Schneier on Security
SEPTEMBER 3, 2024
The NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.
Krebs on Security
SEPTEMBER 2, 2024
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
AUGUST 31, 2024
I still find the reactions to the Telegram situation with Durov's arrest odd. There are no doubt all sorts of politics surrounding it, but even putting all that aside for a moment, the assertion that a platform provider should not be held accountable for moderating content on the platform is just nuts. As I say in this week's video, there's lots of content that you can put in the "grey" bucket (free speech versus hate speech, for example) and there are valid arguments to b
Lohrman on Security
SEPTEMBER 1, 2024
We are one month away from the start of the annual Cybersecurity Awareness Month in October. Here are resources, themes, toolkits and much more to help your organization prepare.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
SEPTEMBER 2, 2024
Interesting vulnerability : …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline.
Tech Republic Security
SEPTEMBER 5, 2024
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Joseph Steinberg
SEPTEMBER 5, 2024
Over the summer, criminals released a video of Gaston Reinesch, governor of the Central Bank of Luxembourg, and Mariette Zenners, a journalist with RTL television, in which the two are shown discussing a new “important project” of the aforementioned European nation’s central bank – a project that is designed to enable people to earn $7,000 or more per week, even if the folks participating in the project do not have any significant knowledge of investments or other areas of finance.
Schneier on Security
SEPTEMBER 6, 2024
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack , requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis.
Tech Republic Security
SEPTEMBER 4, 2024
Read more about an attack campaign led by Iran-based cyberespionage threat actor Fox Kitten, and learn how to protect your company from this threat.
Penetration Testing
SEPTEMBER 2, 2024
A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. With a CVSS score of 8.2, this flaw exposes critical UEFI security mechanisms to compromise, making systems vulnerable... The post CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk appeared first on Cybersecurity News.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Trend Micro
SEPTEMBER 5, 2024
Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.
Schneier on Security
SEPTEMBER 4, 2024
This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Let’s hope the judge throws the case out, but—still—it will serve as a warning to others.
Tech Republic Security
SEPTEMBER 3, 2024
Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.
Penetration Testing
SEPTEMBER 1, 2024
A security researcher from Conviso Labs published the technical details and a proof-of-concept (PoC) exploit for a critical CVE-2024-43044 vulnerability in Jenkin. Jenkins is integral to many development pipelines, making... The post CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE, PoC Exploit Published appeared first on Cybersecurity News.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
SEPTEMBER 5, 2024
Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
Schneier on Security
SEPTEMBER 5, 2024
Really interesting analysis of the American M-209 encryption device and its security.
Tech Republic Security
SEPTEMBER 5, 2024
New mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.
Penetration Testing
SEPTEMBER 4, 2024
Security researcher Hyprdude has published detailed information and a proof-of-concept (PoC) exploit for a critical vulnerability identified as CVE-2024-20017. With a CVSS score of 9.8, this vulnerability poses a severe... The post CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Duo's Security Blog
SEPTEMBER 5, 2024
The importance of gaining visibility into identity data Over the last two years, the security of an organization's identity ecosystem has become paramount. Before diving into the specifics of dormant accounts, it's important to take a step back and discuss a prerequisite: gaining cross-platform visibility into identity and access management data.
Schneier on Security
SEPTEMBER 6, 2024
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy.
Tech Republic Security
SEPTEMBER 6, 2024
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
Penetration Testing
SEPTEMBER 4, 2024
A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most severe vulnerability (CVE-2024-40711,... The post Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover appeared first on Cybersecurity News.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Malwarebytes
SEPTEMBER 4, 2024
With the US election campaigns at full throttle, scammers have taken a renewed interest in the ways this can be used to defraud people , often using the same tactics legitimate campaigns leverage for support (emails, text messages, phone calls, and social media pleas). The lure that we have seen the most involves asking people to donate to a campaign.
Joseph Steinberg
SEPTEMBER 4, 2024
CyberSecurity Expert Joseph Steinberg will deliver a talk at the Penn Club in New York City on October 29 th. The Penn Club provided the following description of Steinberg’s talk, appropriately titled A Spooky Drive Into CyberSecurity for the Halloween season, and which will be run as a joint event with the Columbia Club: Join us for Halloween fun. What does cybersecurity hold for you tricks or treats?
Tech Republic Security
SEPTEMBER 3, 2024
Many Australian companies are investing in new technology, but others are having a hard time justifying such investments given the current economic climate.
Graham Cluley
SEPTEMBER 5, 2024
Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 6, 2024
The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its allies state that GRU is behind global critical infrastructure attacks.
Malwarebytes
SEPTEMBER 4, 2024
After using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the “Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the infamous Pegasus spyware and adding pictures of your home environment. They do this to add credibility to the false claims that the scammers have been watching your online behavior and caught you red-handed during activities that you would like to keep private amongst your friends an
Tech Republic Security
SEPTEMBER 3, 2024
A number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.
Trend Micro
SEPTEMBER 3, 2024
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
320 
Let's personalize your content