Sat.Apr 27, 2024 - Fri.May 03, 2024

article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec

Passwords 277
article thumbnail

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.

Wireless 271
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CyberSecurity Expert Joseph Steinberg To Lecture At Columbia University

Joseph Steinberg

CyberSecurity Expert Joseph Steinberg, will join the faculty of Columbia University for the upcoming Summer 2024 semester. Steinberg, who will serve as a Lecturer on Cybersecurity, will teach in the Technology Management graduate program run by Columbia’s School of Professional Studies; Steinberg’s lectures are scheduled to take place at Columbia’s New York City campus in May, June, and July of 2024.

article thumbnail

Weekly Update 398

Troy Hunt

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.

Passwords 237
article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

Schneier on Security

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.

274
274
article thumbnail

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

DDOS 239

More Trending

article thumbnail

Weekly Update 397

Troy Hunt

Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking 224
article thumbnail

My TED Talks

Schneier on Security

I have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here because I want all three links in one place.

Internet 242
article thumbnail

US Department Of Defense CyberSecurity Contest To Open To The Public

Joseph Steinberg

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co

article thumbnail

Top 5 Global Cyber Security Trends of 2023, According to Google Report

Tech Republic Security

According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024

Penetration Testing

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024 appeared first on Penetration Testing.

article thumbnail

AI Voice Scam

Schneier on Security

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.

Scams 272
article thumbnail

Watch out for tech support scams lurking in sponsored search results

Malwarebytes

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored” They’re often ads that are taken out by brands who want to get people to click through to their website.

Scams 136
article thumbnail

Are VPNs Legal To Use?

Tech Republic Security

Are virtual private networks legal to use? Discover if VPNs are legal, restricted or banned in your geolocation and what activities are legal vs. illegal when using a VPN.

VPN 161
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core

Penetration Testing

A significant security vulnerability has been identified in WordPress, the world’s most popular content management system, which could potentially allow attackers to take control of affected websites. The vulnerability, tracked as CVE-2024-4439 and rated... The post CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core appeared first on Penetration Testing.

article thumbnail

Whale Song Code

Schneier on Security

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end.

article thumbnail

Dropbox Hacked: eSignature Service Breached

Security Boulevard

Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product. The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.

Hacking 135
article thumbnail

U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

Tech Republic Security

The U.K.'s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders

Penetration Testing

Security researcher Florian Port at Insinuator recently uncovered a critical flaw in Jitsi Meet, the popular open-source video conferencing platform. The vulnerability (CVE-2024-33530) allows unauthorized individuals to gain the meeting password, potentially bypassing security... The post CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders appeared first on Penetration Testing.

Passwords 142
article thumbnail

WhatsApp in India

Schneier on Security

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

article thumbnail

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

Security Boulevard

Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability. The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.

Passwords 132
article thumbnail

How Are APAC Tech Salaries Faring in 2024?

Tech Republic Security

The year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS

Penetration Testing

QNAP, a leading manufacturer of network attached storage (NAS) devices, has issued an urgent security advisory to its users concerning multiple severe vulnerabilities across its suite of NAS software products. These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

article thumbnail

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

The Hacker News

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.

DNS 135
article thumbnail

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

IoT 135
article thumbnail

4 IoT Trends U.K. Businesses Should Watch in 2024

Tech Republic Security

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT 164
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218)

Penetration Testing

Cybersecurity researcher Gabe Kirkpatrick shared technical details and proof-of-concept (PoC) exploit code for a high-severity elevation of privilege vulnerability (CVE-2024-26218) bug affecting the Windows Kernel. Microsoft released security updates to address it on all... The post Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218) appeared first on Penetration Testing.

article thumbnail

Android bug can leak DNS traffic with VPN kill switch enabled

Bleeping Computer

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [.

DNS 130
article thumbnail

What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity?

Security Boulevard

50,000 security practitioners are about to attend RSA 2024. Here’s what one expert anticipates for this year’s show. The post What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity? appeared first on Security Boulevard.

article thumbnail

Adobe Adds Firefly and AI Watermarking to Bug Bounty Program

Tech Republic Security

Researchers can earn up to $10,000 for critical vulnerabilities in the generative AI products.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.