Sat.Sep 07, 2024 - Fri.Sep 13, 2024

article thumbnail

Microsoft Is Adding New Cryptography Algorithms

Schneier on Security

Microsoft is updating SymCrypt , its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article : The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Firmware 318
article thumbnail

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Cloud Strengthens Backup Service With Untouchable Vaults

Tech Republic Security

The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.

Backups 149
article thumbnail

Facebook scrapes photos of kids from Australian user profiles to train its AI

Malwarebytes

Facebook has admitted that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models. Unlike citizens of the European Union (EU), Australians are not offered an opt-out option to refuse consent. At an inquiry as to whether the social media giant was hoovering up the data of all Australians in order to build its generative artificial intelligence tools, senator Tony Sheldon asked whether Meta (Facebook’s owner) had used Australian

Media 145
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies.

article thumbnail

Bug Left Some Windows PCs Dangerously Unpatched

Krebs on Security

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

More Trending

article thumbnail

Kali Linux 2024.3 Release (Multiple transitions)

Kali Linux

With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.

Firmware 145
article thumbnail

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

Schneier on Security

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

article thumbnail

FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

Penetration Testing

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score of... The post FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10) appeared first on Cybersecurity News.

article thumbnail

Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps

Tech Republic Security

According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Proofpoint Adds Ability to Dynamically Apply Granular Security Controls

Security Boulevard

Proofpoint this week at its Protect conference launched a series of efforts through which it plans to provide cybersecurity teams with more granular controls in real-time, over what applications and services are accessed by end users. The post Proofpoint Adds Ability to Dynamically Apply Granular Security Controls appeared first on Security Boulevard.

article thumbnail

New Chrome Zero-Day

Schneier on Security

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.

article thumbnail

PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230

Penetration Testing

Security researcher published the technical details and a proof-of-concept (PoC) exploit for a patched elevation of privilege vulnerability in the Windows Telephony service tracked as CVE-2024-26230. This flaw, which has... The post PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 appeared first on Cybersecurity News.

article thumbnail

Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities

Tech Republic Security

A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmond’s monthly patch batch.

Software 138
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Earth Preta Evolves its Attacks with New Malware and Strategies

Trend Micro

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Malware 134
article thumbnail

My TedXBillings Talk

Schneier on Security

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is [link]. Please share.

article thumbnail

Cybersecurity Alert: Python Libraries Exploited for Malicious Intent

Penetration Testing

A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing... The post Cybersecurity Alert: Python Libraries Exploited for Malicious Intent appeared first on Cybersecurity News.

article thumbnail

Surfshark vs NordVPN (2024): Which VPN Should You Choose?

Tech Republic Security

Compare Surfshark and NordVPN to determine which one is better. Explore their features, performance and pricing to make an informed decision.

VPN 142
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth

Security Boulevard

In today's digital age, cybersecurity compliance is no longer just a legal necessity or a defensive measure; it has become a catalyst for innovation and growth. The post Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth appeared first on Security Boulevard.

article thumbnail

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

Trend Micro

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

129
129
article thumbnail

MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections

Penetration Testing

MindsDB, the widely-used open-source platform for building AI applications, has patched a severe security vulnerability that could allow attackers to bypass security measures and launch a variety of attacks. The... The post MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections appeared first on Cybersecurity News.

DNS 132
article thumbnail

CosmicBeetle steps up: Probation period at RansomHub

We Live Security

ESET researchers examine the recent activities of the CosmicBeetle threat actor, documentingt its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Espionage Alert: Google Sheets Exploit For Malware Control

Security Boulevard

A Google Sheets exploit has recently been discovered by cybersecurity experts Proofpoint. As per the initial information, the platform is being leveraged as a command-and-control (C2) mechanism. In this article, we’ll look at what the Google Sheets exploit is about, which sectors are being targeted, and more. Let’s begin! Google Sheets Exploit: Initial Discovery The […] The post Espionage Alert: Google Sheets Exploit For Malware Control appeared first on TuxCare.

Malware 128
article thumbnail

Is Apple’s iCloud Keychain Safe to Use in 2024?

Tech Republic Security

iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.

article thumbnail

Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade

Penetration Testing

Once Lost Mode is activated on an Apple device, it is incredibly difficult to disable unless done by the original owner or with the correct password. Without deactivating Lost Mode,... The post Say Goodbye to Stolen iPhone Parts: Activation Lock Gets an Upgrade appeared first on Cybersecurity News.

Passwords 123
article thumbnail

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks

Security Boulevard

SpecterOps has added the ability to track attack paths across instances of Microsoft Azure Directory (AD) running in both on-premises and on the Microsoft Azure cloud service. The post SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks appeared first on Security Boulevard.

article thumbnail

Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security

Tech Republic Security

Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024.

Software 137
article thumbnail

CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

Penetration Testing

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit... The post CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw appeared first on Cybersecurity News.

Software 121
article thumbnail

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install third-party software secretly.

Malware 121
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.