Support trusted, local journalism today! NH News New Hampshire Public Radio | By Published June 7, 2024 at 4:47 PM EDT New Hampshire Public Radio leaders say they’re working with cybersecurity experts
U.S. officials recently warned about pro-Russian hackers targeting poorly secured water systems around the country. While the U.S. was issuing this notice, the Russian government was advancing its own
WASHINGTON, May 30 (Reuters) - - An unidentified hacking group launched a massive cyberattack on a telecommunications company in the U.S. heartland late last year that disabled hundreds of thousands o
Serial tech and digital privacy critic Senator Ron Wyden (D-OR) laid into UnitedHealth Group's (UHG) CEO for appointing a CISO Wyden deemed "unqualified"– a decision he claims likely led to its ransom
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. The security issue was discovered int
Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. The high-severity issue tracked as CVE-2024-467
Earlier this week, the Cybersecurity & Infrastructure Security Agency (CISA) announced that 68 tech companies — notably including heavyweights such as Google and Microsoft — signed the agency’s volunt
Every year Verizon publishes the best hope we have of scouring real world evidence of attacks and their impacts in the Verizon Data Breach Investigations Report (DBIR). I, the lucky daedric prince of
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Ut
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to vie
oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise Products Openwall GNU/*/Linux server OS Linux Kernel Runtime Guard John the Ripper password cracker Free & Open Source f
Internet Backdoor in a string of binary code in a shape of an eye. Getty Images Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions
The scourge of software supply chain attacks—an increasingly common hacking technique that hides malicious code in a widely used legitimate program—can take many forms. Hackers can penetrate an update
Cybersecurity Roundup: January 30, 2024 18 hours ago This week: the notorious NSA Furby memo (“NSA FURBIE ALERT”) is finally made public; Google and Apple rolling out privacy-threatening AI into messa
Yesterday I provided testimony to Congress about the CTI League and addressed the allegations that it is somehow part of a government censorship apparatus. Part of that testimony is in our statement l
WASHINGTON, Dec 6 (Reuters) - Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. In a letter to the Department of Justice
8 min read·2 days ago How can you know how many security jobs there are if there’s no real statistical data available? https://imgflip.com/i/87fumc Millions of information security jobs As I wrote in
GPTs & Assistants API - Code Interpreter Data Exfiltration evren's blog GPTs and Assistants API: Data Exfiltration and Backdoor Risks in Code Interpreter OpenAI DevDay, in San Francisco. “You can buil
Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week. The company detected evidence of the
Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overha
Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defe
The great thing about the security industry is it’s made up of a variety of roles and people from many backgrounds, disciplines, skill sets and lived experiences. Let’s take a look at some of these -
FTC Expands Financial Data Breach Reporting Requirements https://www.databreachtoday.com/ Become A Premium Member News All News Articles Interviews Blogs Videos Compliance Healthcare's Ransomware Atta
Written by Gary DeMercurio of Caliber Security Partners, reposted from LinkedIn Out of 1,000 employees, statistically, 162 of them will allow an attacker into your company. About a week ago, someone s
Report this article Mark Curphey Co-Founder Crash Override Published Oct 26, 2023 + Follow I am an old git. I am 54. Yes, I do look much younger, thanks for noticing. If you are an old git like me, th
Update October 20, 16:15 EDT: Added BeyondTrust incident details.
Update October 20, 18:59 EDT: Added Cloudflare incident details.
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen…
Enlarge 1Password 1Password, a password manager used by millions of people and more than 100,000 businesses, said it detected suspicious activity on a company account provided by Okta, the identity an
Welcome to The Cybersecurity 202! My cat Julius “Jules” Jonas Jonah Jameson has been extra-angelic of late. He’s always superb, but he’s just on another level of awesomeness recently. Was this forward
Data Breaches UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. October 16, 2023 Whatsapp Email The British watchdog Financial
Defense & Security Yomiuri Shimbun file photoDigital minister Taro Kono 17:52 JST, October 17, 2023 Japan has joined an international framework backed by cyber powers, including the United States, the
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer suppo
Published inStarting Up Security · 7 min read· Oct 9, 2023 -- The Exploit Prediction Scoring system (EPSS) is great. You might like it, too, if you deal with large amounts of vulnerabilities. The Hand
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal aut
Enlarge Miragec/Getty Images Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.
Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray. It's supported by the Cyber Initiative at the Hewlett Foundation and this week's edition is brought
In 2021, I performed a security audit of The Squid Caching Proxy. Squid is by far the most well known open-source forwarding HTTP proxy, and is used in many contexts, like corporations that want to fi
PROGRAM DESCRIPTION The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, Microsoft Copilot. Qualified submissions are
So I did it again. Proving I’m the most incompetent Security Hero EVER, I committed eight different access keys to a public GitHub repository for eight different AWS Accounts. What is fascinating is t
Keith Hoodlet