Lohrman on Security
NOVEMBER 10, 2024
Several recent studies highlight what is happening in the public and private sectors regarding artificial intelligence initiatives, along with detailing barriers and cybersecurity challenges to address.
Krebs on Security
NOVEMBER 9, 2024
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI said it has seen un uptick in postings on criminal forums regarding the process of emergency data requests (EDRs) and the sal
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 14, 2024
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
Troy Hunt
NOVEMBER 13, 2024
Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us. I started Have I Been Pwned (HIBP) in the first place because I was surprised at where my data had turned up in breaches. 11 years and 14 billion breached records later, I'm still surp
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
NOVEMBER 12, 2024
I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data.
Krebs on Security
NOVEMBER 12, 2024
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Malwarebytes
NOVEMBER 14, 2024
A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US. In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites.
Security Affairs
NOVEMBER 12, 2024
Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.
Krebs on Security
NOVEMBER 14, 2024
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel , who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
NetSpi Technical
NOVEMBER 14, 2024
Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to understand, manage, and defend. For the benefit of both attackers and defenders, I started an open-source GitHub project a few years ago called “PowerHuntShares”. It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
NOVEMBER 15, 2024
Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre (NCSC). The letters are sent as if they come from the official Swiss Federal Office of Meteorology and Climatology (MeteoSwiss) and they urge the recipient to install a new “severe weather app.
Penetration Testing
NOVEMBER 14, 2024
A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications. Rated... The post Critical Laravel Flaw (CVE-2024-52301) Exposes Millions of Web Applications to Attack appeared first on Cybersecurity News.
Security Affairs
NOVEMBER 11, 2024
Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. The company said that the data was stolen from a third-party vendor. Amazon did not disclose the number of impacted employees.
Google Security
NOVEMBER 15, 2024
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities , which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
NOVEMBER 12, 2024
A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared. The BBC reports it tried several methods to reach the company but failed in this effort. London offices are closed, nobody answers the phone, and clients are no longer capable of accessing their online records. All the company’s social media accounts haven’t been updated since 2023 at the latest.
The Last Watchdog
NOVEMBER 11, 2024
Augmented reality use cases have become prevalent in our society. The technology, which first emerged primarily in the world of gaming and entertainment, now promises to reshape our reality with interactive information and immersive experiences. In short, AR is undoubtedly a groundbreaking technology that will reinvent how we interact with the digital world.
Security Affairs
NOVEMBER 9, 2024
Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges. This occurs due to improper input sanitization in the Mazda Connect CMU, allowing attackers with physical access to exploit the system using a crafted USB device.
Penetration Testing
NOVEMBER 15, 2024
Icinga releases urgent security updates to address a critical TLS certificate validation bypass vulnerability affecting all versions since 2.4.0. A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
SecureWorld News
NOVEMBER 15, 2024
In a joint statement from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), United States officials have disclosed the details of a broad cyber espionage campaign by Chinese state-sponsored actors targeting U.S. telecommunications infrastructure. The China-backed hackers, identified as the Salt Typhoon group, have reportedly accessed customer call data, law enforcement records, and private communications of U.S. officials and politically a
NSTIC
NOVEMBER 13, 2024
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.
Security Affairs
NOVEMBER 10, 2024
US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers. The Consumer Financial Protection Bureau (CFPB) is a U.S. government agency created in 2011 to protect consumers in the financial sector, ensuring fair, transparent,
Penetration Testing
NOVEMBER 15, 2024
Cybersecurity firm Volexity has uncovered a zero-day vulnerability in Fortinet’s Windows VPN client, FortiClient, being exploited by the BrazenBamboo Advanced Persistent Threat (APT) group. This vulnerability, detailed in Volexity’s latest... The post Zero-Day Vulnerability in FortiClient Exploited by BrazenBamboo APT appeared first on Cybersecurity News.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureWorld News
NOVEMBER 14, 2024
Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. Here are the key takeaways from the report.
Security Boulevard
NOVEMBER 14, 2024
SANTA CLARA, Calif. — With great promise comes potential peril. And while artificial intelligence (AI) is looked upon as a panacea for enterprises, it also poses an existential security threat. “We stand at the intersection of human ingenuity and technological innovation, where the game of cybersecurity has evolved into a high-stakes match,” Nir Zuk, founder.
Security Affairs
NOVEMBER 12, 2024
Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. The new feature was introduced with the release of iOS 18.1 at the end of October.
Penetration Testing
NOVEMBER 12, 2024
Citrix has issued a security bulletin warning of two vulnerabilities affecting NetScaler ADC and NetScaler Gateway, products that provide application delivery and security services. The vulnerabilities, tracked as CVE-2024-8534 and... The post Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk appeared first on Cybersecurity News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
NOVEMBER 11, 2024
In 2016, Uber faced a cybersecurity crisis that ended up reshaping the conversation around data breaches and accountability. Hackers accessed a massive amount of sensitive data, including the names, email addresses, and phone numbers of 57 million riders and drivers, plus driver's license numbers for about 600,000 drivers. They managed to break in after finding credentials left exposed in a public GitHub repository—a preventable, basic lapse in security hygiene.
Digital Shadows
NOVEMBER 12, 2024
We are excited to introduce our latest threat landscape report on the construction sector, providing the latest insights into the evolving cyber threats facing the industry. In this blog, we’ll give you a taste of the report’s key themes, including analysis of the most pressing threats, prevalent MITRE ATT&CK techniques, and dark web insights.
Security Affairs
NOVEMBER 13, 2024
Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.
Penetration Testing
NOVEMBER 11, 2024
A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges. This issue arises from an insecure initial password... The post Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
295 
Let's personalize your content