Schneier on Security
SEPTEMBER 12, 2024
Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).
Krebs on Security
SEPTEMBER 10, 2024
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 10, 2024
Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based public key infrastructure (PKI) and electronic identity (eID) solution.
Tech Republic Security
SEPTEMBER 12, 2024
Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
SEPTEMBER 9, 2024
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.
Malwarebytes
SEPTEMBER 12, 2024
Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 11, 2024
According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.
Schneier on Security
SEPTEMBER 11, 2024
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu
Penetration Testing
SEPTEMBER 9, 2024
The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.
Kali Linux
SEPTEMBER 10, 2024
With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
SEPTEMBER 12, 2024
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
Schneier on Security
SEPTEMBER 10, 2024
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.
Penetration Testing
SEPTEMBER 8, 2024
Security researcher published the technical details and a proof-of-concept (PoC) exploit for a patched elevation of privilege vulnerability in the Windows Telephony service tracked as CVE-2024-26230. This flaw, which has... The post PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 appeared first on Cybersecurity News.
The Hacker News
SEPTEMBER 7, 2024
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 12, 2024
Minor updates break clients 94% of the time, while version upgrades cause issues 95% of the time, according to Endor Labs researchers.
Schneier on Security
SEPTEMBER 13, 2024
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.
We Live Security
SEPTEMBER 10, 2024
ESET researchers examine the recent activities of the CosmicBeetle threat actor, documentingt its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.
Duo's Security Blog
SEPTEMBER 12, 2024
We are less than two months away, are you ready? Starting next month, Microsoft announced that they will begin rolling out mandatory multi-factor authentication (MFA) sign-in for Azure (also known as Microsoft Entra ID) resources. It is no secret that identity-based breaches are on the rise, so we applaud Microsoft by taking the first step towards better protecting Azure resources!
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
SEPTEMBER 10, 2024
Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024.
The Hacker News
SEPTEMBER 9, 2024
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr.
Malwarebytes
SEPTEMBER 12, 2024
We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub , the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple.
Security Affairs
SEPTEMBER 9, 2024
Payment gateway provider Slim CD disclosed a data breach, credit card and personal data of almost 1.7 million individuals were compromised. The electronic payment gateway Slim CD disclosed a data breach following a cyberattack. Personal data and credit card details of 1,693,000 individuals were compromised. Slim CD’s gateway system allows merchants to accept any kind of electronic payment with a single piece of software.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
SEPTEMBER 9, 2024
From phishing scams to ransomware attacks, discover what these threats look like and how you can protect yourself and your business.
The Hacker News
SEPTEMBER 10, 2024
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity.
Trend Micro
SEPTEMBER 8, 2024
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
Security Affairs
SEPTEMBER 11, 2024
Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 9, 2024
iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.
The Hacker News
SEPTEMBER 9, 2024
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.
Penetration Testing
SEPTEMBER 7, 2024
MindsDB, the widely-used open-source platform for building AI applications, has patched a severe security vulnerability that could allow attackers to bypass security measures and launch a variety of attacks. The... The post MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections appeared first on Cybersecurity News.
Security Affairs
SEPTEMBER 12, 2024
Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. Today, Fortinet told Cyber Daily that a threat actor gained unauthorized access to a third-party service it used. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
347 
Let's personalize your content