96Articles
8Categories
2024-10-23Date
🚨 CISA KEV 2[−]
23 Oct KEVCISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in AttacksCISA has added a recent Microsoft SharePoint Server remote code execution vulnerability to the KEV catalog. The post CISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
23 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation , as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent a…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
23 OctRed Hat NetworkManager Flaw Allows Hackers to Gain Root AccessA recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on …GBHACKERS.COM
23 Oct KEVCISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-3…THEHACKERNEWS.COM
23 OctFortinet warns of new critical FortiManager flaw used in zero-day attacksFortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]BLEEPINGCOMPUTER.COM
23 OctLazarus hackers used fake DeFi game to exploit Google Chrome zero-dayThe North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [...]BLEEPINGCOMPUTER.COM
23 OctCVE-2024-0132 NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use VulnerabilityIn the Security Updates table, added Azure Kubernetes Service Node on Azure Linux and Azure Kubernetes Service Node on Ubuntu Linux because these product are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates…MSRC.MICROSOFT.COM
23 OctCVE-2024-43577 Microsoft Edge (Chromium-based) Spoofing VulnerabilityUpdated CWE value. This is an informational change only.MSRC.MICROSOFT.COM
23 OctVMware patches security vulnerability twiceMistakes can occur, but when the same problem occurs several times in a row, there may be a deeper problem. This is the case with VMware that had to publish a patch for the same security time for the second time in just a few months. Heap overflow found in VMware vCenter This pat…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
23 OctFour firms charged, fined over handling of SolarWinds hack disclosuresThe US Securities and Exchange Commission (SEC) on Tuesday charged four companies over their handling of the 2020 SolarWinds Orion software supply chain attack , stating they each made “materially misleading disclosures regarding cybersecurity risks and intrusions.” To settle, th…CSOONLINE.COM
23 OctMallox Ransomware Vulnerability Lets Victims Decrypt FilesResearchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a ransom. However,…GBHACKERS.COM
23 OctSecurity priorities emphasize CISO role on the riseAI is changing the nature of cybersecurity and that, in turn, is changing the nature of the CISO role. An overwhelming 98% of respondents to Foundry/CSO’s Security Priorities Study 2024 report significant benefits from using AI-enabled security technologies, up from 72% in 2023. …CSOONLINE.COM
23 Oct KEVCISA proposes new security requirements for businesses exposed to cyber espionageThe US Cybersecurity Infrastructure Security Agency (CISA) has proposed a set of security requirements to be fulfilled by organizations running sensitive business transactions with states posing national security and foreign policy threats to the US. The requirements, CISA said i…CSOONLINE.COM
23 OctHacker Advertises "Top Secret US Space Force (USSF) Military Technology Archive"submitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/hacker-advertise-secret-us-space-force-military-tech-archive/SH.ITJUST.WORKS
23 OctSamsung Zero-Day Vuln Under Active Exploit, Google Warnssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warnsSH.ITJUST.WORKS
23 OctCISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/cisa-warns-recent-microsoft-sharepoint-rce-flaw-exploited-in-attacks/SH.ITJUST.WORKS
23 OctMallox Ransomware Vulnerability Let Victims Decrypt Filessubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/mallox-ransomware-vulnerability/SH.ITJUST.WORKS
23 OctFortiGate admins report active exploitation 0-day. Vendor isn’t talking.submitted by kid to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/SH.ITJUST.WORKS
23 OctVMware fixes bad patch for critical vCenter Server RCE flawsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/SH.ITJUST.WORKS
23 OctIcePeony Hackers Exploiting Public Web Servers To Inject Webshellssubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/icepeony-hackers-webshells/SH.ITJUST.WORKS
23 OctSocket Raises $40 Million for Supply Chain Security TechSocket has raised $40 million in a Series B funding round to work on open source software supply chain security technology. The post Socket Raises $40 Million for Supply Chain Security Tech appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctHackers exploit 52 zero-days on the first day of Pwn2Own IrelandOn the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. [...]BLEEPINGCOMPUTER.COM
23 OctNews alert: INE Security shares cyber hygiene guidance for small- and medium-sized businessesCary, NC, Oct. 22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE R…LASTWATCHDOG.COM
23 Oct3 crucial considerations for your security awareness and training programScan recent headlines for news about breaches and it’s immediately apparent why leaders are concerned about their organization’s security posture. Recent Fortinet research shows that nearly 90% of enterprises experienced one or more breaches in the past year, and 67% of leaders s…CSOONLINE.COM
23 OctNew Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade DetectionNew variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Onl…THEHACKERNEWS.COM
23 OctNew Research: 140% Increase in Callback PhishingResearchers at Trustwave observed a 140% increase in callback phishing attacks between July and September 2024. Callback phishing is a social engineering tactic that involves emails and phone calls to trick users into handing over login credentials or other sensitive data or inst…KNOWBE4.COM
23 OctFortinet Confirms Zero-Day Exploit Targeting FortiManager SystemsFortinet confirms zero-day exploits hitting remote code execution bug in the FortiManager platform. CVSS severity score 9.8/10. The post Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems appeared first on SecurityWeek .SECURITYWEEK.COM
23 Oct KEVFortinet Discloses Actively Exploited Zero-DayU.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack…DATABREACHTODAY.CO.UK
23 OctEmbargo Ransomware Disables Security DefensesNew Ransomware Group Deploys Rust-Based Tools in Attacks A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in Apr…DATABREACHTODAY.CO.UK
23 OctApplying a ‘three-box solution’ to identity security strategiesPhysical and network barriers that once separated corporate environments from the outside world no longer exist. In this new technological age defined by hybrid, multi-cloud, and SaaS, identities are the perimeter. Any one identity—workforce, IT, developer, or machine—can become …CSOONLINE.COM
23 OctThe rise of the machines and the growing AI identity attack surfaceIn 1968, a killer supercomputer named HAL 9000 gripped imaginations in the sci-fi thriller “2001: A Space Odyssey.” The dark side of artificial intelligence (AI) was intriguing, entertaining, and completely far-fetched. Audiences were hooked, and numerous blockbusters followed, f…CSOONLINE.COM
23 OctA Vulnerability in Fortinet FortiManager Could Allow for Remote Code ExecutionA vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most sev…CISECURITY.ORG
📢 SECURITY ADVISORIES 8[−]
23 OctCISA, DOJ Propose Rules for Protecting Personal Data Against Foreign AdversariesCISA and the DOJ are seeking comment on rules whose goal is to protect the personal data of Americans against foreign adversaries. The post CISA, DOJ Propose Rules for Protecting Personal Data Against Foreign Adversaries appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctStaff Stories Spotlight Series: Cybersecurity Awareness Month 2024This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interes…NIST.GOV
23 OctAI Industry Coalition Seeks to Codify US Safety InstituteTech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S.…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
23 OctRansomware Gangs Use LockBit's Fame to Intimidate Victims in Latest AttacksThreat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as t…THEHACKERNEWS.COM
23 OctThreat Actors Allegedly Selling Database of 1,000 NHS Email AccountsA database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has raised significant pri…GBHACKERS.COM
23 OctSophos übernimmt Secureworkswidth="2500" height="1406" sizes="(max-width: 2500px) 100vw, 2500px"> Die Bedrohungslage verschärft sich. Anbieter wie Sophos wollen ihren Kunden daher möglichst komplette Security-Pakete anbieten. TierneyMJ – shutterstock.com Security-Anbieter Sophos hat bekanntgegeben, Securewo…CSOONLINE.COM
23 OctGrayscale Investments Data Breach Exposes 693K User Records Reportedly AffectedGrayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post on X by us…GBHACKERS.COM
23 OctDeutsche Unternehmen stecken immer mehr Geld in IT-Securitywidth="2500" height="1406" sizes="(max-width: 2500px) 100vw, 2500px"> arda savasciogullari – shutterstock.com Erstmals investieren deutsche Unternehmen mehr als zehn Milliarden Euro jährlich in IT-Security. Im laufenden Jahr sollen sich die entsprechenden Ausgaben hierzulande auf…CSOONLINE.COM
23 OctUnmasking Prometei: A Deep Dive Into Our MXDR FindingsHow does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks …TRENDMICRO.COM
23 OctTricky CAPTCHA Caught Dropping Lumma Stealer Malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/trick-captcha-lumma-stealer-malwareSH.ITJUST.WORKS
23 OctNotLockBit Ransomware Can Target macOS DevicesA file-encrypting malware family posing as the LockBit ransomware has been observed targeting macOS systems. The post NotLockBit Ransomware Can Target macOS Devices appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctAvast Releases Free Decryptor for Mallox RansomwareAvast has released a decryptor for the Mallox ransomware after identifying a weakness in its cryptographic schema. The post Avast Releases Free Decryptor for Mallox Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctPermiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming LargeIdentity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but a…THEHACKERNEWS.COM
23 OctRansomware Gang Attack Tactics Have ShiftedA recent analysis of the ransomware group   Meow   raises the notion that groups are evolving from using encryption as a tactic to more profitable and cost-effective methods.KNOWBE4.COM
23 OctSmashing Security podcast #390: When security firms get hacked, and your new North Korean remote workerThe SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan? All this and much much more is discu…GRAHAMCLULEY.COM
23 OctEmbargo ransomware: Rock’n’RustNovice ransomware group Embargo is testing and deploying a new Rust-based toolkitWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 22[−]
23 OctISC Stormcast For Wednesday, October 23rd, 2024 https://isc.sans.edu/podcastdetail/9192, (Wed, Oct 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 OctUser-Experience-Irrwege: 5 Fehler, die Ihre Sicherheit gefährdenÜbermäßig komplexe, unnötige oder unsinnige Sicherheitsmaßnahmen können Mitarbeiter nachhaltig frustrieren. Das schafft neue Risiken. Foto: vchal | shutterstock.com Je mehr Zwang besteht, Systeme und Daten zu schützen, desto besser ist es um die Security bestellt. So zumindest di…CSOONLINE.COM
23 OctTor Browser 14.0 Released With New Android Circuit OptionsTor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while also addressing…GBHACKERS.COM
23 OctWhite Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024Pwn2Own Ireland 2024 participants have earned half a million dollars on the first day for hacking NAS devices, cameras, speakers and printers. The post White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctMassive data leak hits Mexican healthcare sector with over 5 million at risksubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/ecaresoft-data-leak/SH.ITJUST.WORKS
23 OctMicrosoft blocks Windows 11 24H2 update for some PCs following bug onslaughtsubmitted by kid to cybersecurity 1 points | 0 comments https://www.zdnet.com/article/microsoft-blocks-windows-11-24h2-update-for-some-pcs-following-bug-onslaught/SH.ITJUST.WORKS
23 OctIBM Boosts Guardium Platform to Address Shadow AI, Quantum CryptographyIBM is updating and upgrading its Guardium platform to provide security for the two primary new technology problems: AI models and quantum safety. The post IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctThe Global Surveillance Free-for-All in Mobile Ad DataNot long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional ba…KREBSONSECURITY.COM
23 OctLatrodectus Malware Increasingly Used by Cybercriminalssubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/latrodectus-malware-increasingly-used-by-cybercriminals/SH.ITJUST.WORKS
23 OctSIGA Launches OT Cybersecurity Suite for CISOsSIGA has launched SigaML2, a solution described as a multi-layer machine learning process-oriented OT cybersecurity suite. The post SIGA Launches OT Cybersecurity Suite for CISOs appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctAI hallucinations can pose a risk to your cybersecurityIn early 2023, Google’s Bard made headlines for a pretty big mistake, which we now call an AI hallucination. During a demo, the chatbot was asked, “What new discoveries from the James Webb Space Telescope can I tell my 9-year-old about?” Bard answered that JWST,…SECURITYINTELLIGENCE.COM
23 OctResearchers Reveal 'Deceptive Delight' Method to Jailbreak AI Modelssubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2024/10/researchers-reveal-deceptive-delight.htmlSH.ITJUST.WORKS
23 OctDemocratising CybersecurityPalo Alto Networks and BT combine our best-in-class firewalls with BT’s top-tier Managed Security Services. The post Democratising Cybersecurity appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 OctReality Defender Banks $33M to Tackle AI-Generated DeepfakesNew York startup raises $33 million in an expanded Series A round to build technology to detect deepfake and AI-generated media. The post Reality Defender Banks $33M to Tackle AI-Generated Deepfakes appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctMeta Tests Facial Recognition to Curb Deepfake ScamsFirm Won't Deploy Feature in the EU, UK Due to Data Collection Norms Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify …DATABREACHTODAY.CO.UK
23 OctGoogle SynthID Adding Invisible Watermarks to AI-Generated ContentGoogle has released new technology to embed watermarks and flag AI-generated content across text, images, audio, and video. The post Google SynthID Adding Invisible Watermarks to AI-Generated Content appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctHas the time come for integrated network and security platforms?Platformization isn’t a new trend, but there’s renewed focus from a number of vendors, including Fortinet , Palo Alto, HPE Aruba, and Cisco , as enterprises weigh the appeal of combining network and security features in a single overarching platform. Palo Alto Networks created so…NETWORKWORLD.COM
23 OctAre Automatic License Plate Scanners Constitutional?An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, ph…SCHNEIER.COM
23 OctCloud Defender Stream.Security Raises $30M, Eyes US GrowthAI-Powered Cloud Remediation, Multi-Cloud Support at Core of Series B Investment With a $30 million boost from Series B funding, Stream.Security will enhance its cloud security offerings. The company’s focus includes auto-remediation, faster, AI-driven threat responses, increased…DATABREACHTODAY.CO.UK
23 OctWhite House Reviewing Updates to HIPAA Security RuleProposal Will Be Open for Public Comment Next, But Will It Go Anywhere? The Department of Health and Human Service last Friday submitted for White House review long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersec…DATABREACHTODAY.CO.UK
23 OctSIEM: Shakeup in Event Management - What's Happening in the SIEM market today? - Seth ... - ESW #377The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: - market changes and terminology: security analytics, data lakes, SIEM - what is SOAR's role in the curren…YOUTUBE.COM
23 OctRisky Business #767 – SEC fines Check Point, Mimecast, Avaya and Unisys over hacksOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsof…RISKY.BIZ
🌐 CYBER THREAT LANDSCAPE 2[−]
23 OctThink You’re Secure? 49% of Enterprises Underestimate SaaS RisksIt may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it’s no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize S…THEHACKERNEWS.COM
23 OctRussia Hit By DDoS During BRICS SummitPACKETSTORMSECURITY.COM
📡 INFOSEC NEWS 17[−]
23 OctResearchers Reveal 'Deceptive Delight' Method to Jailbreak AI ModelsCybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models (LLMs) during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed De…THEHACKERNEWS.COM
23 OctAddressing the cybersecurity skills shortage in SMBsWhile organizations of all sizes are impacted by the shortage of cybersecurity professionals, smaller organizations feel its impact most sharply.SOPHOS.COM
23 OctID card selfie: pros and cons | Kaspersky official blogIs it safe to send a selfie with your ID card in hand? No, but often it's unavoidable. We explain how to minimize the risks.KASPERSKY.COM
23 OctEverybody Loves Bash Scripts. Including Attackers., (Wed, Oct 23rd)Today our "First Seen" page displayed a number of simple URLs: ISC.SANS.EDU
23 OctSophosAI team presents three papers on AI applied to cybersecurity at CAMLISOn October 24 and 25, SophosAI presents ideas on how to use models large and small—and defend against malignant ones.SOPHOS.COM
23 OctGoogle to let businesses create curated Chrome Web Stores for extensionsGoogle has announced it will soon allow organizations to create their own curated "Enterprise Web Store" of company-sanctioned browser extensions for Chrome and ChromeOS, aimed at improving productivity, security, and management for businesses. [...]BLEEPINGCOMPUTER.COM
23 OctWiz hopes to hit $1B in ARR in 2025 before an IPO, after turning down Google’s $23BWiz co-founder Roy Reznik said the company hit $500 million in annual recurring revenue this year, and still thought it could double that in 2025. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
23 OctCongratulations to the Top MSRC 2024 Q3 Security Researchers!Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3 Security Researcher Leaderboa…MSRC.MICROSOFT.COM
23 OctWhatsApp now encrypts contact databases for privacy-preserving synchingThe WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. [...]BLEEPINGCOMPUTER.COM
23 OctWhy Vetting AI Vendor Security Is Critical in HealthcareIt's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek of the law firm Crowell & Moring.DATABREACHTODAY.CO.UK
23 OctWindows 11 KB5044380 preview update lets you remap the Copilot keyMicrosoft has released the optional KB5044380 Preview cumulative update for Windows 11 23H2 and 22H2, which brings seventeen changes, including a new Gamepad keyboard and the ability to remap the Copilot keyboard key. [...]BLEEPINGCOMPUTER.COM
23 OctHow to Thrive in a Distributed TeamTips for Employers on Securing the Home Environment and Promoting Better Hygiene Remote work is a critical part of the future of cybersecurity and many other industries. For those who continue to work remotely or in a hybrid model, the need for robust cybersecurity practices need…DATABREACHTODAY.CO.UK