CCnews CampusCoin Student Feed Aggregator: Security

Security

view:

[B]

[W!]

[L!]

sort:

[S]

[N!]

filter:

[A]

[N!]

mark category

US-CERT Recently Published Vulnerability Notes

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 465

Schneier on Security

+ Whale Song Code—During the Cold War, the US Navy tried to make a secret code out of ...
+ Friday Squid Blogging: Searching for the Colossal Squid—A cruise ship is searching for the colossal squid. As usual, you ...
+ Long Article on GM Spying on Its Cars’ Drivers—Kashmir Hill has a really good article on how GM tricked its drivers...
+ The Rise of Large-Language-Model Optimization—The web has become so interwoven with everyday life that it is easy to...
+ Dan Solove on Privacy Regulation—Law professor Dan Solove has a new article on privacy regulation. In...
+ Microsoft and Security Incentives—Former senior White House cyber policy director A. J. Grotto talks ab...
+ Using Legitimate GitHub URLs for Malware—Interesting social-engineering attack vector : McAfee released a ...
+ Upcoming Speaking Engagements—This is a current list of where and when I am scheduled to speak: ...
+ Friday Squid Blogging: The Awfulness of Squid Fishing Boats—It’s a pretty awful story . As usual, you can also use this ...
+ Smuggling Gold by Disguising it as Machine Parts—Someone got caught trying to smuggle 322 pounds of gold (that’...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 424

CyberScoop - News

+ CISA unveils guidelines for AI and critical infrastructure—CISA unveils guidelines for AI and critical infrastructure ...
+ Cyberattack hits Georgia county at center of voting software breach—html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 421

SANS - Internet Stormcenter

+ ISC StormCast for Monday, April 29th, 2024—Okta warns of increase in credential stuffing https://sec.okta.com/...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 2:24am. Score: 394

Schneier on Security

+ Whale Song Code—During the Cold War, the US Navy tried to make a secret code out of ...
+ Friday Squid Blogging: Searching for the Colossal Squid—A cruise ship is searching for the colossal squid. As usual, you ...
+ Long Article on GM Spying on Its Cars’ Drivers—Kashmir Hill has a really good article on how GM tricked its drivers...
+ The Rise of Large-Language-Model Optimization—The web has become so interwoven with everyday life that it is easy to...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 345

US-CERT Technical Cyber Security Alerts

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 329

Google Online Security Blog

+ Google Public DNS’s approach to fight against cache poisoning attacks—Tianhao Chi and Puneet Sood, Google Public DNS The Domain...
+ Address Sanitizer for Bare-metal Firmware—Posted by Eugene Rodionov and Ivan Lozano, Android Team With stead...
+ Real-time, privacy-preserving URL protection—Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonath...
+ Vulnerability Reward Program: 2023 Year in Review—Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we ...
+ Secure by Design: Google’s Perspective on Memory Safety—Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Se...
+ Piloting new ways of protecting Android users from financial fraud —Posted by Eugene Liderman, Director of Mobile Security Strategy, Googl...
+ Improving Interoperability Between Rust and C++—Posted by Lars Bergstrom – Director, Android Platform Tools & Libr...
+ UN Cybercrime Treaty Could Endanger Web Security—Royal Hansen, Vice President of Privacy, Safety and Security Engineeri...
+ Scaling security with AI: from detection to solution—Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Now...
+ Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager—Posted by Sherif Hanna, Group Product Manager, Pixel Security He...
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 315

CISA NCAS - ANALYSIS REPORTS

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 303

PaloAltoNetworks - Blog

+ More on the PAN-OS CVE-2024-3400—On April 10, 2024 Palo Alto Networks Product Security Incident Respons...
+ Palo Alto Networks Recognized by Gartner as a Leader in SSE Report—Palo Alto Networks Named a Leader in 2024 Gartner® Magic Quadrant™ for...
+ The Evolving Threat of Ransomware — A Call to Action for Cybersecurity—In the ever-evolving landscape of cybersecurity, the specter of ransom...
+ What’s Next in Cortex — XSIAM for Cloud and Other Innovations—Tackling Diverse SecOps Challenges Simultaneously Security operati...
+ Google Cloud and Palo Alto Networks Deliver Cloud-Native NGFW Service—Google Cloud and Palo Alto Networks are excited to announce the genera...
+ Entering the Next Chapter of SASE at InterSECt 2024—Change is a fact of life and digital transformation. It comes with how...
+ Unleash Platform Power with Strata Cloud Manager’s Command Center—Revolutionizing Network Security Every week, we get the privilege o...
+ The Power of AI Assistants and Advanced Threat Detection—Smarter Security ...
+ Palo Alto Networks 2023 ESG Report — Securing Our Digital Future—At Palo Alto Networks, we protect organizations and vital social struc...
+ AI, Cybersecurity and the Rise of Large Language Models—Artificial intelligence (AI) plays a crucial role in both defending ag...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 292

CISA NCAS ALERTS

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:38am. Score: 275

The Hacker News

+ China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale—A previously undocumented cyber threat dubbed Muddling Meerkat&nb...
+ Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM—It comes as no surprise that today's cyber threats are order...
+ New R Programming Vulnerability Exposes Projects to Supply Chain Attacks—A security vulnerability has been discovered in the R progra...
+ Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover—Multiple critical security flaws have been disclosed in the Judge0 ope...
+ Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks—Identity and access management (IAM) services provider Okta has warned...
+ Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw—Cybersecurity researchers have discovered a targeted operation against...
+ Bogus npm Packages Used to Trick Software Developers into Installing Malware—An ongoing social engineering campaign is targeting software...
+ Severe Flaws Disclosed in Brocade SANnav SAN Management Software—Several security vulnerabilities disclosed in Brocade SANnav storage a...
+ 10 Critical Endpoint Security Tips You Should Know—In today's digital world, where connectivity is rules all, endpoi...
+ New 'Brokewell' Android Malware Spread Through Fake Browser Updates—Fake browser updates are being used to push a previously und...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 253

eWeek - Security - RSS Feed

— No new articles available.
show more ...

As of 4/29/24 12:15pm. Last new 4/22/24 3:39am. Score: 232

+ James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape—If state-sponsored actors are after one thing, it’s to spread f...
+ The private sector probably isn’t coming to save the NVD—I wrote last week about the problems arising from the massive back...
+ Talos IR trends: BEC attacks surge, while weaknesses in MFA persist—Business email compromise (BEC) was the top threat observed by Cisco T...
+ ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices—ArcaneDoor is a campaign that is the latest example of state-sponsored...
+ Suspected CoralRaider continues to expand victimology using three information stealers—By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talo...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 230

Homeland Security News Wire

+ COVID May Have Eroded Doctors' Belief That They Are Obligated to Treat Infectious Patients—4/26/24 ...
+ Lawmakers Call for Accountability Over Pro-Hamas Campus Violence—4/27/24 ...
+ Russia Accuses Ukrainian Energy Company Linked to Hunter Biden of Financing Terror—4/2/27 ...
+ Don’t Buy Moscow’s Shameless Campaign Tying Biden to Its Terrorist Attack—4/26/24 ...
+ Cybersecurity Researchers Spotlight a New Ransomware Threat – Be Careful Where You Upload Files—4/26/24 ...
+ Why the U.S. Will Stay Dominant in Undersea Warfare—4/26/24 ...
+ No, a Shadowy Figure Is Not Buying Tents for Columbia Student Protesters | The False Choice in the Debate Over Artificial Intelligence Regulation | Software Backdoor is a Wakeup Call for Cybersecurity, and more—4/27/24 ...
+ Pushing back Against China’s Fishing Practices | Is India an Autocracy? | The Strategic Unseriousness of Olaf Scholz—4/27/24 ...
+ Is the EU Ready to Ward Off Spies and Foreign-Influence Peddlers?—4/25/24 ...
+ White House Says Plans to Address Causes of Migration Show Results—4/25/24 ...
show more ...

As of 4/29/24 12:17pm. Last new 4/26/24 6:21pm. Score: 230

SecurityMagazine - Cybersecurity News

+ Experts weigh in on the MITRE nation-state cyberattack —MITRE Corporation announced that it was the target of a nation-state c...
+ Experts weigh in on Omni Hotel ransomware incident—Omni Hotels & Resorts was the recent target of a ransomware attack...
+ Security leaders respond to disruption of LabHost, a fraud website—LabHost, a notable phishing-as-a-service platform, was disrupted by in...
+ 72% of CISOs believe AI solutions may lead to security breaches—A new report surveyed more than 400 CISOs from the United States and t...
+ 93% of security leaders anticipate daily AI attacks by 2025—Security leaders predict that AI will become a more prevalent tool in ...
+ The real space race: Inside geopolitics and security of a $1.8T industry—In episode 22 of the Cybersecurity & Geopolitical Discussion, our ...
+ FTC issues refunds to Ring customers following privacy settlement—The FTC issues refunds after a settlement with Ring over charges the c...
+ 73% of security professionals failed to act upon security alerts—Many small and medium-sized enterprises lack the resources and abiliti...
+ 40% of organizations have AI policies for critical infrastructure—According to a recent study, 80% of cybersecurity decision makers say ...
+ New research discovers vulnerability in an archived Apache project—Research has discovered a vulnerability in an Apache project that coul...
show more ...

As of 4/29/24 12:17pm. Last new 4/29/24 12:17pm. Score: 225

Fortinet - Outbreak Alert

+ C-DATA Web Management System RCE Attack—FortiGuard labs observed a critical level of attack attempts in the wi...
+ Akira Ransomware—FortiGuard Labs continue to observe detections in the wild related to ...
+ PAN-OS GlobalProtect Command Injection Vulnerability—The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400...
+ Sunhillo SureLine Command Injection Attack—The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a ...
+ Nice Linear eMerge Command Injection Vulnerability—The vulnerability tracked as CVE-2019-7256 affecting an access control...
+ ConnectWise ScreenConnect Attack—Threat actors including ransomware gangs are seen exploiting newly dis...
+ Ivanti Connect Secure and Policy Secure Attack—Widespread exploitation of zero-day vulnerabilities affecting Ivanti C...
+ Outbreak Alert- Annual Report 2023—FortiGuard Labs published a total of 38 Outbreak Alerts in the year 20...
+ Androxgh0st Malware Attack—FortiGuard Labs continue to observe widespread activity of Androxgh0st...
+ Adobe ColdFusion Access Control Bypass Attack—FortiGuards labs observed extremely widespread exploitation attempts r...
show more ...

As of 4/29/24 12:17pm. Last new 4/25/24 11:15pm. Score: 213

HelpNetSecurity

+ UK enacts IoT cybersecurity law—The Product Security and Telecommunications Infrastructure (PSTI) Act ...
+ Silobreaker empowers users with timely insight into key cybersecurity incident filings—Silobreaker announced the addition of automatic collection, AI-enhance...
+ Okta warns customers about credential stuffing onslaught—Credential stuffing attacks have exploded this April, Okta warns, and ...
+ Researchers unveil novel attack methods targeting Intel’s conditional branch predictor—Researchers have found two novel types of attacks that target the cond...
+ DHS establishes AI Safety and Security Board to protect critical infrastructure—The Department of Homeland Security announced the establishment of the...
+ Prompt Fuzzer: Open-source tool for strengthening GenAI apps—Prompt Fuzzer is an open-source tool that evaluates the security of yo...
+ How insider threats can cause serious security breaches—Insider threats are a prominent issue and can lead to serious security...
+ AI is creating a new generation of cyberattacks—Most businesses see offensive AI fast becoming a standard tool for cyb...
+ Closing the cybersecurity skills gap with upskilling programs—The list of skills technologists and organizations need to succeed gro...
+ Anticipating and addressing cybersecurity challenges—In this Help Net Security round-up, we present excerpts from previousl...
show more ...

As of 4/29/24 12:17pm. Last new 4/28/24 9:06am. Score: 210

ThreatPost - Cryptography

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:39am. Score: 189

+ Should Cybersecurity Leadership Finally be Professionalized?—The majority opinion is that a cybersecurity professional body is long...
+ Kaiser Permanente Data Breach Impacts 13.4 Million Patients—US healthcare giant is warning millions of current and former patients...
+ Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual—Jennifer Leggio makes the case for more alcohol-free networking events...
+ Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated—An analysis conducted by Honeywell shows that much of the USB-borne ma...
+ Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies—Okta warned of a spike in credential stuffing attacks using anonymizin...
+ Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People—Financial Business and Consumer Solutions (FBCS) says compromised info...
+ Hackers Claim to Have Infiltrated Belarus’ Main Security Service—A Belarusian hacker activist group claims to have infiltrated the netw...
+ Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices—A new Android trojan named Brokewell can steal user’s sensitive inform...
+ Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day—More than 1,400 CrushFTP servers remain vulnerable to an actively expl...
+ Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses—More than 90,000 unique IPs are still infected with a PlugX worm varia...
show more ...

As of 4/29/24 12:17pm. Last new 4/28/24 2:05pm. Score: 181

Packet Storm Security

+ Kemp LoadMaster Unauthenticated Command Injection—This Metasploit module exploits an unauthenticated command injection v...
+ Debian Security Advisory 5675-1—Debian Linux Security Advisory 5675-1 - Security issues were discovere...
+ Doctor Appointment Management System 1.0 Cross Site Scripting—Doctor Appointment Management System version 1.0 suffers from a cross ...
+ Ubuntu Security Notice USN-6744-3—Ubuntu Security Notice 6744-3 - USN-6744-1 fixed a vulnerability in Pi...
+ Ubuntu Security Notice USN-6734-2—Ubuntu Security Notice 6734-2 - USN-6734-1 fixed vulnerabilities in li...
+ Ubuntu Security Notice USN-6733-2—Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in Gn...
+ Ubuntu Security Notice USN-6718-3—Ubuntu Security Notice 6718-3 - USN-6718-1 fixed vulnerabilities in cu...
+ Ubuntu Security Notice USN-6729-3—Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Ap...
+ Ubuntu Security Notice USN-6737-2—Ubuntu Security Notice 6737-2 - USN-6737-1 fixed a vulnerability in th...
+ Ubuntu Security Notice USN-6756-1—Ubuntu Security Notice 6756-1 - It was discovered that less mishandled...
show more ...

As of 4/29/24 12:17pm. Last new 4/26/24 1:03pm. Score: 155

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:39am. Score: 147

NIST - Standards

— No new articles available.
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:39am. Score: 138

NIST - Cybersecurity

+ NIST Workshop on the Requirements for an Accordion Cipher Mode 2024—FULL WORKSHOP DETAILS NIST will host a workshop on the development of ...
+ 2024 Iris Experts Group (IEG) Meeting—The Iris Experts Group (IEG) will hold their annual meeting on Thursda...
+ NICE Webinar: Empowering Refugee Communities in Cybersecurity Roles—Speakers: To be announced. Synopsis: Join us for an insightful webinar...
+ NICE Webinar: Equity Strategies in Youth Apprenticeship Programs and Partnerships—Speakers: To be announced. Synopsis: Youth apprenticeship delivers pai...
+ NICE Webinar: Reintegrating Justice-Involved Individuals into Cybersecurity Careers—Speakers: To be announced. Synopsis: Join us during Second Chance Mont...
+ Applicant’s Webinar: 2024 NICE RAMPS Funding Opportunity—The recording of this webinar will be available soon. The presentation...
+ The 35th Quest for Excellence® Conference—April 7–10, 2024 Gaylord National Harbor | #BaldrigeQuest COME. LEARN....
+ NIST Awards $3.6 Million for Community-Based Cybersecurity Workforce Development—The grants of roughly $200,000 each will go to 18 education and commun...
+ Enhancing Security of Devices and Components Across the Supply Chain—FULL WORKSHOP DETAILS NIST is hosting an in-person all-day workshop on...
+ NIST Releases Version 2.0 of Landmark Cybersecurity Framework—The agency has finalized the framework’s first major update since its ...
show more ...

As of 4/29/24 12:17pm. Last new 4/22/24 3:39am. Score: 116

Microsoft Support Content - Windows 10/11

+ Why can't I uninstall the Your Phone app? - Microsoft Support—An explanation as to why the Your Phone app can't be uninstalled from ...
+ April 23, 2024—KB5036979 (OS Build 19045.4355) Preview - Microsoft Support
+ KB5036534: Latest Windows hardening guidance and key dates - Microsoft Support
+ “An operating system wasn’t found” error when booting Windows - Microsoft Support—When trying to boot Windows, you receive the error: An operating syste...
+ Use Snipping Tool to capture screenshots - Microsoft Support—Learn how to use Snipping Tool to capture a screenshot, or snip, of an...
+ Supported mobile operators for the Mobile Plans app in Windows - Microsoft Support—Find out what mobile operators offer cellular data plans through the M...
+ Save or forget passwords in Microsoft Edge - Microsoft Support—Use Microsoft Edge settings to save user name and password information...
+ KB4073119: Windows client guidance for IT Pros to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities - Microsoft Support—Provides Windows client guidance for IT Pros to protect against specul...
+ Older versions of BattlEye software may not be compatible with Windows 10, version 1903 - Microsoft Support—There is a compatability issue with older versions of BattlEye softwar...
+ April 9, 2024—KB5036896 (OS Build 17763.5696) - Microsoft Support
show more ...

As of 4/29/24 12:17pm. Last new 4/27/24 3:43am. Score: 59