Schneier on Security
AUGUST 10, 2023
Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild.
Jane Frankland
AUGUST 10, 2023
The need for hiring cybersecurity professionals is ever growing. Yet, there remains a hiring problem. Often, when considering this, people immediately turn their attention to educators of Computer Science at schools, colleges, and universities. From analysing research, I believe they’re right to do so. In this blog I’ll be taking a closer look at higher education efforts, specifically for Computer Science at UK universities.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 10, 2023
As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.
Bleeping Computer
AUGUST 10, 2023
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 10, 2023
Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.
IT Security Guru
AUGUST 10, 2023
The Open Web Application Security Project (OWASP), a non-profit foundation devoted to web application security, recently released the 2023 OWASP API Security Top 10 list. The list aims to raise awareness about the most common API security risks plaguing organisations and how to defend against them. The 2023 list provides an update to the original list, published in 2019.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
AUGUST 10, 2023
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies.
WIRED Threat Level
AUGUST 10, 2023
In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off.
The Hacker News
AUGUST 10, 2023
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.
Heimadal Security
AUGUST 10, 2023
The ransomware operation known as Rhysida has rapidly gained notoriety, especially following a series of attacks on healthcare organizations. This surge has led to heightened vigilance from government agencies and cybersecurity firms, prompting them to closely monitor Rhysida’s activities. Growing Influence The spotlight on Rhysida intensified after the U.S.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 10, 2023
Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [.
The Hacker News
AUGUST 10, 2023
Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file.
Security Affairs
AUGUST 10, 2023
US CISA added zero-day vulnerability CVE-2023-38180 affecting.NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting.NET and Visual Studio to its Known Exploited Vulnerabilities Catalog.
SecureBlitz
AUGUST 10, 2023
Discover the features of next-generation firewalls in this 2023 guide. Understand how they contribute to stronger cybersecurity in the digital age. In 2023, the global average cost of a data breach due to cyber-attacks was USD 4.45 million. These numbers are expected to grow in the coming days. The growing cyber-attacks eventually stimulate the development […] The post What to Expect in Your Next-Gen Firewall: A 2023 Guide appeared first on SecureBlitz Cybersecurity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
AUGUST 10, 2023
The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to foster the development of innovative AI systems that can protect critical applications from cyber threats.
eSecurity Planet
AUGUST 10, 2023
Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. These feeds are often in a standard format like STIX/TAXII so they can be integrated with EDR , SIEM , firewalls , threat intelligence platforms , and other network security tools , offering an additional source of real-time or near-real-time threat information to monitor for indicator
Security Affairs
AUGUST 10, 2023
Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences.
Bleeping Computer
AUGUST 10, 2023
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
AUGUST 10, 2023
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor, named Whirlpool , that was employed in attacks targeting Barracuda ESG devices. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently by threat actors
The Hacker News
AUGUST 10, 2023
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective.
Bleeping Computer
AUGUST 10, 2023
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks. [.
The Hacker News
AUGUST 10, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting.NET and Visual Studio.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
AUGUST 10, 2023
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices. [.
The Hacker News
AUGUST 10, 2023
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users.
Heimadal Security
AUGUST 10, 2023
In a recent development, it has come to light that an APT group managed to infiltrate the city of Dallas’ digital infrastructure, gaining unauthorized access to sensitive personal data belonging to a minimum of 26,212 residents of Texas. The data compromised in this cyber incident encompassed a wide range of confidential information, including individuals’ names, […] The post The Aftermath: Dallas Ransomware Attack- 26K Residents Affected appeared first on Heimdal Security Blog
Graham Cluley
AUGUST 10, 2023
Earlier this week, the details of all 10,000 staff at the Police Service of Northern Ireland (PSNI) were exposed after a spreadsheet containing the data was mistakenly published online.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
AUGUST 10, 2023
Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.
Google Security
AUGUST 10, 2023
Posted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security Chrome 106 added support for enforcing key pins on Android by default, bringing Android to parity with Chrome on desktop platforms. But what is key pinning anyway? One of the reasons Chrome implements key pinning is the “ rule of two ”. This rule is part of Chrome’s holistic secure development process.
Dark Reading
AUGUST 10, 2023
The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.
The Hacker News
AUGUST 10, 2023
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
204 
Let's personalize your content