Too Much ‘Trust,’ Not Enough ‘Verify’
“Zero trust” doesn’t mean “zero testing.”
darkreading – Read More
DNSSEC Denial-of-Service Attacks Show Technology’s Fragility
The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.
darkreading – Read More
These are the cybersecurity stories we were jealous of in 2024
The very best work from our friends at competing publications.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Trump 2.0 Portends Big Shift in Cybersecurity Policies
Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds’ role in cybersecurity.
darkreading – Read More
2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program
The 2025 National Defense Authorization Act (NDAA) has been signed into law and it authorizes several cyber-related initiatives.
The post 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program appeared first on SecurityWeek.
SecurityWeek – Read More
American Addiction Centers Data Breach Impacts 422,000 People
American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.
The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek.
SecurityWeek – Read More
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
Adobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists.
The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
“The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social
The Hacker News – Read More
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.
The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
The Hacker News – Read More
FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill
The bill allocates $3 billion to a Federal Communications Commission program, commonly called “rip and replace,” to get rid of Chinese networking equipment due to national security concerns.
The Record from Recorded Future News – Read More