IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord

Read Time:24 Second

Jack Teixeira, the 22-year-old former Air National Guardsman who leaked hundreds of classified documents online, has been sentenced to 15 years in prison.

Teixeira, who served as an IT specialist at Otis Air National Guard Base in Massachusetts, was arrested in April 2023 after abusing his privileged position to share highly-sensitive documents with friends he had met via a Discord server focused on video gaming and guns.

Read more in my article on the Hot for Security blog.

Read More

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Read Time:26 Second

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.

This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

The post New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones appeared first on Schneier on Security.

Read More

LevelBlue Cybersecurity Awareness Month Recap

Read Time:3 Minute, 10 Second

Each year, Cybersecurity Awareness Month serves as a reminder of the critical role that cybersecurity plays in our lives. Every October, LevelBlue champions this initiative which brings awareness to cyber risks, and promotes best practices to protect against growing cyber threats.

Throughout the month, we focused the spotlight on cyber resilience – sharing key trends and insights through research, thought leadership, and social media.

LevelBlue Research on Cyber Resilience

This month LevelBlue released the 2024 Futures Report: Cyber Resilience in Financial Services and 2024 Futures Report: Cyber Resilience in Energy and Utilities, research highlighting trends around the barriers to cyber resilience in each industry. As attacks increase, compounded by the complexities of dynamic computing and an evolving threat landscape organizations are more vulnerable than ever. Notably, however, a key takeaway from our research was that despite acknowledging an increased exposure to risks, organizations believe computing innovation benefits outweigh the cybersecurity risks.

The LevelBlue Futures Reports also revealed common trends across both industries including:

72% and 77% of financial services and energy and utilities organizations respectively, indicate that digital transformation is an ongoing barrier to cybersecurity resilience
72% and 68% of financial services and energy and utilities organizations respectively, indicate that cyber resilience efforts are often siloed
62% and 61% of financial services and energy and utilities organizations respectively, reveal there’s a lack of understanding about cybersecurity at the board level

LevelBlue’s research outlines five key strategies for business leaders to follow to achieve cyber resilience. We encourage security and business leaders to leverage our research to start the conversation about cyber resilience in their organizations.

Insights from Our Executives on Cyber Resilience  

In addition to our research, LevelBlue executives offered valuable insights on the importance of Cybersecurity Awareness Month, emphasizing the ongoing need for vigilance and resilience in the face of evolving cyber threats.

Rakesh Shah, AVP – Product Management, shared his perspective with VMblog on how businesses should work to safeguard their most important assets during Cybersecurity Awareness Month – and beyond. He notes, “During a time when threat actors are leveraging generative AI to write targeted emails, impersonate public figures and personal contacts, as well as write new malware, we must act quickly and collaboratively. The pendulum will soon swing to the other side, as defenders and vendors invest in AI to counterbalance what the malicious actors are doing. We need to simplify security and take a page from the offense’s AI playbook, not just this Cybersecurity Awareness Month, but for years to come.”

Appearing on an episode of Security Guy TV, Rakesh discussed the importance of the Zero Trust security model to safeguard digital environments.

During October, LevelBlue proudly served as a Platinum sponsor for the 14th Annual Lonestar Application Security Conference (LASCON) in Austin, TX. The event attracts top speakers and attendees from around the world, offering a unique opportunity to gain cutting-edge knowledge from expertly curated sessions. Beyond cybersecurity insights, participants enjoyed hands-on experiences, from lock-picking workshops to thrilling bull rides.

Spreading Cybersecurity Awareness

To amplify the theme for Cybersecurity Awareness Month ‘Secure Our World’, LevelBlue took to social media to share tips and best practices for staying secure online. These tips focused on the best ways to combat the most common attacks including, spotting a phishing attack, the implementation of strong passwords and password management, the use of multifactor authentication, and the need for updated software to help best protect against malicious actors.

Throughout Cybersecurity Awareness Month and beyond, LevelBlue is committed to being an advocate and partner for organizations looking to achieve cyber resilience. Download the complete findings of the 2024 LevelBlue Futures Report for Financial Services here and Energy and Utilities here. For more information on LevelBlue and its managed security, consulting, and threat intelligence services, follow us on X and LinkedIn.

Read More

ZDI-24-1511: Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-49032.

Read More

Smashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?

Read Time:34 Second

Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil’s COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection… in a Travelodge outside Oxford.

Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there’s yet more headaches for troubled 23andMe.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Read More

xen-4.17.5-3.fc39

Read Time:12 Second

FEDORA-2024-b043effc6a

Packages in this update:

xen-4.17.5-3.fc39

Update description:

Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]

Read More