Schneier on Security
JUNE 19, 2024
There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something. My options are limited because I’m just one person, and this website is free, ad-free, and anonymous.
The Last Watchdog
JUNE 19, 2024
The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JUNE 19, 2024
A WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.
Security Affairs
JUNE 19, 2024
Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Hacker News
JUNE 19, 2024
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
Security Affairs
JUNE 19, 2024
AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the chip maker told media outlets. “We are working closely with law enforcement officials and a third-party hosting partner to i
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JUNE 19, 2024
A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open.
Bleeping Computer
JUNE 19, 2024
Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [.
The Hacker News
JUNE 19, 2024
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
Security Affairs
JUNE 19, 2024
Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
JUNE 19, 2024
The constant vigilance required to protect against evolving threats, and the sheer volume of routine tasks that demand attention contribute significantly to burnout. The post Cybersecurity Worker Burnout Costing Businesses Big appeared first on Security Boulevard.
Jane Frankland
JUNE 19, 2024
As we emerge from an intense season of industry conferences like Infosec and RSA, I believe the cybersecurity community finds itself at a critical juncture. While hot topics like AI’s role in combating hacker threats has dominated discussions, an equally significant issue has remained— mental health and burnout. As an industry veteran, having spent over two decades in cybersecurity, I’ve been thinking a lot about the current state of the field—our relentless pursuit of productivity,
Security Boulevard
JUNE 19, 2024
The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure. The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.
WIRED Threat Level
JUNE 19, 2024
The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JUNE 19, 2024
The problems with passwords drive the interest to adopt newer authentication methods, like passkeys, a type of passwordless technology. The post Criminals are Easily Bypassing Passkeys – How Organizations Can Stay Safe appeared first on Security Boulevard.
The Hacker News
JUNE 19, 2024
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
Bleeping Computer
JUNE 19, 2024
Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [.
The Hacker News
JUNE 19, 2024
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
We Live Security
JUNE 19, 2024
Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat
Security Boulevard
JUNE 19, 2024
IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour. The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.
The Hacker News
JUNE 19, 2024
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
Bleeping Computer
JUNE 19, 2024
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JUNE 19, 2024
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.
Trend Micro
JUNE 19, 2024
Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.
The Hacker News
JUNE 19, 2024
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.
SecureWorld News
JUNE 19, 2024
On June 19, 1865, Union soldiers arrived in Galveston, Texas, to announce that the Civil War had ended and that all enslaved people were now free—more than two years after the Emancipation Proclamation was issued. This momentous occasion is celebrated as Juneteenth, commemorating the end of slavery in the United States. Juneteenth is a day to reflect on the immense struggle and perseverance of those who endured the inhumane institution of slavery.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
JUNE 19, 2024
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [.
SecureBlitz
JUNE 19, 2024
This post will show you the best DNS, IP, and WebRTC leak test sites. Also, how to overcome the leaks. DNS, IP, and WebRTC leaks happen every day when we browse the internet; because we use local ISPs, we are bound to have these leaks. DNS leak is a problem that keeps your privacy on […] The post Best DNS, IP, and WebRTC Leaks Test Sites appeared first on SecureBlitz Cybersecurity.
Bleeping Computer
JUNE 19, 2024
Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [.
Identity IQ
JUNE 19, 2024
IDIQ Releases Report on Top Consumer Credit Concerns as Shared by Mortgage, Real Estate, Lending Partners and Consumers IdentityIQ – Survey Finds Top Consumer Credit Concern is Not Knowing How to Effectively Strengthen Their Credit Profile – TEMECULA, Calif. – June 20, 2024 – IDIQ ®, a financial intelligence company that empowers consumers to take everyday action to control their financial well-being, today released a report detailing consumer credit concerns voiced by mortgage, real estate, len
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
311 
Let's personalize your content