Schneier on Security
AUGUST 20, 2024
This is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread.
Tech Republic Security
AUGUST 20, 2024
ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
AUGUST 20, 2024
The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.
Tech Republic Security
AUGUST 20, 2024
Perforce reveals that companies are struggling with increased sensitive data in non-production environments, leading to higher breach risks and compliance challenges.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
AUGUST 20, 2024
Cary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security , a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can lead to a financial crisis and laying o
We Live Security
AUGUST 20, 2024
ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
AUGUST 20, 2024
Blockchain analysis firm Chainalysis revealed that ransomware payments rose by approximately 2%, from $449.1 million to $459.8 million. Blockchain analysis firm Chainalysis revealed that while overall on-chain illicit activity has decreased by nearly 20% year-to-date, stolen funds and ransomware significantly increased. Stolen funds inflows almost doubled, rising from $857 million to $1.58 billion, and ransomware inflows grew by about 2%, from $449.1 million to $459.8 million.
Penetration Testing
AUGUST 20, 2024
Morphisec researchers have detailed a critical vulnerability in Microsoft Outlook, identified as CVE-2024-38021, which has the potential to allow remote attackers to execute arbitrary code on vulnerable systems. This flaw,... The post Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021) appeared first on Cybersecurity News.
Security Affairs
AUGUST 20, 2024
Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential issue in Oracle NetSuite SuiteCommerce platform could allow attackers to access customer sensitive data. NetSuite is a widely used SaaS Enterprise Resource Planning (ERP) platform, valued for its capability to deploy external-facing online stores through SuiteCommerce or SiteBuilder.
eSecurity Planet
AUGUST 20, 2024
A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks. This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
AUGUST 20, 2024
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024.
SecureWorld News
AUGUST 20, 2024
Cyberattacks on railway systems have increased by more than 200 percent in the last five years, with incidents increasing worldwide over the last decade. "We've seen a 220% increase in railway-associated cyberattacks over the last five years," said Col. Cedric Leighton , CNN Military Analyst; USAF (Ret.); Chairman, Cedric Leighton Associates, LLC. "In fact, over a 10-year period, we've seen cyber incidents impacting railway systems in countries as diverse as Belgium, France, Poland, the Czech Re
The Hacker News
AUGUST 20, 2024
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
Penetration Testing
AUGUST 20, 2024
Atlassian, a global leader in software development tools, has issued a security advisory for its Bamboo Data Center and Server products, highlighting a high-severity Remote Code Execution (RCE) vulnerability identified... The post CVE-2024-21689: RCE Vulnerability in Atlassian Bamboo Data Center and Server appeared first on Cybersecurity News.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
AUGUST 20, 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown.
Penetration Testing Lab
AUGUST 20, 2024
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials
Security Affairs
AUGUST 20, 2024
Experts spotted a previously undetected backdoor, dubbed Msupedge, that was employed in an attack against a university in Taiwan. Broadcom Symantec researchers discovered a previously undetected backdoor, called Msupedge, that was employed in an attack targeting an unnamed university in Taiwan. The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” reads the r
The Hacker News
AUGUST 20, 2024
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
AUGUST 20, 2024
Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported. The threat actor ZeroSevenGroup claims to have breached a U.S. branch of Toyota, stealing 240GB of files containing information on Toyota employees, customers, contracts, and financial details.
Security Boulevard
AUGUST 20, 2024
Perforce Software today published a survey of 250 IT professionals that finds the amount of sensitive data residing in non-production environments is rising as organizations embrace artificial intelligence (AI) and digital business transformation. The post Survey Surfaces Widespread Mishandling of Sensitive Data appeared first on Security Boulevard.
The Hacker News
AUGUST 20, 2024
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster.
Security Boulevard
AUGUST 20, 2024
McAfee today added a tool to detect deep fakes to its portfolio that will initially be made available on PCs from Lenovo that are optimized to run artificial intelligence (AI) applications. The post McAfee Unveils Tool to Identify Potential Deep Fakes appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
AUGUST 20, 2024
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho.
Penetration Testing
AUGUST 20, 2024
GitHub, the world’s leading software development platform, has recently disclosed multiple security vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories.... The post CVE-2024-6800 (CVSS 9.5): Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk appeared first on Cybersecurity News.
Malwarebytes
AUGUST 20, 2024
Texas Attorney General Ken Paxton has sued General Motors (GM) for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General (AG) announced he had opened an investigation into several car manufacturers over allegations that the companies had improperly collected mass amounts of data about drivers directly from the vehicles and then sold the information to third parties.
The Hacker News
AUGUST 20, 2024
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
AUGUST 20, 2024
This past week was Patch Tuesday: Microsoft released CVEs for 90 new vulnerabilities. But that wasn’t the vendor’s only contribution to our list — Entra ID, Microsoft’s cloud directory product, also had a recent snag. Additionally, I looked at Linux, SolarWinds, and Android vulnerabilities. Ivanti continues to have issues, this time with its Virtual Traffic Manager product.
GlobalSign
AUGUST 20, 2024
Kubernetes continues to be a staple of production pipelines in organizations, and security is a pressing concern. Learn how to use PKI to secure your pod-to-pod communications.
WIRED Threat Level
AUGUST 20, 2024
Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.
Penetration Testing
AUGUST 20, 2024
A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1. Spring... The post CVE-2024-38810: Spring Security Flaw Leaves Applications Open to Unauthorized Access appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
311 
Let's personalize your content