Sun.Jul 07, 2024

article thumbnail

Boom or Bust? Deciphering Mixed Messages on the Tech Job Market

Lohrman on Security

Why so many layoffs? Are technology jobs plentiful or lacking? With unemployment relatively low, why are many cyber pros and tech experts struggling to get an interview?

Marketing 124
article thumbnail

Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products

Penetration Testing

Cisco has issued a critical security advisory, warning users of a high-severity vulnerability (CVE-2024-6387) codenamed “regreSSHion” that affects the OpenSSH server component in various Cisco products and cloud services. This vulnerability could allow unauthorized... The post Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Europol says Home Routing mobile encryption feature aids criminals

Bleeping Computer

Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. [.

article thumbnail

Apache fixed a source code disclosure flaw in Apache HTTP Server

Security Affairs

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as CVE-2024-39884. “A regression in the core of Apache HTTP Serve

Hacking 125
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Shopify denies it was hacked, links stolen data to third-party app

Bleeping Computer

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. [.

article thumbnail

Alabama State Department of Education suffered a data breach following a blocked attack

Security Affairs

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped. Superintendent Eric Mackey, who disclosed the attack, said they are working to determine the exact scope of the data breach.

Education 115

More Trending

article thumbnail

How Chrome’s Third-Party Cookie Restrictions Affect User Authentication?

Security Boulevard

Google Chrome has planned to phase out third-party cookies, which will affect different website functionalities depending on third-party cookies. This blog focuses on how this phase-out affects identity and user authentication and discusses alternatives for overcoming challenges. The post How Chrome’s Third-Party Cookie Restrictions Affect User Authentication?

article thumbnail

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

The Hacker News

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors.

article thumbnail

Security Affairs Malware Newsletter – Round 1

Security Affairs

Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware. CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers I am Goot (Loader)

Malware 93
article thumbnail

Cybercriminals Escalate Attacks Exploiting Microsoft SmartScreen Flaw (CVE-2024-21412)

Penetration Testing

A concerning report from Cyble Research and Intelligence Labs (CRIL) has revealed a surge in cyberattacks exploiting the patched Microsoft Defender SmartScreen vulnerability (CVE-2024-21412). This flaw, initially leveraged in sophisticated campaigns by the DarkGate... The post Cybercriminals Escalate Attacks Exploiting Microsoft SmartScreen Flaw (CVE-2024-21412) appeared first on Cybersecurity News.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the maliciou

article thumbnail

The Top 10 AI Security Risks Every Business Should Know

Trend Micro

With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year.

Risk 80
article thumbnail

CVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance Cameras

Penetration Testing

Recently, Synology, a leading network-attached storage (NAS) and surveillance solution provider, has updated its security advisory to detail multiple vulnerabilities in its BC500 and TC500 camera models. These vulnerabilities, discovered during the PWN2OWN 2023... The post CVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance Cameras appeared first on Cybersecurity News.

article thumbnail

Applying Bloch’s Philosophy to Cyber Security

Security Boulevard

Ernst Bloch, a luminary in the realm of philosophy, introduced a compelling concept known as the “Not-Yet” — a philosophy that envisions the future as a realm of potential and possibility. Bloch’s ideas revolve around the belief that the world is inherently unfinished, and it is our collective responsibility to shape it into a better […] The post Applying Bloch’s Philosophy to Cyber Security appeared first on VERITI.

67
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

ABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and CVE-2024-6298

Penetration Testing

ABB, a global leader in electrification and automation technologies, has released a critical cybersecurity advisory concerning vulnerabilities in its ASPECT energy management systems. These vulnerabilities, identified as CVE-2024-6209 and CVE-2024-6298, pose a significant risk to... The post ABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and CVE-2024-6298 appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps

Security Boulevard

Authors/Presenters:Shuai Li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Mobile 62
article thumbnail

Kimsuky Group’s New Backdoor, HappyDoor, Raises Cybersecurity Concerns

Penetration Testing

The AhnLab Security Intelligence Center (ASEC) has issued a warning about a new backdoor malware called HappyDoor, linked to the Kimsuky group, a North Korean state-sponsored threat actor. HappyDoor is a sophisticated and continuously... The post Kimsuky Group’s New Backdoor, HappyDoor, Raises Cybersecurity Concerns appeared first on Cybersecurity News.

article thumbnail

Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices

Security Boulevard

In episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department’s new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues […] The post Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices appeared fi

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Helpful Tips for Navigating Legal Business Challenges

SecureBlitz

Here, I will show you helpful tips for navigating legal business challenges… Knowing how to control legal risks well can mean the difference between success and failure. Whether your company is new or well-established, knowing legal tactics well and out helps shield it from certain dangers. Protecting your company's interests requires following these crucial guidelines, […] The post Helpful Tips for Navigating Legal Business Challenges appeared first on SecureBlitz Cybersecurity.

Risk 55
article thumbnail

Continuous Threat Exposure Management for Google Cloud

Security Boulevard

On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names, home addresses, email addresses, phone numbers, and medical status details.

article thumbnail

Volcano Demon: New Ransomware Gang Targets Windows & Linux

Penetration Testing

Halcyon’s research team has identified a new ransomware group dubbed “Volcano Demon,” responsible for a series of recent attacks. The group’s ransomware, LukaLocker, encrypts files with the.nba extension and targets both Windows and... The post Volcano Demon: New Ransomware Gang Targets Windows & Linux appeared first on Cybersecurity News.

article thumbnail

An In-Depth Look at Crypto-Crime in 2023 Part 1

Trend Micro

Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Paperclip Maximizers, Artificial Intelligence and Natural Stupidity

Security Boulevard

Existential risk from AI Some believe an existential risk accompanies the development or emergence of artificial general intelligence (AGI). Quantifying the probability of this risk is a hard problem , to say nothing of calculating the probabilities of the many non-existential risks that may merely delay civilization's progress. AI systems as we have known them have been mostly application specific expert systems , programmed to parse inputs, apply some math, and return useful derivatives of the

article thumbnail

Pen testing cruise ships

Pen Test Partners

New build ships contracted for build from 1 st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex hotel systems and payment systems, mixed up with very involved OT and safety management systems.