The post The Top 7 Unified Endpoint Management Tools in 2024 appeared first on Heimdal Security Blog.

Antivirus 96

Antivirus Firewall Passwords Technology 96

Bleeping Computer

JUNE 14, 2024

The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. [.

Software 91

Software 91

Security Boulevard

JUNE 14, 2024

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same. The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Scams 83

Scams Security Awareness Phishing Mobile 83

Bleeping Computer

JUNE 14, 2024

American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. [.

Insurance 80

Insurance Financial Services 80

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!