Security Boulevard

DECEMBER 22, 2024

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period.

Cyber threats 111

Cyber threats Data privacy Risk Cybersecurity 111

Adam Shostack

MARCH 26, 2025

Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack. The Hackers Almanack compiles the most interesting, impactful, and innovative research and vulnerabilities identified at DEF CON typically presented in extraordinary fashion.

Data breaches 130

Data breaches Passwords Technology Hacking 130

Schneier on Security

JANUARY 19, 2023

We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. It also said the researchers were overselling their findings.

Encryption 345

Encryption Authentication Advertising Government 345

Schneier on Security

AUGUST 29, 2024

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

Engineering 345

Engineering Internet Internet 345

Schneier on Security

OCTOBER 11, 2022

Next, we demonstrate that some backdoors, such as ImpNet, can only be reliably detected at the stage where they are inserted and removing them anywhere else presents a significant challenge.

Architecture 363

Architecture Software 363

Krebs on Security

FEBRUARY 26, 2025

“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted. million customers.

Hacking 239

Hacking Government Identity Theft Accountability 239

Schneier on Security

SEPTEMBER 2, 2024

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline.

Authentication 318

Authentication 318

Security Boulevard

NOVEMBER 12, 2024

Authors/Presenters: Samy Kamkar Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel.

Education 104

Education Cybersecurity 104

Security Boulevard

NOVEMBER 6, 2024

Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular. The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.

Authentication 124

Authentication Accountability Cybersecurity 124

Adam Shostack

JANUARY 2, 2025

In Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Ken Wolstencroft of NCC presents a threat model for Google Cloud Storage, and Id like to take a look at it to see what we can learn. NCC has released a threat model for Google Cloud Platform. What can it teach us?

Engineering 246

Engineering Authentication 246

Security Boulevard

OCTOBER 30, 2024

Cybersecurity firm Proofpoint, which is eyeing an IPO in the next 18 months, is buying startup Normalyze to improve its data protection capabilities and mitigate the threat humans present in an increasingly fast-paced, interconnected, and AI-focus world.

Cybersecurity 110

Cybersecurity Social Engineering Engineering Security Awareness 110

Security Affairs

MARCH 9, 2025

At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif. It is this low cost that explains why it is present in the vast majority of Bluetooth IoT devices for domestic use.” ” continues the researchers.

Manufacturing 121

Manufacturing IoT Firmware Mobile 121

Adam Shostack

JANUARY 2, 2025

Threat Modeling Jamie Dicken presented Teaching Software Engineers to Threat Model: We Did It, and So Can You at RSA, and her talk made Security Boulevards 8 hot talks list.

Engineering 130

Engineering Software Cybersecurity Risk 130

Schneier on Security

JANUARY 10, 2024

“BK presents Hangover Whopper, a technology that scans your hangover level and offers a discount on the ideal combo to help combat it.” ” The stunt runs until January 2nd.

Marketing 332

Marketing Technology 332

Adam Shostack

JANUARY 2, 2025

We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States.

Cyber threats 130

Cyber threats Government Cybersecurity 130

Schneier on Security

AUGUST 12, 2024

In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024.

Artificial Intelligence 325

Artificial Intelligence Risk 325

Schneier on Security

SEPTEMBER 17, 2024

Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

Malware 308

Malware Social Engineering Engineering Hacking 308

Security Boulevard

DECEMBER 4, 2024

China's growing presence in the global market for LiDAR, a remote sensing technology widely used in defense and commercial system, presents a national security risk for the United States, which already is dealing with intrusions into critical infrastructure networks by China-backed threat groups, according to a reporte.

Risk 113

Risk Marketing Technology Malware 113

Security Affairs

JANUARY 24, 2025

While some cd00r functions share the same non-standard names, this latest sample contains an embedded certificate that presents a challenge which was not present in previous examples found in VirusTotal, indicating an evolution in operational security and tradecraft.” ” concludes the report.

Malware 120

Malware VPN Encryption Hacking 120

Javvad Malik

DECEMBER 16, 2024

I had the chance to present at Blackhat and also caught up with Quentyn Taylor, who somehow social-engineered me into agreeing to a 5k run in the new year The vendor area felt a bit smaller compared to previous years, but that wasnt necessarily a bad thing. Blackhat was held at the ExCeL and featured all the usual suspects.

Social Engineering 130

Social Engineering Engineering Cybersecurity 130

Adam Shostack

APRIL 2, 2025

Adam will be co-presenting with Tanya Janca at RSA: Red Teaming AI: 50 Years of Failure, But This Time, For Sure! - [IAIS-R03]. Shostack + Associates updates Were sponsoring the Threat Modeling Connect #hackathon , going on now. Adam will be keynoting BSides Seattle (April 18/19, Seattle).

147

147

Adam Shostack

JANUARY 2, 2025

And while an emergency stop may certainly be a risk minimizing action in some circumstances, describing it as such is surprising, especially when presented in contrast to a "safe stop" maneuver. One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. It's important to remember that driving is incredibly dangerous.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 221

System Administration Engineering Internet Internet 221

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

Firewall 350

Firewall Data breaches Malware Risk 350

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed.

328

328

NetSpi Executives

MARCH 12, 2025

Michelle Eggers and David Bryan Presenting their talk. This year at SHARE, NetSPI presented two notable talks. Titled, Mainframe Blackbox Network Pentesting , the presentation explored various vulnerabilities encountered during past mainframe penetration tests. Philip Young (right) presenting his talk with Chad Rikansrud (left).

Penetration Testing 96

Penetration Testing Passwords Accountability Cybersecurity 96

SecureWorld News

NOVEMBER 17, 2024

The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. of the UK's business population, 5.5

Cybersecurity 120

Cybersecurity Risk Healthcare Accountability 120

Security Boulevard

APRIL 19, 2025

Author/Presenter: James Ringold Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel.

Education 69

Education Cybersecurity 69

Tech Republic Security

OCTOBER 22, 2024

A study at Rensselaer Polytechnic Institute presented at ISC2 Security Congress compared ChatGPT-written training prompted by security experts and prompt engineers.

Engineering 212

Engineering Artificial Intelligence Technology Cybersecurity 212

Schneier on Security

MAY 25, 2022

If an adversary can manipulate the order in which batches of training data are presented to the model, they can undermine both its integrity (by poisoning it) and its availability (by causing training to be less effective, or take longer). Our latest paper shows that’s not necessary at all.

Engineering 355

Engineering 355

Schneier on Security

DECEMBER 22, 2022

Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes.

Authentication 72

Authentication 72

Schneier on Security

NOVEMBER 16, 2022

On social media and in US regulatory filings, however, it presents itself as a US company, based at various times in California, Maryland, and Washington, DC, Reuters found. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

Software 337

Software Media Government 337

Schneier on Security

MARCH 8, 2024

We also present a comprehensive taxonomical ontology of the types of adversarial prompts. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking.

Hacking 335

Hacking Artificial Intelligence 335

Schneier on Security

JANUARY 17, 2023

Someone at the NSA gave a presentation on this ten years ago. (I Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. There are lots of ways to de-anonymize Tor users.

Surveillance 363

Surveillance Media Hacking 363

Security Affairs

APRIL 13, 2025

But American officials present and others later briefed on the meeting perceived the comments as confirmation of Beijings role and was intended to scare the U.S. .” states the WSJ. “Wang or the other Chinese officials didnt directly state that China was responsible for the hacking, the U.S. officials said.

Hacking 128

Hacking Manufacturing Education Government 128

Joseph Steinberg

MARCH 24, 2025

We all know that we face increased threats from costly hacker attacks and data breaches unfortunately, however, much of what we have been taught about how to protect ourselves is simply wrong.

Artificial Intelligence 130

Artificial Intelligence Cybersecurity Data breaches Government 130

The Last Watchdog

APRIL 10, 2025

At a press briefing, Tanaka gave an eye-opening presentation in which he framed the disruption thats playing out over GenAI. Looking ahead, our research hopes to bring about more natural intelligent algorithms and hardware through our understanding of physics, neuroscience, and machine learning. Were now deep into that shift.

Artificial Intelligence 162

Artificial Intelligence Architecture Media Internet 162