Cyber Security Informer

US Department Of Defense CyberSecurity Contest To Open To The Public

Joseph Steinberg

APRIL 30, 2024

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate.

Artificial Intelligence

Artificial Intelligence Cybersecurity

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers.

Malware

Malware Software Risk

Demystifying Cybersecurity’s Public Companies

Security Boulevard

JANUARY 19, 2024

It's a lot harder to come up with a list of public cybersecurity companies than you'd think. The post Demystifying Cybersecurity’s Public Companies appeared first on Security Boulevard. Here are the reasons why, plus an honest attempt to get the list right.

Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cyber Public Health

Schneier on Security

NOVEMBER 25, 2020

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine.

Cybersecurity

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. city administrators that at least five different public DC Health websites were leaking sensitive information.

Banking

Banking Government Information Security Authentication

Navigating Public Company Cybersecurity Disclosures

Security Boulevard

DECEMBER 7, 2023

Transparency in the disclosure of cybersecurity incidents for public companies is no longer good practice – it’s now a regulatory necessity. The imminent requirement for public companies to disclose current material cybersecurity incidents is set to reshape the disclosure landscape for public companies.

Cybersecurity

Cybersecurity Information Security Government

Me on Public-Interest Tech

Schneier on Security

JUNE 3, 2022

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “ The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists.” ” It was something I was really proud of, and it’s finally up on the net.

Internet

Internet Internet Technology

Cisco discloses root escalation flaw with public exploit code

Bleeping Computer

APRIL 17, 2024

Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. [.]

Google moves to keep public sector cybersecurity vulnerabilities leashed

Tech Republic Security

APRIL 21, 2023

launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. The post Google moves to keep public sector cybersecurity vulnerabilities leashed appeared first on TechRepublic. Google Cloud and The Center for Internet Security, Inc.,

Cybersecurity

Cybersecurity Cyber threats Internet Internet

CISA makes its "Malware Next-Gen" analysis system publicly available

Bleeping Computer

APRIL 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [.]

Malware

Malware Cybersecurity Government

Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks

Penetration Testing

MAY 6, 2024

Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on Penetration Testing.

VPN

VPN Penetration Testing

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Schneier on Security

FEBRUARY 14, 2024

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly.

Toronto Public Library Under Cyberattack

Heimadal Security

OCTOBER 31, 2023

Canada’s largest public library system reported a cyberattack that took down its website, member services pages, and limited access to its digital collections. The Toronto Public Library provides more than 12 million items across 100 branches to more than 1.2 million members.

Cybersecurity

Cybersecurity for the Public Interest

Schneier on Security

MAY 3, 2019

We need public-interest technologists. The Ford Foundation defines public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." We need public-interest technologists in policy discussions. Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover

Penetration Testing

APRIL 25, 2024

The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide.

Penetration Testing

Penetration Testing Risk

Cybersecurity for the Public Interest

Schneier on Security

MARCH 5, 2019

We need public-interest technologists. The Ford Foundation defines public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." We need public-interest technologists in policy discussions. Public-interest technology isn't new.

Cybersecurity

Cybersecurity Technology Government Internet

New Publication From the Cloud Security Alliance (CSA): Hardware Security Modules as a Service

Security Boulevard

MAY 24, 2024

The post New Publication From the Cloud Security Alliance (CSA): Hardware Security Modules as a Service appeared first on Entrust Blog. The post New Publication From the Cloud Security Alliance (CSA): Hardware Security Modules as a Service appeared first on Security Boulevard.

Encryption

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

Penetration Testing

MARCH 18, 2024

However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Accountability

How SE Helped Me in Public Speaking

Security Through Education

MARCH 4, 2024

Public speaking is something that many people struggle with. In fact, 75% of the population has a fear of public speaking. Here are some influence techniques that help, both as a professional social engineer and a public speaker. Just the mere mention of it may start to make your heart race, if it is a fear of yours!

Social Engineering

Social Engineering Engineering Risk Security Awareness

Protect yourself and your business on public Wi-Fi

Tech Republic Security

DECEMBER 6, 2022

The post Protect yourself and your business on public Wi-Fi appeared first on TechRepublic. At 75% off, this affordable VPN service is more affordable than ever and capable of defending your business from cybercrime while browsing the internet.

VPN

VPN Cybercrime Internet Internet

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

The Hacker News

FEBRUARY 29, 2024

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories.

When Is Data "Public"? (And 2.5M Public Factual Records in HIBP)

Troy Hunt

DECEMBER 24, 2019

When is data "public"? And what does "public" even mean? Does it mean it's merely visible to the public? Or does it mean the public can do anything they like with it? unsettling: To be clear, all of this info must have been willingly public at some point. So what's the problem? Should it appear in HIBP?

Data breaches

Data breaches Mobile Media Marketing

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. Always verify the authenticity of Wi-Fi networks before connecting, especially in public places.

DNS

DNS VPN Encryption Passwords

Public Cloud Security Explained: Everything You Need to Know

eSecurity Planet

OCTOBER 16, 2023

Public cloud security refers to protections put in place to secure data and resources in cloud environments shared by multiple users or organizations. These safeguards, when combined with adherence to security best practices and standards, establish a strong security architecture for public cloud environments.

Encryption

Encryption DDOS Authentication Firewall

CISA Announces Malware Next-Gen Analysis for Public Access

Security Boulevard

APRIL 23, 2024

What is Malware Next-Gen It […] The post CISA Announces Malware Next-Gen Analysis for Public Access appeared first on TuxCare. The post CISA Announces Malware Next-Gen Analysis for Public Access appeared first on Security Boulevard.

Malware

Malware Cybersecurity Cyber threats Government

Boston Public Library Hit by Cyberattack

Heimadal Security

AUGUST 30, 2021

The Boston Public Library is used by more than 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. On Wednesday morning, 8/25, the Boston Public Library experienced […]. On Wednesday morning, 8/25, the Boston Public Library experienced […].

Cybersecurity

Cybersecurity Malware

Public AI as an Alternative to Corporate AI

Security Boulevard

MARCH 21, 2024

When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public. The post Public AI as an Alternative to Corporate AI appeared first on Security Boulevard. Given how transformative this technology will be for the world, this is a problem.

Government

Government Technology Artificial Intelligence

MDIC Annual Public Forum

Adam Shostack

AUGUST 13, 2020

I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!

Meta is using your public Facebook and Instagram posts to train its AI

Malwarebytes

OCTOBER 2, 2023

In an interview with Reuters , Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant. If others can see it, it’s public knowledge and the tech giants are of the opinion they can use it to train their AI.

Media

Media Artificial Intelligence Risk Cybersecurity

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Security Affairs

DECEMBER 18, 2023

A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. PA Digitale provides its service to 1300 public administrations, including 540 municipalities. Threat actors employed the Lockbit 3.0 reported the ACN.

Ransomware

Ransomware Cyber Attacks Media Government

Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks

Penetration Testing

APRIL 18, 2024

This vulnerability could allow authenticated attackers with... The post Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Authentication Risk

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Security Affairs

APRIL 18, 2024

Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists.

Authentication

Authentication Hacking Information Security

EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation

Tech Republic Security

NOVEMBER 3, 2023

In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. Get tips on mitigating this cybersecurity threat.

Cybersecurity

Cybersecurity Software

Securing Public Sector Against IoT Malware in 2024

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. In this blog post, we’ll explore the potential impact of IoT malware on the public sector — a story of innovation, risk, and the need for resilience.

IoT

IoT Malware Education Government

Hackers are exploiting critical Apache Struts flaw using public PoC

Bleeping Computer

DECEMBER 13, 2023

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. [.]

DuckDuckGo browser for Windows available for everyone as public beta

Bleeping Computer

JUNE 22, 2023

DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download with no restrictions. [.]

Software

Two public schools in Michigan hit by a ransomware attack

Security Affairs

NOVEMBER 17, 2022

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. SecurityAffairs – hacking, Public schools).

Ransomware

Ransomware Cybercrime Hacking Cybersecurity

Boston Public Library hit by Cyber Attack

CyberSecurity Insiders

AUGUST 29, 2021

Boston Public Library (BPL) branches based in Massachusetts have been witnessing a digital disruption since Wednesday last week, all because of a cyber attack. Note- Founded in 1848, the Boston Public Library, also called the Library for the Commonwealth, is open to all local public and is being run by state funding.

Cyber Attacks

Cyber Attacks Wireless Mobile Internet

45k Jenkins servers exposed to RCE attacks using public exploits

Bleeping Computer

JANUARY 29, 2024

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. [.]

Right of Publicity Claims Will Rise as States Address AI Deepfakes and Voice Cloning

SecureWorld News

APRIL 16, 2024

Right of Publicity (ROP) claims, like the state statutes and common law upon which they rely, are varied in substance and outcome. Tennessee's ELVIS Act Liability Prior to the amendment, Tennessee's existing right of publicity law, the Personal Rights Protection Act of 1984, Tenn. Code § 47-25-1101 et seq.

Artificial Intelligence

Artificial Intelligence Advertising Technology Internet

Spotify reportedly makes users' private playlists public

Bleeping Computer

JULY 14, 2023

In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. [.]

Technology

Technology Software

The Hidden Dangers of Public Wi-Fi

The Hacker News

AUGUST 24, 2023

Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. Next, let's explore the risks of connecting to public Wi-Fi, both for you personally and for businesses.

Risk

Google Public DNS’s approach to fight against cache poisoning attacks

Google Security

MARCH 28, 2024

Tianhao Chi and Puneet Sood, Google Public DNS The Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.

DNS

DNS Internet Internet Encryption

One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data

eSecurity Planet

NOVEMBER 17, 2022

Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. The answer, according to Laminar, is a data-centric view rather than an infrastructure-centric one, cataloging all data in your cloud environment to ensure that sensitive information is kept private while public files remain accessible.

Data privacy

Data privacy Risk Marketing Passwords

US Department Of Defense CyberSecurity Contest To Open To The Public

FBI Advising People to Avoid Public Charging Stations

Webinars

Trending Sources

Demystifying Cybersecurity’s Public Companies

Webinars

Cyber Public Health

Many Public Salesforce Sites are Leaking Private Data

Navigating Public Company Cybersecurity Disclosures

Me on Public-Interest Tech

Cisco discloses root escalation flaw with public exploit code

Google moves to keep public sector cybersecurity vulnerabilities leashed

CISA makes its "Malware Next-Gen" analysis system publicly available

Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Toronto Public Library Under Cyberattack

Cybersecurity for the Public Interest

Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover

Cybersecurity for the Public Interest

New Publication From the Cloud Security Alliance (CSA): Hardware Security Modules as a Service

git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files

How SE Helped Me in Public Speaking

Protect yourself and your business on public Wi-Fi

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

When Is Data "Public"? (And 2.5M Public Factual Records in HIBP)

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Public Cloud Security Explained: Everything You Need to Know

CISA Announces Malware Next-Gen Analysis for Public Access

Boston Public Library Hit by Cyberattack

Public AI as an Alternative to Corporate AI

MDIC Annual Public Forum

Meta is using your public Facebook and Instagram posts to train its AI

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation

Securing Public Sector Against IoT Malware in 2024

Hackers are exploiting critical Apache Struts flaw using public PoC

DuckDuckGo browser for Windows available for everyone as public beta

Two public schools in Michigan hit by a ransomware attack

Boston Public Library hit by Cyber Attack

45k Jenkins servers exposed to RCE attacks using public exploits

Right of Publicity Claims Will Rise as States Address AI Deepfakes and Voice Cloning

Spotify reportedly makes users' private playlists public

The Hidden Dangers of Public Wi-Fi

Google Public DNS’s approach to fight against cache poisoning attacks

One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data

Stay Connected