Schneier on Security
MAY 14, 2024
Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.
Lohrman on Security
MAY 12, 2024
As another RSA Conference in San Francisco ended on May 10, 2024, the global impact that cybersecurity and artificial intelligence bring to every area of life has become much more apparent.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 14, 2024
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
Troy Hunt
MAY 11, 2024
The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on this incident, the lists are what whoever defaced the site said TPM had and they certainly posted that data in the defacement message, but we're yet to hear a statement from the company itself.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Schneier on Security
MAY 16, 2024
Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis.
Tech Republic Security
MAY 13, 2024
AI PCs could soon see organisations invest in whole fleets of new managed devices, but Absolute Security data shows they are failing to maintain endpoint protection and patching the devices they have.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MAY 16, 2024
Yoast SEO, the widely used WordPress plugin with over 5 million active installations, has been found vulnerable to a Stored Cross-Site Scripting (XSS) flaw. This vulnerability, tracked as CVE-2024-4984, could allow malicious actors to... The post CVE-2024-4984: Yoast SEO Flaw Exposes Millions of WordPress Sites to Attack appeared first on Penetration Testing.
Schneier on Security
MAY 13, 2024
Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls. There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment.
Tech Republic Security
MAY 16, 2024
Cisco’s Splunk acquisition was finalised in March 2024. Splunk’s Craig Bates says the combined offering could enhance observability and put data to work for security professionals in an age of AI threat defence.
Malwarebytes
MAY 16, 2024
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
MAY 14, 2024
German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day. The most significant new... The post CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover appeared first on Penetration Testing.
Schneier on Security
MAY 17, 2024
The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. […] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation.
Tech Republic Security
MAY 17, 2024
Read about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.
Bleeping Computer
MAY 14, 2024
VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
MAY 16, 2024
Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic.
Schneier on Security
MAY 14, 2024
This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.
Tech Republic Security
MAY 17, 2024
Regardless of how badly your files, or their formats, are damaged, EaseUS Fixo can restore your office files, videos and photos, even in batches. Get a lifetime subscription for $49.99 at TechRepublic Academy.
Bleeping Computer
MAY 13, 2024
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
MAY 14, 2024
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.
Penetration Testing
MAY 11, 2024
In a shocking incident that has raised serious questions about the reliability of public cloud services, Google Cloud accidentally deleted the entire online account of UniSuper. This unprecedented misconfiguration left over half a million... The post Google Cloud Mishap: Accidental Deletion of $125 Billion Pension Fund’s Account Raises Concerns appeared first on Penetration Testing.
Tech Republic Security
MAY 17, 2024
This $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.
Bleeping Computer
MAY 16, 2024
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MAY 15, 2024
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.
Security Boulevard
MAY 15, 2024
Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense. The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.
Tech Republic Security
MAY 15, 2024
Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.
Bleeping Computer
MAY 14, 2024
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
MAY 13, 2024
Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.
Security Boulevard
MAY 16, 2024
One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet? The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.
Malwarebytes
MAY 14, 2024
Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.
Bleeping Computer
MAY 14, 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
271 
Let's personalize your content