Schneier on Security
JULY 11, 2024
Not a lot of details : Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April.
Troy Hunt
JULY 11, 2024
I get the frustration and anger those working at organisations that have been breached feel, and I've seen it firsthand in my communications with them on so many prior occasions. They're the victim of a criminal act and they're rightly outraged. However. thinking back to similar examples to The Heritage Foundation situation this week, I can't think of a single case where losing your mind and becoming abusive has ever worked out well.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 11, 2024
Train at your own pace for valuable IT certifications to start or further your IT career with courses for absolute novices to advanced cybersecurity modules.
The Hacker News
JULY 11, 2024
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
JULY 11, 2024
Exploiting the BlastRADIUS vulnerability leverages a man-in-the-middle attack on the RADIUS authentication process.
Security Affairs
JULY 11, 2024
Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intelligence Response Team (SIRT) warns that multiple threat actors are exploiting the PHP vulnerability C VE-2024-4577 to deliver multiple malware families, including Gh0st RAT , RedTail cryptominers, and XMRig. “Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we obser
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JULY 11, 2024
The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software. The U.S. FBI and Cyber National Mission Force, along with Dutch and Canadian intelligence and security agencies, warned social media companies about Russian state-sponsored actors using covert AI software, Meliorator, in disinformation campaigns.
The Hacker News
JULY 11, 2024
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk.
Bleeping Computer
JULY 11, 2024
Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [.
The Hacker News
JULY 11, 2024
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
SecureList
JULY 11, 2024
Introduction Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer.
Security Affairs
JULY 11, 2024
The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000 individuals exposing their personal information. In October 2023 the Play ransomware group hit Dallas County, Texas, and added the city to its Tor leak site claiming the theft of sensitive documents from multiple departments. Dallas refused to pay the ransom and the extortion group leaked the stolen documents in November 2023.
The Last Watchdog
JULY 11, 2024
Passwords have been the cornerstone of basic cybersecurity hygiene for decades. Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.
Security Affairs
JULY 11, 2024
A threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake and various open-source utilities. The Sysdig Threat Research Team (TRT) first spotted the threat actor CrystalRay on February 2024 and observed it using the SSH-Snake open-source software penetration testing tool. The experts collected new evidence that revealed that the threat actor expanded its operations.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
JULY 11, 2024
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers.
Security Affairs
JULY 11, 2024
Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale Resecurity (USA) identified a new campaign targeting India Post (Department of Posts, India) by the Smishing Triad, which reportedly started amplifying around July 8, 2024, based on multiple victim reports and the detection of new infrastructure set up in the days preceding.
Bleeping Computer
JULY 11, 2024
The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." [.
Security Boulevard
JULY 11, 2024
The Heritage Foundation, which authored a controversial policy roadmap called project2025, has been hacked. The group that hacked it, SiegedSec, has now disbanded. The post The Heritage Foundation Hacked, User Should Reset Passwords appeared first on Security Boulevard.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Penetration Testing
JULY 11, 2024
ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, affect various versions... The post ServiceNow Security Alert: Critical Vulnerabilities Expose Businesses to RCE and Data Breaches appeared first on Cybersecurity News.
Security Boulevard
JULY 11, 2024
The FTC found in a review of studies that more than three-quarters of websites and apps used dark patterns to deceptively manipulate consumers into buying products they didn't want or to hand over information. The post Most Websites and Apps Use Dark Patterns to Cheat Consumers: FTC appeared first on Security Boulevard.
Penetration Testing
JULY 11, 2024
A security vulnerability, identified as CVE-2024-39202, has been discovered in the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router, posing a significant risk to users. The vulnerability was reported to D-Link by third-party security researcher... The post CVE-2024-39202: RCE Flaw Found in D-Link DIR-823X Firmware, Patch in Development appeared first on Cybersecurity News.
Security Boulevard
JULY 11, 2024
Cloud security in 2024 is akin to playing a team sport – it requires clear communication and collaboration between technology vendors and customers. The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
JULY 11, 2024
Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. [.
Security Boulevard
JULY 11, 2024
A survey of 322 IT and security professionals finds nearly two-thirds (63%) have confidence in the effectiveness of their organization’s data security measures with another 30% uncertain despite the volume of breaches and ransomware attacks being regularly reported. The post Survey Finds Confidence in Data Security Despite Ransomware Scourge appeared first on Security Boulevard.
SecureWorld News
JULY 11, 2024
In a remarkable show of international cooperation, intelligence and cybersecurity agencies from eight countries have jointly accused China of orchestrating a series of cyberattacks on government networks. The United States, United Kingdom, Canada, Australia, New Zealand, Germany, Japan, and South Korea have pointed the finger at APT40, a hacking group believed to be sponsored by China's Ministry of State Security.
WIRED Threat Level
JULY 11, 2024
A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Heimadal Security
JULY 11, 2024
Over 16,400 global organizations are at risk due to a critical security flaw that could lead to the remote compromise of systems, an investigation by Heimdal has found. Tracked as CVE-2024-6387 and known as RegreSSHion, this vulnerability carries a CVSS score of 8.1, raising alarms within the cybersecurity community for its potential to enable remote […] The post Over 16,400 Private and State-Owned Businesses Exposed to RegreSSHion Vulnerability appeared first on Heimdal Security Blog.
WIRED Threat Level
JULY 11, 2024
The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.
SecureBlitz
JULY 11, 2024
This post will show you a guide on open enrollment for employees. Employees should take advantage of open enrollment to examine and modify their benefits. You may make more educated decisions regarding your retirement plans, healthcare, and other benefits by being aware of this process. To make sure you are ready, this tutorial covers five […] The post A Guide on Open Enrollment for Employees appeared first on SecureBlitz Cybersecurity.
Duo's Security Blog
JULY 11, 2024
Multi-factor authentication (MFA) has become a security staple, almost as ubiquitous in our daily lives as a morning cup of coffee. In the last year, more than 16 billion authentications have been handled by Duo. MFA is an important security tool to combat unauthorized account access. However, it is not foolproof. Traditional hardware-based MFA is high friction and imposes limitations that can be frustrating at best and increase risk surface at worst, such as through MFA fatigue and account reco
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
336 
Let's personalize your content