Krebs on Security

DECEMBER 10, 2024

“Microsoft hasnt released specific information about the vulnerability at present, but has indicated that the attack complexity is low and authentication is not required.” “If nothing else, we can say that Microsoft is consistent,” Reguly said.

Engineering 258

Engineering Authentication Software Ransomware 258

Krebs on Security

FEBRUARY 26, 2025

“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. million customers.

Hacking 263

Hacking Government Identity Theft Accountability 263

Schneier on Security

MAY 1, 2024

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.

Scams 328

Scams Social Engineering Artificial Intelligence Engineering 328

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

Engineering 339

Engineering Internet Internet 339

The Hacker News

MAY 28, 2025

The extent of the breach is presently not In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs.

Government 119

Government 119

Adam Shostack

MARCH 26, 2025

Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack. The Hackers Almanack compiles the most interesting, impactful, and innovative research and vulnerabilities identified at DEF CON typically presented in extraordinary fashion.

Data breaches 130

Data breaches Passwords Technology Hacking 130

Schneier on Security

SEPTEMBER 2, 2024

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline.

Authentication 310

Authentication 310

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 104

Education Cybersecurity 104

Security Affairs

MARCH 9, 2025

At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif. It is this low cost that explains why it is present in the vast majority of Bluetooth IoT devices for domestic use.” ” continues the researchers.

Manufacturing 127

Manufacturing IoT Firmware Mobile 127

Adam Shostack

JANUARY 2, 2025

Be present. The lack of authentication of base stations is apparently a.feature. thats never going to be fixed. Now, theres another way to interpret this, which is to put your devices in airplane mode or a Faraday cage, and thats not awful advice. Disconnect. Enjoy the events. Talk to the people around you.

Media 246

Media Authentication Malware 246

Security Boulevard

NOVEMBER 6, 2024

Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular. The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.

Authentication 124

Authentication Accountability Cybersecurity 124

Adam Shostack

JANUARY 2, 2025

In Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Ken Wolstencroft of NCC presents a threat model for Google Cloud Storage, and Id like to take a look at it to see what we can learn. NCC has released a threat model for Google Cloud Platform. What can it teach us?

Engineering 246

Engineering Authentication 246

Security Boulevard

OCTOBER 30, 2024

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.

Cybersecurity 110

Cybersecurity Social Engineering Security Awareness Engineering 110

WIRED Threat Level

JUNE 4, 2025

See how much faster such a machine could decrypt a password compared to a present-day supercomputer. A quantum computer will likely one day be able to break the encryption protecting the world's secrets.

Encryption 88

Encryption Passwords Hacking 88

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 244

System Administration Engineering Internet Internet 244

Adam Shostack

JANUARY 2, 2025

Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.

Engineering 130

Engineering Software Cybersecurity Risk 130

Krebs on Security

JANUARY 14, 2025

“This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files.”

Artificial Intelligence 292

Artificial Intelligence Social Engineering Encryption Internet 292

Adam Shostack

JANUARY 2, 2025

We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Security Affairs

JANUARY 24, 2025

While some cd00r functions share the same non-standard names, this latest sample contains an embedded certificate that presents a challenge which was not present in previous examples found in VirusTotal, indicating an evolution in operational security and tradecraft.” ” concludes the report.

Malware 122

Malware VPN Encryption Hacking 122

Security Boulevard

DECEMBER 4, 2024

China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.

Risk 113

Risk Marketing Technology Malware 113

Schneier on Security

JANUARY 10, 2024

“BK presents Hangover Whopper, a technology that scans your hangover level and offers a discount on the ideal combo to help combat it.” ” The stunt runs until January 2nd.

Marketing 325

Marketing Technology 325

Schneier on Security

AUGUST 12, 2024

In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024.

Artificial Intelligence 318

Artificial Intelligence Risk 318

Schneier on Security

SEPTEMBER 17, 2024

Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

Malware 300

Malware Social Engineering Engineering Hacking 300

Javvad Malik

DECEMBER 16, 2024

I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing. Blackhat was held at the ExCeL and featured all the usual suspects.

Social Engineering 130

Social Engineering Engineering Cybersecurity 130

Adam Shostack

JANUARY 2, 2025

And while an emergency stop may certainly be a risk minimizing action in some circumstances, describing it as such is surprising, especially when presented in contrast to a "safe stop" maneuver. One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. It's important to remember that driving is incredibly dangerous.

Risk 189

Risk Manufacturing Architecture Cybersecurity 189

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

Firewall 346

Firewall Data breaches Malware Risk 346

NetSpi Executives

MARCH 12, 2025

Michelle Eggers and David Bryan Presenting their talk. This year at SHARE, NetSPI presented two notable talks. Titled, Mainframe Blackbox Network Pentesting , the presentation explored various vulnerabilities encountered during past mainframe penetration tests. Philip Young (right) presenting his talk with Chad Rikansrud (left).

Penetration Testing 96

Penetration Testing Passwords Accountability Cybersecurity 96

SecureWorld News

NOVEMBER 17, 2024

The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. of the UK's business population, 5.5

Cybersecurity 120

Cybersecurity Risk Healthcare Accountability 120

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed.

321

321

Schneier on Security

DECEMBER 22, 2022

Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes.

Authentication 71

Authentication 71

Schneier on Security

JANUARY 17, 2023

Someone at the NSA gave a presentation on this ten years ago. (I Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. There are lots of ways to de-anonymize Tor users.

Surveillance 363

Surveillance Media Hacking 363

Adam Shostack

APRIL 2, 2025

Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But This Time, For Sure! - [IAIS-R03]. Shostack + Associates updates Were sponsoring the Threat Modeling Connect #hackathon , going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle).

147

147

Schneier on Security

MARCH 8, 2024

We also present a comprehensive taxonomical ontology of the types of adversarial prompts. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking.

Hacking 329

Hacking Artificial Intelligence 329

Security Affairs

DECEMBER 1, 2024

A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. While it offers immense opportunities for innovation and progress, it also presents significant risks when weaponized by malicious actors.

Artificial Intelligence 134

Artificial Intelligence Phishing Media Cyber threats 134

Schneier on Security

OCTOBER 10, 2023

Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto’20 by Carlini, Jagielski, and Mironov.

329

329

Adam Shostack

JANUARY 2, 2025

264 Decoder , which presents a new toolset for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files. In fact, the first bug we identified was present in the kernel as far back as iOS 10. Video decoding has always been intensely dangerous.

Risk 130

Risk 130

Security Boulevard

APRIL 19, 2025

Author/Presenter: James Ringold Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel.

Education 69

Education Cybersecurity 69