Schneier on Security
MAY 21, 2024
From Slashdot : Apple and Google have launched a new industry standard called “ Detecting Unwanted Location Trackers ” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.
Krebs on Security
MAY 21, 2024
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destructio
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 21, 2024
There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter comes from messaging security vendor IRONSCALES. I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce an
The Hacker News
MAY 21, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Speaker: Speakers:
They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.
Tech Republic Security
MAY 21, 2024
Trying to figure out how to install a VPN on your router? Read our step-by-step guide to help you get started.
The Hacker News
MAY 21, 2024
Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
MAY 21, 2024
A WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery events.
Security Affairs
MAY 21, 2024
Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor’s NAS products. An audit of QNAP QTS conducted by WatchTowr Labs revealed fifteen vulnerabilities, most of which have yet to be addressed. The most severe vulnerability is a flaw tracked as CVE-2024-27130. The issue is an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi,’ an unauthenticated attacker can exploit this issue
The Hacker News
MAY 21, 2024
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.
Security Affairs
MAY 21, 2024
The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Graham Cluley
MAY 21, 2024
US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea. Read more in my article on the Hot for Security blog.
Security Boulevard
MAY 21, 2024
Hospitals worldwide to be offered extended lifecycle support and security alongside five DOSIsoft solutions PALO ALTO, Calif. – May 21, 2024 – TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced an OEM partnership with France-based DOSIsoft, a leading provider of patient-specific imaging and dosimetry software solutions for radiation oncology and nuclear […] The post TuxCare and DOSIsoft Partner to Offer Ongoing Support and Cyber Protections for Radiation O
The Hacker News
MAY 21, 2024
A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads.
Security Boulevard
MAY 21, 2024
During RSAC 2024, Synack and Nasdaq hosted a lineup of cyber leaders who shared their varied paths to the industry, building teams, and managing bad days. The post Many Stumble Into Cybersecurity, But Leadership is By Design appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
MAY 21, 2024
A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.
Security Affairs
MAY 21, 2024
A vulnerability in the Fluent Bit Utility, which is used by major cloud providers, can lead to DoS, information disclosure, and potentially RCE. Tenable researchers have discovered a severe vulnerability in the Fluent Bit utility, which is used on major cloud platforms. Fluent Bit is an open-source, lightweight, and high-performance log processor and forwarder.
The Hacker News
MAY 21, 2024
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience.
Bleeping Computer
MAY 21, 2024
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
MAY 21, 2024
File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data.
Security Boulevard
MAY 21, 2024
Communications hijacking, also known as “conversation hijacking,” has emerged as a significant threat to organizations worldwide. This form of cyberattack involves unauthorized interception or redirection of communication channels, leading to data breaches, financial loss, and damage to an organization’s reputation. Real-time incident response is a critical strategy in mitigating the risks associated with conversation hijacking […] The post The Role of Real-Time Incident Response in Mitigating C
The Hacker News
MAY 21, 2024
The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show.
Security Boulevard
MAY 21, 2024
New York, NY, May 21, 2024, CyberNewsWire — Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates … (more…) The post News alert: Memcyco report reveals only 6% of brands can stop digital impersonation fraud first appeared on The Last Watchdog.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MAY 21, 2024
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. [.
Security Boulevard
MAY 21, 2024
Healthcare ransomware attacks are one example of cyberattacks for the healthcare sector due to the sensitivity of its data. In recent weeks, several attacks and data breaches have been identified, highlighting the sector’s target for ransomware groups and unwanted data exfiltration. The following cases highlight the severity and scope of these attacks.
Bleeping Computer
MAY 21, 2024
Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. [.
Security Boulevard
MAY 21, 2024
Malicious actors are using AI to perpetrate phishing scams centered around website impersonation, a threat few businesses are prepared to combat. The post Digital Impersonation Fraud: a Growing Challenge for Brands appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureWorld News
MAY 21, 2024
On May 19, 2024, Minnesota officially joined the ranks of states enacting robust data privacy protections for consumers. The Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) was approved by the state legislature and is headed to the governor's desk for expected signature into law. The landmark legislation grants Minnesota residents a sweeping set of rights regarding how companies collect and use their personal data.
Security Boulevard
MAY 21, 2024
There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising … (more…) The post RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes first appeared on The Last Watchdog.
Bleeping Computer
MAY 21, 2024
Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. [.
Security Boulevard
MAY 21, 2024
Harnessing and interpreting data insights for actionable solutions lies at the heart of a robust cybersecurity strategy. For many SecOps teams, wrangling vast volumes of disparate data poses a significant challenge. Collecting and centralizing this data is essential for rapid threat detection and response within a SIEM, but it incurs exorbitant costs as data volumes […] The post How to Drive Down Skyrocketing Data Costs with the Only Cost-Optimized SIEM appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
185 
Let's personalize your content