Tech Republic Security
DECEMBER 10, 2024
TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.
Schneier on Security
DECEMBER 11, 2024
Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 10, 2024
This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.
Penetration Testing
DECEMBER 8, 2024
A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. This vulnerability, with a CVSS score of 7.8, poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
DECEMBER 11, 2024
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.
Troy Hunt
DECEMBER 7, 2024
A super quick intro today as I rush off to do the next very Dubai thing: drive a Lambo through the desert to go dirt bike riding before jumping in a Can-Am off-roader and then heading to the kart track for a couple of afternoon sessions. I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by: Cyberattacks are guaranteed.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
DECEMBER 8, 2024
Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare facility located in Newburyport, Massachusetts.
Malwarebytes
DECEMBER 9, 2024
European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted for the murder of Dutch journalist Peter R. de Vries in 2021.
Penetration Testing
DECEMBER 10, 2024
Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.
SecureWorld News
DECEMBER 12, 2024
When most people think of Krispy Kreme, they picture warm, glazed doughnuts and coffee, not cyberattacks. Yet, the recent cybersecurity breach at the beloved doughnut chain highlights critical lessons for organizations of all sizes and industries. The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
DECEMBER 7, 2024
The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.), Croatia’s largest dry cargo concessionaire, provides maritime traffic services, port operations, and cargo storage.
Security Boulevard
DECEMBER 9, 2024
By proactively assessing vulnerabilities and planning for the integration of quantum-resistant cryptographic solutions, enterprises can safeguard their digital assets against future threats. The post Quantum Computing: An Impending Threat to the Current PKI Systems appeared first on Security Boulevard.
SecureList
DECEMBER 9, 2024
A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale security crises being one of the most relevant threats worldwide, it’s more important than ever to reflect on past events, assess emerging threats, and, most crucially, explore strategies to preven
SecureWorld News
DECEMBER 9, 2024
The Chief Information Security Officer (CISO) has become one of the most critical roles in modern organizations. Tasked with safeguarding data and infrastructure, CISOs face mounting pressures as cyber threats escalate, regulatory demands grow, and the role expands to encompass strategic business responsibilities. Yet, these pressures have led to significant turnover, with many CISOs stepping away from their roles.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
DECEMBER 12, 2024
Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching cyberattacks. A global law enforcement operation codenamed Operation PowerOFF disrupted 27 of the most popular platforms (including zdstresser.net, orbitalstress.net, and starkstresser.net) to launch Distributed Denial-of-Service (DDoS) attacks. “Law enforcement agencies worldwide have disrupted a holiday tradition for cybercriminals: launching Distributed Denial-of-Service (DDo
Security Boulevard
DECEMBER 11, 2024
Researchers in Europe unveil a vulnerability dubbed "BadRAM" that hackers can easily exploit using $10 hardware to bypass protections in AMD's Eypc server processors used in cloud environments and expose sensitive data stored in memory. The post AMD Chip VM Memory Protections Broken by BadRAM appeared first on Security Boulevard.
Penetration Testing
DECEMBER 10, 2024
Jamf Threat Labs has identified a vulnerability in Apples Transparency, Consent, and Control (TCC) security framework. Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and... The post Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS appeared first on Cybersecurity News.
Webroot
DECEMBER 9, 2024
Its an exciting time to be a managed service provider (MSP). More than ever, small and medium businesses (SMBs) are looking to MSPs as trusted advisors to help safeguard them from todays growing cyber threats. One of the services in high demand right now? Managed detection and response (MDR). When asked about their biggest growth drivers, MSPs cite addressing clients cybersecurity concerns and awareness as the top new-business drivers (54%). 1 For MSPs, adding MDR to your lineup can create new r
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
DECEMBER 10, 2024
Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf of Dubai Police officers.
Security Boulevard
DECEMBER 10, 2024
SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say. The post Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down appeared first on Security Boulevard.
Schneier on Security
DECEMBER 13, 2024
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary : On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer.
ZoneAlarm
DECEMBER 9, 2024
Ransomware attacks continue to disrupt industries worldwide, with healthcare remaining a high-profile target due to the sensitivity and critical nature of its data. Anna Jaques Hospital experienced a ransomware attack in late 2023, exposing confidential information of over 310,000 patients. Recently, the incident returned to the spotlight due to new updates on the breachs scope … The post Anna Jaques Hospital Ransomware Breach Exposes Patient Data appeared first on ZoneAlarm Security Blog.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
DECEMBER 9, 2024
Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. Romanian energy supplier Electrica Group suffered a cyber attack that is impacting its operations. The company assured investors that the attack hadn’t affected its critical systems, but temporary disruptions in customer services might occur due to enhanced security protocols.
Security Boulevard
DECEMBER 12, 2024
Artificial stupidity: Large language models are terrible if you need reasoning or actual understanding. The post AI Slop is Hurting Security LLMs are Dumb and People are Dim appeared first on Security Boulevard.
Malwarebytes
DECEMBER 12, 2024
Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international headlines because it affected hundreds of millions of people, and it included Social Security Numbers.
Penetration Testing
DECEMBER 8, 2024
Distributed Denial of Secrets (DDoSecrets), the non-profit whistleblower organization is celebrating its sixth anniversary with the launch of a new public search engine: the Library of Leaks. This searchable database... The post DDoSecrets Unveils Massive “Library of Leaks” Search Engine with Millions of Leaked Documents appeared first on Cybersecurity News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 11, 2024
Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. A remote unauthenticated attacker can exploit the vulnerability to gain administrative access.
Security Boulevard
DECEMBER 9, 2024
This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment. The post The Role of USB Security in Combating Insider Threats appeared first on Security Boulevard.
Tech Republic Security
DECEMBER 12, 2024
Gemini 2.0 Flash is available now, with other model sizes coming in January. It adds multilingual voice output, image output, and some trendy agentic capabilities.
Penetration Testing
DECEMBER 8, 2024
The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun deploying Mauri ransomware in their attacks.... The post Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
197 
Let's personalize your content