Schneier on Security
JANUARY 5, 2024
We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.
Bleeping Computer
JANUARY 5, 2024
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JANUARY 5, 2024
Insight #1 In light of 23andMe blaming victims for their data getting breached, I have two things to ask: Users, please stop reusing passwords. Providers, please start requiring multifactor authentication (MFA). The post Cybersecurity Insights with Contrast CISO David Lindner | 1/5/24 appeared first on Security Boulevard.
Bleeping Computer
JANUARY 5, 2024
The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 5, 2024
DevSecOps , a fusion of development, security , and operations, marks a paradigm shift in software development, seamlessly integrating security throughout the software development life cycle (SDLC). The post DevSecOps tools: A beginner’s guide appeared first on Security Boulevard.
Security Affairs
JANUARY 5, 2024
Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution that could lead to remote code execution (RCE) on vulnerable servers Ivanti has released security updates to address a critical vulnerability, tracked as CVE-2023-39336 (CVSS score 9.6), impacting its Endpoint Manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution (RCE) on vulnerable servers. “If exploited, an attacker with access to the internal network can leverage an
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 5, 2024
The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, an India-based software developer, has over half a million downloads on the Google Play store and mainly serves the Indian market.
Security Boulevard
JANUARY 5, 2024
vi via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé ! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – ## 273 — Ensemble Programming appeared first on Security Boulevard.
eSecurity Planet
JANUARY 5, 2024
A firewall policy is a set of rules and standards designed to control network traffic between an organization’s internal network and the internet. It aims to prevent unauthorized access, manage data movement, and guard against potential security threats. There are key components to consider, main types of firewall policies and firewall configurations to be aware of, and sample policies to review that offer valuable context in creating your own effective firewall policy.
Security Boulevard
JANUARY 5, 2024
$22 Million Wake-up Call to Improve SecurityA former Jacksonville Jaguars staff member is facing the possibility of a 30-year prison sentence after admitting guilt to financial crimes, including embezzling over $22 million from the NFL team.Amit Patel entered a guilty plea for felony charges of wire fraud and illegal monetary […] The post $22 Million Wake-up Call to Improve Security appeared first on SafePaaS.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
JANUARY 5, 2024
Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.
Bleeping Computer
JANUARY 5, 2024
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users. [.
SecureWorld News
JANUARY 5, 2024
Ransomware continues to pose an alarming threat to critical infrastructure, with the healthcare sector being particularly vulnerable to its devastating effects. This malicious software has the power to disrupt medical facilities and compromise patient care, making it a pressing issue that demands immediate attention. A recent report from Emsisoft sheds light on the impact of these attacks, highlighting that ransomware incidents are not just a financial burden but pose a tangible risk to human li
Penetration Testing
JANUARY 5, 2024
GTFONow Automatic privilege escalation on Unix systems by exploiting misconfigured setuid/setgid binaries, capabilities, and sudo permissions. Designed for CTFs but also applicable in real-world pentests. Features Automatically exploit misconfigured sudo permissions. Automatically exploit misconfigured... The post GTFONow: Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 5, 2024
The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. [.
Penetration Testing
JANUARY 5, 2024
In the intricate world of Android application development, tools like Apktool have been indispensable for developers and reverse engineers. Apktool, known for its ability to reverse engineer third-party, closed binary Android apps, has hit... The post CVE-2024-21633: The Critical Flaw in Apktool and How to Mitigate It appeared first on Penetration Testing.
Bleeping Computer
JANUARY 5, 2024
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. [.
Security Affairs
JANUARY 5, 2024
Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters. “This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” said Illia Vitiuk, head
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JANUARY 5, 2024
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. [.
Graham Cluley
JANUARY 5, 2024
Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project.
The Hacker News
JANUARY 5, 2024
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.
Heimadal Security
JANUARY 5, 2024
The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers. It exploits vulnerabilities during the handshake process, especially when using certain encryption modes, compromising the […] The post Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat app
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
JANUARY 5, 2024
What are some of the key cybersecurity trends that people and organizations should have on their radars this year?
Bleeping Computer
JANUARY 5, 2024
Aggressively pursuing flaws and problems is the most effective way to ensure networks and data are secure. This 10-course ethical hacking bundle shows you how for $39.99, $70 off the $110 MSRP. [.
Heimadal Security
JANUARY 5, 2024
I got to talk to DragoÈ™ RoÈ™ioru, a seasoned MXDR expert, about incident response best practices and challenges. Get an in-depth understanding of the do’s and don’ts in incident response as DragoÈ™ explains how to avoid the most common mistakes Security Officers make. While you’re at it, take a glimpse at DragoÈ™’s personal incident response best […] The post A Heimdal MXDR Expert on Incident Response Best Practices and Myth Busting appeared first on Heimdal Security
The Hacker News
JANUARY 5, 2024
The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
JANUARY 5, 2024
Among the myriad of threats, GuLoader and RedLine Stealer stand out for their sophisticated anti-analysis techniques. Unit 42 Incident Response team from Palo Alto Networks reveals the intriguing world of these malware families, unveiling... The post Unit 42’s Insight: The Sophisticated Evasion Tactics of GuLoader and RedLine Stealer appeared first on Penetration Testing.
Security Boulevard
JANUARY 5, 2024
Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges. The post SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks) appeared first on Security Boulevard.
The Hacker News
JANUARY 5, 2024
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic.
Security Boulevard
JANUARY 5, 2024
Mimecast has acquired Elevate Security to make it simpler to apply cybersecurity controls based on actual end-user behavior. The post Mimecast Acquires Elevate Security to Personalize Controls appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
245 
Let's personalize your content