Security Boulevard

DECEMBER 22, 2024

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period.

Cyber threats 111

Cyber threats Data privacy Risk Cybersecurity 111

Schneier on Security

MAY 1, 2024

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.

Scams 339

Scams Social Engineering Artificial Intelligence Engineering 339

Krebs on Security

MAY 14, 2025

Tracked as CVE-2025-32701 & CVE-2025-32706 , these flaws are present in all supported versions of Windows 10 and 11, as well as their server versions. The Windows CLFS is a critical Windows component responsible for logging services, and is widely used by Windows system services and third-party applications for logging.

Artificial Intelligence 189

Artificial Intelligence Internet Internet Engineering 189

Schneier on Security

JANUARY 19, 2023

We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. It also said the researchers were overselling their findings.

Encryption 348

Encryption Authentication Advertising Government 348

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

Engineering 349

Engineering Internet Internet 349

Krebs on Security

FEBRUARY 26, 2025

“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. million customers.

Hacking 254

Hacking Government Identity Theft Accountability 254

Schneier on Security

OCTOBER 11, 2022

Next, we demonstrate that some backdoors, such as ImpNet, can only be reliably detected at the stage where they are inserted and removing them anywhere else presents a significant challenge.

Architecture 363

Architecture Software 363

Schneier on Security

SEPTEMBER 2, 2024

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline.

Authentication 324

Authentication 324

Adam Shostack

MARCH 26, 2025

Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack. The Hackers Almanack compiles the most interesting, impactful, and innovative research and vulnerabilities identified at DEF CON typically presented in extraordinary fashion.

Data breaches 130

Data breaches Passwords Technology Hacking 130

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 104

Education Cybersecurity 104

Security Boulevard

NOVEMBER 6, 2024

Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular. The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.

Authentication 124

Authentication Accountability Cybersecurity 124

Security Affairs

MARCH 9, 2025

At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif. It is this low cost that explains why it is present in the vast majority of Bluetooth IoT devices for domestic use.” ” continues the researchers.

Manufacturing 126

Manufacturing IoT Firmware Mobile 126

Adam Shostack

JANUARY 2, 2025

In Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Ken Wolstencroft of NCC presents a threat model for Google Cloud Storage, and Id like to take a look at it to see what we can learn. NCC has released a threat model for Google Cloud Platform. What can it teach us?

Engineering 246

Engineering Authentication 246

Security Boulevard

OCTOBER 30, 2024

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.

Cybersecurity 110

Cybersecurity Social Engineering Security Awareness Engineering 110

Schneier on Security

JANUARY 10, 2024

“BK presents Hangover Whopper, a technology that scans your hangover level and offers a discount on the ideal combo to help combat it.” ” The stunt runs until January 2nd.

Marketing 337

Marketing Technology 337

Schneier on Security

AUGUST 12, 2024

In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024.

Artificial Intelligence 330

Artificial Intelligence Risk 330

Schneier on Security

SEPTEMBER 17, 2024

Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

Malware 314

Malware Social Engineering Engineering Hacking 314

Adam Shostack

JANUARY 2, 2025

Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.

Engineering 130

Engineering Software Cybersecurity Risk 130

Adam Shostack

JANUARY 2, 2025

We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Security Boulevard

DECEMBER 4, 2024

China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.

Risk 113

Risk Marketing Technology Malware 113

Security Affairs

JANUARY 24, 2025

While some cd00r functions share the same non-standard names, this latest sample contains an embedded certificate that presents a challenge which was not present in previous examples found in VirusTotal, indicating an evolution in operational security and tradecraft.” ” concludes the report.

Malware 120

Malware VPN Encryption Hacking 120

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 234

System Administration Engineering Internet Internet 234

Javvad Malik

DECEMBER 16, 2024

I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing. Blackhat was held at the ExCeL and featured all the usual suspects.

Social Engineering 130

Social Engineering Engineering Cybersecurity 130

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed.

333

333

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

Firewall 353

Firewall Data breaches Malware Risk 353

Adam Shostack

JANUARY 2, 2025

And while an emergency stop may certainly be a risk minimizing action in some circumstances, describing it as such is surprising, especially when presented in contrast to a "safe stop" maneuver. One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. It's important to remember that driving is incredibly dangerous.

Risk 189

Risk Manufacturing Architecture Cybersecurity 189

NetSpi Executives

MARCH 12, 2025

Michelle Eggers and David Bryan Presenting their talk. This year at SHARE, NetSPI presented two notable talks. Titled, Mainframe Blackbox Network Pentesting , the presentation explored various vulnerabilities encountered during past mainframe penetration tests. Philip Young (right) presenting his talk with Chad Rikansrud (left).

Penetration Testing 96

Penetration Testing Passwords Accountability Cybersecurity 96

Tech Republic Security

OCTOBER 22, 2024

A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.

Engineering 214

Engineering Artificial Intelligence Technology Cybersecurity 214

SecureWorld News

NOVEMBER 17, 2024

The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. of the UK's business population, 5.5

Cybersecurity 118

Cybersecurity Risk Healthcare Accountability 118

Schneier on Security

DECEMBER 22, 2022

Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes.

Authentication 72

Authentication 72

Schneier on Security

MARCH 8, 2024

We also present a comprehensive taxonomical ontology of the types of adversarial prompts. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking.

Hacking 340

Hacking Artificial Intelligence 340

Schneier on Security

JANUARY 17, 2023

Someone at the NSA gave a presentation on this ten years ago. (I Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. There are lots of ways to de-anonymize Tor users.

Surveillance 363

Surveillance Media Hacking 363

Adam Shostack

APRIL 2, 2025

Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But This Time, For Sure! - [IAIS-R03]. Shostack + Associates updates Were sponsoring the Threat Modeling Connect #hackathon , going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle).

147

147

Troy Hunt

MAY 2, 2025

References Sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing NDC Melbourne has been run and done (that's actually the last even on my calendar at present, at last until things start filling in for Europe next month) We're progressing well with our new Have I Been Pwned challenge (..)

Phishing 154

Phishing Scams 154

Schneier on Security

OCTOBER 10, 2023

Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto’20 by Carlini, Jagielski, and Mironov.

340

340

Security Boulevard

MARCH 1, 2025

Author/Presenter: Max 'Libra' Kersten Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 89

Education Cybersecurity 89

Tech Republic Security

APRIL 17, 2025

In a presentation delivered this month by the European Commission, a meeting etiquette slide stated No AI Agents are allowed.

Artificial Intelligence 183

Artificial Intelligence 183