Schneier on Security
AUGUST 10, 2023
Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild.
Tech Republic Security
AUGUST 10, 2023
As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
AUGUST 10, 2023
The need for hiring cybersecurity professionals is ever growing. Yet, there remains a hiring problem. Often, when considering this, people immediately turn their attention to educators of Computer Science at schools, colleges, and universities. From analysing research, I believe they’re right to do so. In this blog I’ll be taking a closer look at higher education efforts, specifically for Computer Science at UK universities.
Tech Republic Security
AUGUST 10, 2023
Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
eSecurity Planet
AUGUST 10, 2023
Cloud security posture management (CSPM) discovers and manages infrastructure and configuration risks across cloud environments. As most cloud security failures are due to customer error, CSPM’s ability to find and fix those errors has made it a critical cloud security tool. CSPM ensures cloud computing security and compliance by incorporating risk management capabilities to discover, analyze, and manage infrastructure and configuration risks across cloud environments and infrastructure.
Security Affairs
AUGUST 10, 2023
US CISA added zero-day vulnerability CVE-2023-38180 affecting.NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting.NET and Visual Studio to its Known Exploited Vulnerabilities Catalog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
AUGUST 10, 2023
The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to foster the development of innovative AI systems that can protect critical applications from cyber threats.
SecureList
AUGUST 10, 2023
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and previously researched campaigns (e.g., ExCone , DexCone ), including the use of FourteenHi variants, specific TTPs and the scope of the attack, we have medium to high confidence that a threat actor called APT3
Security Affairs
AUGUST 10, 2023
Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences.
The Hacker News
AUGUST 10, 2023
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
AUGUST 10, 2023
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor, named Whirlpool , that was employed in attacks targeting Barracuda ESG devices. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently by threat actors
SecureBlitz
AUGUST 10, 2023
Discover the features of next-generation firewalls in this 2023 guide. Understand how they contribute to stronger cybersecurity in the digital age. In 2023, the global average cost of a data breach due to cyber-attacks was USD 4.45 million. These numbers are expected to grow in the coming days. The growing cyber-attacks eventually stimulate the development […] The post What to Expect in Your Next-Gen Firewall: A 2023 Guide appeared first on SecureBlitz Cybersecurity.
The Hacker News
AUGUST 10, 2023
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.
SecureList
AUGUST 10, 2023
Recently we pushed a report to our customers about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, we found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nation’s critical infrastructure.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
AUGUST 10, 2023
In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off.
Cisco Security
AUGUST 10, 2023
The constant evolution of the digital world has not only presented an abundance of opportunities, but also raised an equal amount of security challenges, ransomware being one of the most sinister. In response to this growing threat, our team of Principal engineers at Cisco (including myself under the guidance of our project sponsors from Cisco’s Security Business Group and Cisco IT), embarked on a journey towards automating ransomware recovery not just for our own enterprise, but for everyone.
GlobalSign
AUGUST 10, 2023
From 1 September 2023, the new CA/B Forum Baseline Requirements come into effect, are you ready? Read on to learn more.
The Hacker News
AUGUST 10, 2023
Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Heimadal Security
AUGUST 10, 2023
In a recent development, it has come to light that an APT group managed to infiltrate the city of Dallas’ digital infrastructure, gaining unauthorized access to sensitive personal data belonging to a minimum of 26,212 residents of Texas. The data compromised in this cyber incident encompassed a wide range of confidential information, including individuals’ names, […] The post The Aftermath: Dallas Ransomware Attack- 26K Residents Affected appeared first on Heimdal Security Blog
The Hacker News
AUGUST 10, 2023
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective.
Security Affairs
AUGUST 10, 2023
Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country. The Federal Office for the Protection of the Constitution (BfV) is warning that an alleged nation-state actor targeted Iranian dissident organizations and individuals in the country. The intelligence agency attributes the attack to the Iran-linked APT group Charming Kitten (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team).
IT Security Guru
AUGUST 10, 2023
The Open Web Application Security Project (OWASP), a non-profit foundation devoted to web application security, recently released the 2023 OWASP API Security Top 10 list. The list aims to raise awareness about the most common API security risks plaguing organisations and how to defend against them. The 2023 list provides an update to the original list, published in 2019.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
AUGUST 10, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting.NET and Visual Studio.
Bleeping Computer
AUGUST 10, 2023
Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [.
The Hacker News
AUGUST 10, 2023
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users.
WIRED Threat Level
AUGUST 10, 2023
As the international tech giant moves toward Russian ownership, the leak raises concerns about the volume of data it has on its users.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
AUGUST 10, 2023
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password. [.
Heimadal Security
AUGUST 10, 2023
Exploit databases are relevant intelligence sources for security specialists that need to keep an eye on the latest exploits and vulnerabilities. They also offer a long-time perspective over the past years’ threat landscape. An improper patch management policy still leads to companies being exposed to totally avoidable threats. Lack of time, a low awareness level […] The post Top Exploit Databases to Use in Bolstering Cybersecurity Posture appeared first on Heimdal Security Blog.
PCI perspectives
AUGUST 10, 2023
PCI SSC Community Meetings bring together the brightest minds in payment security. Don’t miss your opportunity to collaborate and learn about the latest developments in global payment security and in the PCI Security Standards this year in: Portland, Oregon , Dublin, Ireland or Kuala Lumpur, Malaysia. The PCI SSC Community Meetings are open to all in the payments industry.
The Hacker News
AUGUST 10, 2023
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
242 
Let's personalize your content