DEF CON 32 - AppSec Village - Maturing Your Application Security Program - SheHacksPurple
1 1
Authors/Presenters:Tanya Janca Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely []DEF CON 32]2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink
2h ago
0 1
The road to cyber preparedness begins with studying organizations’ own vulnerabilities - and doing it often so that nothing escapes notice – rather than obsessing about the perils that live outside.
on Fri, 8PM
Major cyber attacks and data breaches of 2024
0 1
As 2024 draws to a close, the cybersecurity landscape continues to evolve, marked by both familiar adversaries and emerging threats with newer technologies and improved tactics. Rather than merely cataloguing breaches, we look into the anatomy of significant cyber attacks, associated...
on Fri, 2PM
These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER
0 0
‘Bobby’ flaw flagged WONTFIX: Company doesn’t make storage devices now; has zero interest in fixing this catastrophic vulnerability.
on Wed, 6PM
Apple Releases Draft Ballot to Shorten Certificate Lifespan to 45 Days
0 0
Earlier this week, on October 9, during the second day of the fall CA/Browser Forum Face-to-Face meeting, Apple revealed that it had published a draft ballot for commentary to GitHub. This proposal, which is sponsored by Sectigo, offers to incrementally phase maximum term for public SSL/TLS...
on Nov 8
Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’
0 0
That’s a lot of pain: $125,000 ransom seems small—but why do the scrotes want it paid in baguettes?
on Nov 6
Ô! China Hacks Canada too, Says CCCS
0 0
Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers.
on Nov 1
NIST Struggles with NVD Backlog as 93% of Flaws Remain Unanalyzed
0 0
The story could get worse, with Congressional Republicans proposing another 6% cut to the agency's budget.
on Nov 1
Citrix Boosts Security for Remote Application Accesses With “More Security Layers”
0 1
Connections on the internet are not secure by default, and bad actors frequently take advantage of users accessing organizations’ applications and
on Oct 31
DigiCert – It’s a Matter of Trust
0 0
Starlink encountered a high-profile outage in April that caused service to go down for several hours. The reason was an expired digital certificate.
on Oct 29
TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan
0 0
Dimon’s dollars (not yours): No, Chase Bank isn’t going to let you cash bad checks. It’s fraud—no matter what X and TikTok tell you.
on Oct 29
SonicWall Doubles Down on Edge Security With Risk-Based Connectivity and Threat Protection
0 0
The number of cybersecurity incidents has doubled since the pandemic and its costing organizations exorbitantly heavy tolls in direct and indirect losses,
on Oct 25
100 MILLION Americans in UnitedHealth PII Breach
0 0
Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten.
on Oct 25
FortiJump: Yet Another Critical Fortinet 0-Day RCE
0 0
FortiFAIL: Remote code execution vulnerability still not acknowledged by Fortinet after 10+ days’ exploitation.
on Oct 23
Is End-User Cybersecurity Training Useless? Spoiler Alert: It’s Not!
0 0
Chris Clements, VP of Solutions Architecture Because of the frequency of phishing attacks landing in user mailboxes and the severity of the consequences of a user falling for a lure, any improvement at all can make the difference between an organization suffering a breach. Detrimental Best...
on Oct 20
Understanding Security Needs at Security Field Day 12
0 0
Security Field Day 12 will take place October 16-17, 2024. You can watch the live-streaming video right here on the Techstrong family of sites or on the Tech Field Day website.
on Oct 18
Linux Persistence Mechanisms and How to Find Them
0 0
Linux persistence mechanisms are used by an attacker to maintain access to a compromised system, even after reboots or system updates. These allow attackers to regain control of a system without re-exploiting initial vulnerabilities. Persistence methods can vary in sophistication, from simple...
on Oct 18
Apple Enrages IT — 45-Day Cert Expiration Fury
0 0
CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators.
on Oct 18
Digital Crack for Kids: TikTok Sued Again by 14 AGs
0 0
For You Plague: TikTok’s in trouble once more—this time, some states complain it’s breaking laws by harvesting children’s data and keeping them addicted.
on Oct 10
Biggest Ever DDoS is Threat to OT Critical Infrastructure
0 0
Egyptian River Floods: Operational technology (OT) targeted in “world record” 3.8 Tb/s distributed denial of service (DDoS).
on Oct 4
Five Eyes Agencies Put Focus on Active Directory Threats
0 0
The U.S. and its Five Eyes alliance partners are warning enterprises techniques threat actors use to target Microsoft's Active Directory and ways that they can detect and mitigate such attacks.
on Oct 3
Countdown to CSAM: Choose your purpose for Security Awareness Month
0 0
Cyber Security Awareness Month is just around the corner, making now the perfect time to nail down the details. Whether you’re a security professional, part of
on Oct 2
Kia’s Huge Security Hole: FIXED (Finally)
0 0
Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable.
on Sep 30
DataDome: 95% of Advanced Bots Go Undetected on Websites
0 0
DataDome: 95% of Advanced Bots Go Undetected on Websites. New research finds e-commerce and luxury industries at highest risk for online fraud
on Sep 27
Congressional Staffers’ Data Leaked on Dark Web: Report
0 0
The personal information of almost 3,200 Capitol Hill staffers, including passwords and IP addresses, were leaked on the dark web by an unidentified bad actor after some victims used their work email addresses to sign up for online services, according to reports.
on Sep 26
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions
0 0
On September 17 and 18, a series of devastating explosions rocked Lebanon, resulting in 37 fatalities and nearly 3,000 injuries, according to the Lebanese Minister of Public Health. Initial investigations suggest these attacks were not mere accidents but rather the result of a sophisticated...
on Sep 20
E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it
0 0
No More Barf-Green Bubbles? GSM Association is “excited” to bring Apple and Google closer together, but encryption is still lacking.
on Sep 18
Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS
0 0
Week B: Bugs begone! This month Redmond fixes 79 security flaws in Windows and other products
on Sep 11
Cobalt Strike Attack: Threat Actors Leverage Phishing Emails
0 0
In the cybercrime landscape, Chinese users have been targeted with a new Cobalt Strike attack. Unidentified threat actors behind the campaign leverage phishing email for infecting Windows systems with the payload. In this article, we’ll determine how such an attack plays out and will go into...
on Sep 9
WordPress Sites at Risk from WPML Flaw
0 0
WordPress is the most widely used content management system globally, with over 478 million of all websites are built on its platform, according to its developers. However, this widespread popularity also makes WordPress a prime target for malicious actors. Because of this, cybersecurity...
on Sep 7
Russian ‘WhisperGate’ Hacks: 5 More Indicted
0 0
Eaten by a GRU: Fake ransomware created by Russian GRU Unit 29155 attacked Ukraine and NATO—a month before the full scale invasion.
on Sep 6
Yikes, YubiKey Vulnerable — ‘EUCLEAK’ FIDO FAIL?
0 2
USB MFA SCA😱: Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.
on Sep 4
China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target
0 0
Xi whiz: Versa Networks criticized for swerving the blame.
on Aug 28
Microsoft Security Update: 90 Critical Vulnerabilities Fixed
0 0
As a part of the Microsoft security update, the tech giant had released several fixes to address 90 critical security flaws. Reports claim that 10 of them have zero day vulnerabilities and 6 out of these 10 have fallen prey to threat actor attempts for exploitation. In this article, we’ll cover...
on Aug 28
‘Terrorgram’ Telegram Terrorists Trash Transformers — Grid in Peril
0 0
Should’ve listened to Edison: After the arrest of Pavel Durov—the Telegram CEO—comes news of domestic extremists using the chat app to organize.
on Aug 27
Potential Surge in Cryptocurrency Leaks
0 0
Increase in Cryptocurrency Leaks After Trump Supports Bitcoin Recently, Constella Intelligence has observed an increase in attacks and data breaches resulting in cryptocurrency leaks. This surge could be partly attributed to comments made by former President Donald Trump in support of Bitcoin,...
on Aug 27
Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail
0 0
Oink, oink, FAIL—you’re in jail: Kansas bank chief exec Shan Hanes stole money from investors, a church and others to buy cryptocurrency to feed a scam.
on Aug 23
The Growing Challenge of Headless Browser Attacks: How to Defend Your Digital Assets
0 0
In the escalating battle against malicious headless bots, basic detection methods are no longer sufficient. As cybercriminals refine their techniques and leverage headless browsers to automate attacks with increasing sophistication, the need for advanced detection strategies has never been more...
on Aug 23
The Risks of Running an End Of Life OS – And How To Manage It
0 0
EOL operating systems no longer receive critical security updates, leaving them highly vulnerable to evolving cybersecurity threats. End-of-life OSs often struggle to run modern software and hardware, resulting in compatibility issues, reduced performance, and lower productivity. Organizations...
on Aug 23
Striking a Balance Between Business Growth, Risk Management and Cybersecurity
0 0
Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity.
on Aug 23
Essential Linux Security Tools: A Comprehensive Overview for Security Professionals
0 0
Combining multiple Linux security tools to protect against various threats is crucial for a robust security posture. Effective use of security tools requires knowledge of their capabilities, configurations, and how to integrate them into a comprehensive security strategy. Implementing modern...
on Aug 16
Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION
0 2
KP♡TX PII: “General Motors has engaged in egregious business practices that violated Texans’ privacy … in unthinkable ways,” rants state attorney general Ken Paxton (pictured).
on Aug 15
The Future of Search: AI-Powered Transformation
0 1
The search landscape is undergoing a seismic shift. Traditional search engines are being challenged by AI-powered platforms like Perplexity and SearchGPT. This new era promises more personalized, intuitive, and efficient information retrieval. Are you ready for the future of search?
on Aug 15
August Patch Pileup: Microsoft’s Zero-Day Doozy Dump
0 2
See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste.
on Aug 14
WTH? DPRK WFH Ransomware Redux: 3rd Person Charged
0 1
North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ.
on Aug 13
QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
0 1
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR's own processes and altered the mechanism to gain unique, persistent, and fully undetectable capabilities. The post QuickShell: Sharing Is Caring about an...
on Aug 11
0 1
Authors/Presenters:Seunghoon Woo, Eunjin Choi, Heejo Lee, Hakjoo Oh Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim...
on Aug 10
Move From FedRAMP to DoD with Impact Level Assessment
0 1
We’ve written extensively before about FedRAMP’s impact levels. As a brief refresher, there are four: Li-SaaS, the lowest of the low-security levels, is made for non-critical cloud applications that handle no tangible CUI. Low Impact, which can handle some CUI, but is largely focused solely on...
on Aug 10
Sonatype's summer webinar series: Future cybersecurity requirements
0 1
Sonatype kicked off its Summer of Software Regulations & Compliance webinar series this week with a broad look at some of the key regulations on improving cybersecurity. Jen Ellis, one of the hosts of the Distilling Cyber Policy podcast, moderated a discussion with Alex Botting, her co-host and...
on Aug 10
Behind the Scenes at Black Hat 2024
0 1
The post Behind the Scenes at Black Hat 2024 appeared first on AI-enhanced Security Automation.
on Aug 10