Krebs on Security
JULY 12, 2024
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.
Tech Republic Security
JULY 19, 2024
Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death. CrowdStrike said the error has been fixed.Airports and law enforcement agencies were among the organizations hit by the Blue Screen of Death.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JULY 24, 2024
Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas. The post CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates appeared first on Security Boulevard.
Bleeping Computer
JULY 24, 2024
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
WIRED Threat Level
JULY 19, 2024
A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.
The Hacker News
JULY 23, 2024
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 10, 2024
Read about the new Cisco Talos report on the top ransomware groups’ techniques and learn how to mitigate this cybersecurity risk. Cisco Talos observed the TTPs used by 14 of the most prevalent ransomware groups based on their volume of attack, impact to customers and atypical behavior.
Security Boulevard
JULY 23, 2024
Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable. The post EFF Angry as Google Keeps 3rd-Party Cookies in Chrome appeared first on Security Boulevard.
Bleeping Computer
JULY 19, 2024
A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [.
WIRED Threat Level
JULY 24, 2024
A former Google engineer has built a search engine, WebXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
JULY 20, 2024
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.
Penetration Testing
JULY 8, 2024
The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code. The most severe vulnerability, CVE-2024-36138, is... The post CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows appeared first on Cybersecurity News.
Tech Republic Security
JULY 5, 2024
Travelling for work can open employees up to a new host of security threats, including insecure Wi-Fi networks, infected public charging ports and Bluetooth attacks.
Malwarebytes
JULY 12, 2024
In a déjà -vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of “nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023” In a filing with the Securities and Exchange Commission (SEC), AT&T said: “On April 19, 2024, AT&T Inc.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JULY 21, 2024
Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. [.
Security Boulevard
JULY 19, 2024
BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide. The post Global Outage Outrage: CrowdStrike Security Tool Blamed appeared first on Security Boulevard.
The Hacker News
JULY 24, 2024
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
Penetration Testing
JULY 24, 2024
A critical vulnerability, designated CVE-2024-39700, has been discovered in the widely-used JupyterLab extension template. This flaw could enable attackers to remotely execute code on affected systems, potentially leading to widespread compromise and data breaches.... The post CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 12, 2024
Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.
Malwarebytes
JULY 15, 2024
A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “#DisneySlackLeak #Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.
Bleeping Computer
JULY 20, 2024
Microsoft says the faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. [.
Security Boulevard
JULY 24, 2024
Identifying and addressing underlying issues and the root cause of them can lead to risk reduction, cost savings and better overall performance of a vulnerability management program. The post The Value in Root Cause Analysis for Vulnerability Management appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JULY 1, 2024
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability has been assigned the CVE identifier CVE-2024-6387.
Penetration Testing
JULY 5, 2024
On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this... The post Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak appeared first on Cybersecurity News.
Tech Republic Security
JULY 9, 2024
Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.
Malwarebytes
JULY 12, 2024
In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users says: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
JULY 21, 2024
Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. [.
Security Boulevard
JULY 3, 2024
While it's unlikely that quantum computers are currently in the hands of cybercriminals or hostile nation-states, they will be. The post How to Achieve Crypto Resilience for a Post-Quantum World appeared first on Security Boulevard.
The Hacker News
JULY 24, 2024
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
Penetration Testing
JULY 7, 2024
Cisco has issued a critical security advisory, warning users of a high-severity vulnerability (CVE-2024-6387) codenamed “regreSSHion” that affects the OpenSSH server component in various Cisco products and cloud services. This vulnerability could allow unauthorized... The post Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products appeared first on Cybersecurity News.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
303 
Let's personalize your content