Schneier on Security
DECEMBER 16, 2024
Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.
The Last Watchdog
DECEMBER 16, 2024
Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 16, 2024
Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi.
Centraleyes
DECEMBER 16, 2024
As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. To keep up, organizations must stay ahead of these developments. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. For cybersecurity leaders and organizations, staying ahead of cybersecurity industry trends is crucial for safeguarding assets and maintaining trust.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
DECEMBER 16, 2024
ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.
Javvad Malik
DECEMBER 16, 2024
The days are shorter, the heating is turned on more frequently, and the final big conference week of the year for me ends with Blackhat Europe and BSides London. Blackhat was held at the ExCeL and featured all the usual suspects. I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Webroot
DECEMBER 16, 2024
The managed service provider (MSP) industry is booming with opportunities. At the same time, MSPs face the challenge of balancing customer satisfaction with profitability, making strategic decisions more important than ever. For 35% of MSPs, building cyber resiliency for customers is a top strategic priority, but that goal often runs up against resource constraints and rising operational costs.
Security Boulevard
DECEMBER 16, 2024
IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePros communication protocol, we named this new malware family RiseLoader.
Penetration Testing
DECEMBER 16, 2024
A serious security flaw has been discovered in Laravel Pulse, a popular real-time application performance monitoring and dashboard tool for Laravel applications. Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 16, 2024
SASE offers a comprehensive and scalable security solution that protects your data, safeguards your customers and empowers you to thrive in the digital age. The post Shielding Your Storefront: How SASE Protects Retailers in a Digital Age appeared first on Security Boulevard.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
DECEMBER 16, 2024
Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more 4.8 million healthcare records left freely accessible Malicious ad distributes SocGholish malware to Kaiser Permanente employees Last week on T
Hacker's King
DECEMBER 16, 2024
In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. These attacks are becoming more sophisticated, targeted, and damaging, threatening data privacy, financial stability, and national security. Understanding the recent trends, tactics, and effective countermeasures is crucial for anyone concerned about cybersecurity.
Tech Republic Security
DECEMBER 16, 2024
Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.
Penetration Testing
DECEMBER 16, 2024
Unit 42 has uncovered HeartCrypt, a Packer-as-a-Service (PaaS) designed to protect malware from detection. Since its launch in February 2024, HeartCrypt has rapidly become a popular choice among cybercriminals, packing... The post HeartCrypt: A Packer-as-a-Service Fueling Malware Campaigns appeared first on Cybersecurity News.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
DECEMBER 16, 2024
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.
Penetration Testing
DECEMBER 16, 2024
A critical XML External Entity (XXE) Injection vulnerability, identified as CVE-2024-55875, has been discovered in the http4k toolkit, a lightweight HTTP framework written in Kotlin. With a CVSS score of... The post CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit appeared first on Cybersecurity News.
The Hacker News
DECEMBER 16, 2024
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss.
Penetration Testing
DECEMBER 16, 2024
Elastic Security Labs has revealed a significant evolution in malware development with the discovery of GOSAR, a Golang-based rewrite of the widely recognized QUASAR Remote Access Trojan (RAT). This newly... The post SADBRIDGE Loader Unveils GOSAR Backdoor in Cyber Attacks appeared first on Cybersecurity News.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Trend Micro
DECEMBER 16, 2024
APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors.
The Hacker News
DECEMBER 16, 2024
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.
WIRED Threat Level
DECEMBER 16, 2024
Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.
Cisco Security
DECEMBER 16, 2024
U.S. government regulation has an impact on PQC availability, with different certified encryption methods being required for products handling government info.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Thales Cloud Protection & Licensing
DECEMBER 16, 2024
Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 - 08:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary focus of organizations throughout 2025.
The Hacker News
DECEMBER 16, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.
Security Boulevard
DECEMBER 16, 2024
There are concerns around the future adaptability and efficacy of regulatory frameworks, particularly among the developer community. The post Why We Should Insist on Future-Proofing Cybersecurity Regulatory Frameworks appeared first on Security Boulevard.
The Hacker News
DECEMBER 16, 2024
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
We Live Security
DECEMBER 16, 2024
The H2 202 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to November 2024.
The Hacker News
DECEMBER 16, 2024
With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified.
Security Boulevard
DECEMBER 16, 2024
As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. To keep up, organizations must stay ahead of these developments. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. For cybersecurity leaders and organizations, staying ahead of cybersecurity industry trends [] The post Top Cybersecurity Trends to Watch Out For in 2025 appeared first on Centraleyes.
The Hacker News
DECEMBER 16, 2024
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
324 
Let's personalize your content