20 matches found
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts...
EUVD-2019-6152
Malware in sbrugna...
CVE-2024-24691
creationtimestamp| type| source ---|---|--- 2024-02-14 01:21:40+00:00| seen| https://t.me/ctinow/184347 2024-02-14 17:16:50+00:00| seen| https://t.me/ctinow/184832 2024-02-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1230 2024-03-06 07:07:24+00:00| seen|...
The US wants governments to commit to not paying ransoms
As the White House prepares to host its annual International Counter Ransomware Initiative CRI summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals. The CRI wants to enhance international cooperation to combat the growth of ransomware, and its ...
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...
[Security Nation] Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge
!\Security Nation\ Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challengehttps://blog.rapid7.com/content/images/2022/07/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod are joined again by Pete Cooper and Irene Pontisso of the UK...
[Security Nation] Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competition
!\Security Nation\ Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competitionhttps://blog.rapid7.com/content/images/2021/11/securitynationlogo--1-.jpg In this special bonus episode of Security Nation, Jen and Tod chat with Pete Cooper and Irene Pontisso fro...
Why FIDO2 is the Answer to Better Security
A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President...
Podcast: RSA Conference 2019 Preview
The RSA 2019 conference is right around the corner, kicking off next week in San Francisco. As they prepare to cover the show, Threatpost editors Lindsey O’Donnell, Tom Spring and Tara Seals break down the biggest news, stories and trends – from artificial intelligence and government security to...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Content Collector for SAP Applications (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Content Collector for SAP Applications. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
How public-private partnerships can combat cyber adversaries
For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote...
The Equifax Breach from a Geo Political Perspective
The Equifax breach stole names, addresses, birth dates, and credit card numbers for over 200,000 consumers. One might immediately assume that cyber criminals made the attack in order to sell the information to identity thieves who will run up fraudulent charges, file fake tax returns, defraud...
Hacker Who Hacked US Spy Chief, FBI & CIA Director Gets 5-Year in Prison
Remember "Crackas With Attitude"? The hacking group behind a series of embarrassing hacks that targeted personal email accounts of senior officials at the FBI, the CIA, and the White House, among other United States federal agencies in 2015. A member of Crackas With Attitude, who was arrested las...
The NSA Hack — What, When, Where, How, Who & Why?
You might have heard about the recent ongoing drama of NSA hack that has sparked a larger debate on the Internet concerning abilities of US intelligence agencies as well as their own security. Saturday morning the news broke that a mysterious group of hackers calling themselves "The Shadow Broker...
Meet the 18-Year-Old Who Hacked the Pentagon
Ask David Dworken when he was in tenth grade what a cross-site scripting vulnerability is and you might get a strange look from the Alexandria, Va., teen. Fast forward two years and pose the same question Dworken and you’ll get a well-versed answer from the now white hat hacker and recent high...
Hack The Pentagon Bug Bounty Opens April 18
The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain...
65 Sites Compromised in ZeroAccess Trojan Attacks
As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites. While the sites aren’t topically related, they’re all hosting advertisements injected with malicious code hosted on...
China Builds World's Fastest Supercomputer
China has developed a new supercomputer known as Tianhe-2 which is twice as fast as US and Japanese systems has been measured at speeds of 30.65 petaflops or 74 percent faster than the current holder of the world's-fastest-supercomputer title. Titan, the U.S. Department of Energy's fastest...
Analysis of STRATFOR Passwords Reveals Shoddy Security
A partial analysis of another massive leak of user passwords has again shone a light on the scourge of weak passwords used to protect sensitive data in online accounts, according to a report by The Tech Herald. Using the leaked password list from STRATFOR, the open source intelligence service tha...
Can someone be too connected?
There are those that would argue U.S. House Representative Pete Hoekstra is too connected. According to a recent article in a top security trade publication, Rep. Hoekstra sent tweets during his recent trip to Iraq. Some of the tweets included: “Just landed in Baghdad. I believe it may be first...