Author: HackWatchit

via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Incoming Asteroid’ appeared first on Security Boulevard.

With Safer Internet Day this week, it’s hard not to feel a little extra concern about our kids’ online safety. Today, our children and young adults are living and breathing a digital world that’s evolving faster than ever—one where scammers are now using AI-assisted smart tools like ChatGPT and DeepSeek to create malicious content that can trick even the savviest among us. To protect these young minds, some governments have taken bold steps. In Singapore and Australia, restrictions or complete bans to prevent young children under 16 years old from using the popular social media platform, Instagram. These measures recognize…

In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology of cyber crime, the resilience of security professionals and the behaviors of everyday users combine to form the human element of cybersecurity. Arguably, it’s the most unpredictable and influential variable in our digital defenses. To truly understand cybersecurity is to understand the human mind —…

Netwrix released the new component of Netwrix Privilege Secure, which simplifies secure remote access for distributed workforces and third-party vendors.  The new add-on reduces the attack surface by eliminating traditional VPN dependencies through granular, identity-based access control. It enables employees to access critical systems securely from any location, grants just-in-time privileges to reduce risks, and simplifies managing vendor and third-party access with temporary, controlled permissions. “As more organizations adopt Zero Trust Architecture, securing remote access has become an integral part of this strategy,” says Michael Tweddle, CPO at Netwrix. “Netwrix’s secure remote access capabilities allow organizations to apply Zero Trust policies…

On New Year’s Eve, the universities of Michigan and Alabama will face off in the third annual ReliaQuest Bowl in Tampa Bay. ReliaQuest continues to use this high-profile event to raise awareness of the importance of cybersecurity, as well as career opportunities within the cybersecurity industry. This year, ReliaQuest will take that commitment a step further, offering real-world cybersecurity training to the college campuses of the participating universities from this year and previous years’ ReliaQuest Bowl games, offering a two-day cybersecurity bootcamp at the respective schools. The labs program, which ReliaQuest developed over the past decade, gives students hands-on experience…

Jordan has been hanging around the tech industry for 25 years now and was baited hook, line, and sinker by Napster. He’s been part of the Black Hills Information Security team for a decade in various capacities and has been a part of Antisyphon Training’s amazing growth trajectory as an instructor. Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities early. Which detects? AD Enumeration via ADExplorer, BloodHound, and LDP.exe Kerberoasting and service principal attacks. Password sprays, credential stuffing,…

Answering the “What’s your greatest weakness?” question in a job interview can feel like trying to impress a cat. They’re evaluating you with judgmental looks on their faces and gauging if you’re worthy of their trust. This question is all about testing your self-awareness, honesty, and the ability to remain composed. Here’s the key tip: skip the worn-out “I’m a perfectionist” line. Instead, offer up a genuine weakness alongside your plan to tackle it. In doing so, you showcase your dedication to growth and your authenticity — traits that are undeniably appealing. In this article, you’ll learn: Sample answers to…

Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. zkLend is a decentralized money-market protocol built on Starknet, a Layer 2 scaling solution for Ethereum. It enables users to deposit, borrow, and lend various assets. The attack took place yesterday afternoon, with zkLend warning on X they were suffering a cybersecurity incident. According to the EthSecurity Telegram channel, the threat actors exploited a rounding error bug in zkLend’s smart contract mint() function. “The attacker manipulated the “lending_accumulator” to be very large at 4.069297906051644020, then took…

Vulnerabilities in the STARLINK telematics software used in late model passenger vehicles made by Subaru enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan. In a report published Thursday, noted researcher Sam Curry (zlz.bsky.social) revealed a now-patched flaw in Subaru’s STARLINK connected vehicle service that allowed him to access vehicle location information and driver data with nothing more than the vehicle’s license plate number, or the owner’s email address, Zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite- based high…