Tech Republic Security
DECEMBER 23, 2024
A look at the cyber threat landscape of 2024, including major breaches and trends. An expert weighs in on key lessons and what to expect in 2025.
Tech Republic Security
DECEMBER 23, 2024
Patch management software ensures that known vulnerabilities are patched efficiently to prevent breaches while streamlining IT workflows. Find the best patch management solution for your business.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 26, 2024
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.
Zero Day
DECEMBER 24, 2024
In just two years, AI has gone from hype to essential skill, offering massive productivity gains and increasing creativity among teams who use it. Here's how.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
DECEMBER 24, 2024
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Joseph Steinberg
DECEMBER 21, 2024
Australia recently enacted legislation to ban children under 16 from using social media a policy that the Australian government plans to enforce through the use of untested age-verification technology. While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Lohrman on Security
DECEMBER 27, 2024
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions, forecasts, trends and outlook reports from the top security industry vendors, technology magazines, expert thought leaders and more.
Penetration Testing
DECEMBER 22, 2024
The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range... The post CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability appeared first on Cybersecurity News.
SecureWorld News
DECEMBER 23, 2024
IT support is a fundamental requirement for operational productivity and system uptime for any industry. Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.
Security Affairs
DECEMBER 25, 2024
Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to North Korean cyber actors. Japanese and U.S. authorities linked the $308 million cyber heist targeting cryptocurrency company DMM Bitcoin to North Korea-linked threat actors. On June 1st, the Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
DECEMBER 22, 2024
Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period. Understanding these threats is crucial for effective defense.
Penetration Testing
DECEMBER 22, 2024
The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to... The post NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager appeared first on Cybersecurity News.
Malwarebytes
DECEMBER 27, 2024
A popular saying is: To err is human, but to really foul things up you need a computer. Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI). And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then its that when humans and AI cooperate, amazing things can happen.
Security Affairs
DECEMBER 23, 2024
A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
DECEMBER 27, 2024
Shouldve used MFA: $T loses yet more customer datathis time, from almost all of them. The post Best of 2024: AT&T Says 110M Customers Data Leaked Yep, its Snowflake Again appeared first on Security Boulevard.
Schneier on Security
DECEMBER 27, 2024
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.
Penetration Testing
DECEMBER 24, 2024
Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. The backdoor was uncovered during a forensic investigation into a compromised Palo Alto Networks device. Attackers... The post CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices appeared first on Cybersecurity News.
Security Affairs
DECEMBER 26, 2024
A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19. Pittsburgh Regional Transit (PRT) is the public transportation agency that serves the Pittsburgh metropolitan area in Pennsylvania, USA.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
DECEMBER 23, 2024
A hack of health care services provider ConnectOnCall exposed the sensitive data of more than 914,000 users, the latest proof point of the growing interest threat actors have in targeting hospitals and other health care organizations. The post Health Care Data of Almost 1 Million ConnectOnCall User Exposed appeared first on Security Boulevard.
Schneier on Security
DECEMBER 23, 2024
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Penetration Testing
DECEMBER 24, 2024
A critical-severity security flaw has been uncovered in Apache Traffic Control, a popular open-source platform used to build large-scale content delivery networks (CDNs). This vulnerability, identified as CVE-2024-45387 and assigned... The post CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control appeared first on Cybersecurity News.
Security Affairs
DECEMBER 26, 2024
A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday. A cyber attack hit Japan Airlines (JAL) on Thursday, the offensive began at 7:24 a.m. and impacted internal and external systems. The Associated Press reported that the attack disabled a router, causing system malfunctions and suspending ticket sales for Thursday departures.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
DECEMBER 26, 2024
What is a SIEM? SIEM solutions enable enterprises to monitor and analyze security-related data from a variety of sources, such as firewalls, intrusion detection systems (IDS), and endpoint security devices. By collecting and analysing this data, companies can spot patterns that may signal a security breach, allowing them to take quick and appropriate action to [] The post The Best SIEM Tools To Consider in 2024 appeared first on Centraleyes.
IT Security Guru
DECEMBER 26, 2024
Remote and hybrid work offer opportunities but also bring challenges. Now, securing digital spaces is crucial. Enterprise browser security has become vital for various organizations. It protects their remote and hybrid teams from cyber threats. These organization-focused browsers have security features. They protect data, control access, and ensure compliance.
Penetration Testing
DECEMBER 25, 2024
A critical vulnerability has been discovered in Apache MINA, a popular network application framework used for building high-performance and scalable network applications. This vulnerability, tracked as CVE-2024-52046 and carrying a... The post CVE-2024-52046 (CVSS 10): Critical Apache MINA Flaw Could Allow Remote Code Execution appeared first on Cybersecurity News.
Security Affairs
DECEMBER 27, 2024
Palo Alto Networks addressed a high-severity PAN-OS flaw that could trigger denial-of-service (DoS) on vulnerable devices. Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. An unauthenticated attacker can exploit this vulnerability to reboot the firewall by sending a malicious packet through its data plane.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 23, 2024
Chinese crooks are running a global network of more than 75,000 fake online shops to steal credit card data and process fraudulent payments. The post Best of 2024: Massive Online Shopping Scam Racks Up 850,000 Victims appeared first on Security Boulevard.
Hacker's King
DECEMBER 24, 2024
As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. With the advent of new technologies and rising cyber threats , 2025 promises significant shifts in the cybersecurity domain. Here are the top 10 trends to watch out for in 2025: Rise of AI-Driven Cyberattacks Cybercriminals are increasingly leveraging artificial intelligence (AI) to develop sophisticated attack methods.
Penetration Testing
DECEMBER 22, 2024
The npm ecosystem has been infiltrated once more by the persistent Skuld infostealer, a notorious malware strain targeting developers with deceptive packages. Sockets threat research team unveiled this campaign, led... The post New Skuld Infostealer Campaign Unveiled in npm Ecosystem appeared first on Cybersecurity News.
Security Affairs
DECEMBER 23, 2024
Italy’s data protection watchdog fined OpenAI 15 million for ChatGPT’s improper collection of personal data. Italys privacy watchdog, Garante Privacy, fined OpenAI 15M after investigating ChatGPT’s personal data collection practices. The Italian Garante Priacy also obliges OpenAI to conduct a six-month informational campaign over ChatGPTs data management violations.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
206 
Let's personalize your content