Krebs on Security
MAY 6, 2024
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.
Data Breach Today
MAY 7, 2024
Russian National Faces US Criminal Indictment, Sanctions The Russian national known as LockBitSupp, head of ransomware-as-a-service group LockBit, came under indictment Tuesday in U.S. federal court and faces sanctions from the U.S. Department of the Treasury. Prosecutors say LockBitSupp's real identity is Dmitry Yuryevich Khoroshev.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
MAY 8, 2024
This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows
Security Affairs
MAY 5, 2024
Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. According to the countdown active on the seized, law enforcement that are currently controlling the website will reveal the identities of the LockBitSupps and other members of the gang on May 7, 2024, at 14:00:00 UTC.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
WIRED Threat Level
MAY 8, 2024
An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
The Last Watchdog
MAY 7, 2024
SAN FRANCISCO — Cloud security is stirring buzz as RSA Conference 2024 ramps up at Moscone Convention Center here. Related: The fallacy of ‘security-as-a-cost-center’ Companies are clambering to mitigate unprecedented exposures spinning out of their increasing reliance on cloud hosted resources. The unfolding disruption of Generative AI — and rising compliance requirements — add to the mix.
Security Affairs
MAY 9, 2024
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY.
WIRED Threat Level
MAY 6, 2024
The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.
Data Breach Today
MAY 9, 2024
How Attacks Have Changed; New Insights Into How an Attack Affects the Business The fifth annual Sophos State of Ransomware Report combines year-on-year insights with brand-new areas of study. It includes a deep dive into ransom demands and ransom payments and shines new light on the role of law enforcement in ransomware remediation.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Collaboration 2.0
MAY 8, 2024
Mac VPNs should offer high performance, speed, and security. Here are our Mac VPN recommendations for 2024.
Security Affairs
MAY 6, 2024
Resecurity found a massive leak involving the exposure of personally identifiable information (PII) of over five million citizens of El Salvador on the Dark Web. Resecurity identified a massive leak of the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web , impacting more than 80% of the country’s population.
WIRED Threat Level
MAY 8, 2024
Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.
Data Breach Today
MAY 6, 2024
Oomnitza co-founder and CEO Arthur Lozinski discusses enterprise technology management - a solution that brings software, hardware and infrastructure asset management together in a single database and uses automation to set and enforce policies for the enterprise as a whole.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Schneier on Security
MAY 7, 2024
This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa
Security Affairs
MAY 9, 2024
Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793 , in BIG-IP Next Central Manager that can lead to device takeover. BIG-IP Next Central Manager (NCM) is a centralized management and orchestration solution offered by F5 Networks for their BIG-IP family of products.
WIRED Threat Level
MAY 7, 2024
Law enforcement officials say they’ve identified, sanctioned, and indicted the person behind LockBitSupp, the administrator at the heart of LockBit’s $500 million hacking rampage.
Data Breach Today
MAY 10, 2024
China-Linked Criminals Processed Orders Worth $50M: Security Research Labs Hackers linked to Chinese fraudsters are targeting online shoppers to steal credit card information, likely making off with about $50 million from victims in the United States and Western Europe who order premium shoes at discount prices on fraudulent deal websites.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
MAY 8, 2024
Philadelphia, Pa., May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments.
Security Affairs
MAY 8, 2024
The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans. The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.
WIRED Threat Level
MAY 4, 2024
Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news.
Data Breach Today
MAY 6, 2024
Ransomware, AI Technology and the Art of the Possible Are Hot Topics This Year ISMG editors are live at RSA Conference 2024 in San Francisco with an overview of opening-day speakers and hot topics including the dismal ransomware landscape, the unbridled growth of AI, security product innovation and deals, and regulatory trends. Join us for daily updates from RSA.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
The Last Watchdog
MAY 7, 2024
SAN FRANCISCO – The already simmering MSSP global market just got hotter. Related: The transformative power of GenAI/LLM This week at RSA Conference 2024 , AT&T announced the launch of LevelBlue – a top-tier managed security services business formed by an alliance with AT&T and WillJam Ventures. I had the chance to sit down earlier with Theresa Lanowitz , Chief Evangelist of AT&T Cybersecurity /Agent at LevelBlue, to discuss this alliance.
Security Affairs
MAY 9, 2024
Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet. Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet. In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and
WIRED Threat Level
MAY 10, 2024
TunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.
Data Breach Today
MAY 6, 2024
AI Investments and Global Expansion Set to Propel Growth After Separating From AT&T As Level Blue separates from AT&T, it focuses on harnessing artificial intelligence for advanced threat intelligence, targeting significant growth in international markets, and evaluating potential merger and acquisition opportunities to expand its geographic or technological footprint.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Jamf
MAY 8, 2024
Rocketman Tech helps organizations succeed with Jamf, offering consulting and tools to simplify the management process. In this blog, Chris Schasse — Founder, Owner and Lead Engineer at Rocketman Tech — recaps his in-depth comparison of Kandji and Jamf Pro.
Security Affairs
MAY 8, 2024
TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. A threat actor can use this technique to force a target user’s traffic off their VPN tunnel using built-in features of DHCP (Dynamic Host Configuration Protocol).
KnowBe4
MAY 10, 2024
One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests.
Expert insights. Personalized for you.
324 
Let's personalize your content