It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines – the pane within the Firefox browser's Page Inspector that depicts how a given element's…

A CrowdStrike senior executive apologized for causing a global software outage that ground the operations of hospitals, airports, payment systems and personal computers around the world to a halt in July. Adam Meyers, senior vice-president for counter-adversary operations at CrowdStrike, testified…

On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical…

We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda…

Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment. This comes as ransomware crew RansomHub boasted it had broken into the…

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. In sextortion emails, scammers pretend to have hacked your computer to steal images or videos of you performing sexual acts and demand…

The Justice Department is suing the Georgia Institute of Technology and an affiliate company, claiming they failed to meet the cybersecurity standards required for obtaining Pentagon contracts. The U.S. government had earlier joined a whistleblower suit brought by current and former members of…

Chinese government-backed hackers have penetrated deep into U.S. internet service providers in recent months to spy on their users, according to people familiar with the ongoing American response and private security researchers.

Telegram CEO Pavel Durov arrested at French airport 25 August 2024 Thomas Mackintosh & Will VernonBBC News Getty Images Pavel Durov founded Telegram in 2013 Telegram chief executive Pavel Durov has been arrested by French police at an airport north of Paris. Mr Durov was detained after his private…

Tech Analysis: Addressing Claims About Falcon Sensor Vulnerability August 07, 2024 | | Executive Viewpoint CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical…

Google's flagship Pixel smartphone line touts security as a centerpiece feature, offering guaranteed software updates for seven years and running stock Android that's meant to be free of third-party add-ons and bloatware. On Thursday, though, researchers from the mobile device security firm iVerify…

On Friday DEF CON security pulled Dmitry Grinberg, a person responsible for much of the code running on this year’s electronic conference badge, off stage while he was originally scheduled to talk about the badge’s creation. The move came as Grinberg and the company responsible for manufacturing the…

July 31 (Reuters) - CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause th

The Heritage Foundation’s nearly 1,000-page Project 2025 report is what the conservative DC-based think tank hails as a game plan for Donald Trump to follow in running the US government if he wins in November. Among the thirty-four authors of the document, more than half are appointees and staff…

Stu Sjouwerman | Jul 23, 2024 Incident Report Summary: Insider Threat First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing…

FACEPALM GOES HERE Secure Boot is completely broken on 200+ models from 5 big device makers Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway. Dan Goodin – Jul 25, 2024 2:00 pm | 201 Credit: sasha85ru | Getty Imates Credit: sasha85ru | Getty Imates Story text Size Width *…

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government…

The cybersecurity firm Wiz has turned down a $23bn (£18bn) takeover bid from Google’s parent, Alphabet, spurning what would have been the tech company’s biggest ever acquisition and seeking a stock market flotation instead. Alphabet had been in talks with Wiz, founded by alumni of Israel’s…

Bitdefender Enterprise July 02, 2024 The cybersecurity industry is facing significant challenges these days. According to the 2024 Cybersecurity Assessment industry report, nearly two-thirds of respondents plan to look for a new job in the next 12 months—a 25% increase from the previous year. Alert…

CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks on iOS and macOS apps, according to security…

Introduction & Overview Ollama is one of the most popular open-source projects for running AI Models, with over 70k stars on GitHub and hundreds of thousands of monthly pulls on Docker Hub. Inspired by Docker, Ollama aims to simplify the process of packaging and deploying AI models. Wiz Research…

We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work. Links: Azimuth Security Vigilant Labs Mark’s BlueHat Keynote…

U.S. officials recently warned about pro-Russian hackers targeting poorly secured water systems around the country. While the U.S. was issuing this notice, the Russian government was advancing its own cyber measure: a final-stage bill to legalize white hat hacking. White hat hacking, sometimes…

WASHINGTON, May 30 (Reuters) - - An unidentified hacking group launched a massive cyberattack on a telecommunications company in the U.S. heartland late last year that disabled hundreds of thousands o

Serial tech and digital privacy critic Senator Ron Wyden (D-OR) laid into UnitedHealth Group's (UHG) CEO for appointing a CISO Wyden deemed "unqualified"– a decision he claims likely led to its ransom

Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. The security issue was discovered int

​Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. The high-severity issue tracked as CVE-2024-467

Earlier this week, the Cybersecurity & Infrastructure Security Agency (CISA) announced that 68 tech companies — notably including heavyweights such as Google and Microsoft — signed the agency’s volunt

Every year Verizon publishes the best hope we have of scouring real world evidence of attacks and their impacts in the Verizon Data Breach Investigations Report (DBIR). I, the lucky daedric prince of

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Ut

Internet Backdoor in a string of binary code in a shape of an eye. Getty Images Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions

The scourge of software supply chain attacks—an increasingly common hacking technique that hides malicious code in a widely used legitimate program—can take many forms. Hackers can penetrate an update