Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Malware 269

Malware Cryptocurrency Software Phishing 269

Penetration Testing

FEBRUARY 28, 2024

Apache OFBiz, the popular open-source ERP framework, has recently been in the security spotlight. Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Risk 139

Tech Republic Security

FEBRUARY 28, 2024

Here are the top Secure Access Service Edge platforms that provide security and network functionality. Find the best SASE solution for your business needs.

150

150

Penetration Testing

FEBRUARY 28, 2024

The cybersecurity world is a battlefield of constant change – understanding your enemy’s weapons and strategies is key to survival. Enter GULoader, a malware favored by cybercriminals for its stealth, adaptability, and ability to... The post SVG Attacks: How GULoader Malware Sneaks into Your Network appeared first on Penetration Testing.

Penetration Testing 134

Penetration Testing Malware Cybersecurity 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

FEBRUARY 28, 2024

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [.

135

135

Tech Republic Security

FEBRUARY 28, 2024

Compare the differences between hide.me VPN's free and premium versions. Find out about the features, pros and cons of each option.

VPN 150

VPN 150

Tech Republic Security

FEBRUARY 28, 2024

TunnelBear VPN offers both free and paid versions, each with its own set of pros and cons. Learn about the differences and decide which one is right for you.

VPN 141

VPN 141

Bleeping Computer

FEBRUARY 28, 2024

The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. [.

Healthcare 128

Healthcare Ransomware 128

The Hacker News

FEBRUARY 28, 2024

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.

VPN 129

VPN Malware 129

Bleeping Computer

FEBRUARY 28, 2024

Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. [.

Technology 130

Technology 130

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Phishing 129

Phishing Identity Theft Scams Malware 129

The Hacker News

FEBRUARY 28, 2024

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory.

Healthcare 127

Healthcare Ransomware Government 127

Bleeping Computer

FEBRUARY 28, 2024

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. [.

Ransomware 122

Ransomware 122

Security Boulevard

FEBRUARY 28, 2024

A chart to future aviation industry cybersecurity best practices Digital transformation propels industries forward, and the aviation sector stands at the forefront of change, embracing technologies that promise efficiency, safety, and customer satisfaction. However, this digital elevation also brings significant cybersecurity challenges, with the aviation industry becoming a lucrative target for cybercriminals.

Digital transformation 117

Digital transformation Cybersecurity Technology Ransomware 117

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Tech Republic Security

FEBRUARY 28, 2024

Explore the differences between Speedify VPN Free and Premium versions, including features, benefits and which one is the best fit for your needs.

VPN 127

VPN 127

Penetration Testing

FEBRUARY 28, 2024

Cisco Talos has discovered a highly targeted and persistent phishing campaign preying on users in Mexico. The attackers are luring potential victims with financial-themed emails tailored to the region and then tricking them into... The post TimbreStealer: Stealthy Information Thief Targets Mexico appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Phishing 112

The Hacker News

FEBRUARY 28, 2024

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement.

Risk 117

Risk 117

Security Boulevard

FEBRUARY 28, 2024

As of the time I’m writing this, earlier this week a cybersecurity bombshell story just broke that, for once, is actually a positive turn of events. I’m talking about Operation Cronos, an international law enforcement operation that seized the Lockbit ransomware infrastructure, led to arrests of persons affiliated with the criminal organization, and resulted in […] The post Locking Up Lockbit: The Fall of a Ransomware Cartel appeared first on TuxCare.

Ransomware 113

Ransomware Cybersecurity Cybercrime Malware 113

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 28, 2024

The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted attacks conducted by ALPHV/Blackcat ransomware attacks. The US agencies released a report containing IOCs and TTPs associated with the ALPHV Blackcat RaaS operation identified through law enforcement investigations conduct

Healthcare 125

Healthcare Ransomware Government Insurance 125

Bleeping Computer

FEBRUARY 28, 2024

Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. [.

134

134

Heimadal Security

FEBRUARY 28, 2024

A subdomain related to ScreenConnect appears as an Indicator of Compromise (IoC) on CISA`s #StopRansomware: ALPHV Blackcat joint advisory update. Fisa99.screenconnect[.]com, which is a ScreenConnect remote access domain, is listed in Table 4, as a network IoC. In their advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the […] The post ConnectWise ScreenConnect Subdomain Listed as IoC in CISA’s BlackCat Ransomware Adv

Ransomware 112

Ransomware Cybersecurity 112

Penetration Testing

FEBRUARY 28, 2024

A sophisticated espionage campaign, suspected to be linked to Iranian threat actors, is actively targeting aerospace and defense entities throughout the Middle East. Mandiant researchers have uncovered the campaign’s evolution, uncovering their use of... The post UNC1549’s Espionage Campaign Against Aerospace and Defense appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Malware 108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

FEBRUARY 28, 2024

On Wednesday February 21, 2024, Change Healthcare—a subsidiary of UnitedHealth Group—experienced serious system outages due to a cyberattack. In a Form 8-K filing the company said it: “identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.” Change Healthcare is one of the largest healthcare technology companies in the United States.

Healthcare 111

Healthcare Ransomware Backups Technology 111

Cisco Security

FEBRUARY 28, 2024

Making hot desking secure and accessible on a global scale The first rule of interviewing a CISO at the Australian division of Laing O’Rourke is this: You can’t dig deep into use cases or cli… Read more on Cisco Blogs Laing O'Rourke used Cisco Secure Firewall and Identity Services Engine to deliver global, secure network access. Here's how it all happened.

CISO 108

CISO Firewall Engineering 108

Security Boulevard

FEBRUARY 28, 2024

The Biden Administration wants to stop data brokers and other companies from selling sensitive personal data of American citizens to organizations in China, Russia, and other adversarial countries. President Biden on Wednesday signed an executive order giving the Justice, Homeland Security, and other federal departments authority to create rules to “prevent the large-scale transfer” of.

Data privacy 109

Data privacy Security Awareness Mobile Cybersecurity 109

Digital Guardian

FEBRUARY 28, 2024

Germany's Bundesdatenschutzgesetz (BDSG) has been around for decades but seen renewed attention over the past few years along with the global uptick in data privacy awareness. Learn about the data protection law and what it requires in today's blog.

Data privacy 105

Data privacy 105

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Veracode Security

FEBRUARY 28, 2024

Insecure software is significantly impacting our world. In a recent statement, CISA Director Jen Easterly declared: “Features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion. That has to stop. We are at a critical juncture for our national security.” Our State of Software Security 2024 report explores a key area this trade-off of speed to market prioritized against security has resulted in: security debt.

Risk 105

Risk Marketing Software Technology 105

Penetration Testing

FEBRUARY 28, 2024

Avast has uncovered details surrounding a zero-day exploit actively used by the Lazarus Group, targeting a vulnerability in the Windows appid.sys driver (CVE-2024-21338). This kernel-level vulnerability allowed attackers to deploy an advanced, stealthy rootkit,... The post Zero-Day Alert (CVE-2024-21338): Lazarus Group Exploits Windows Kernel Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

WIRED Threat Level

FEBRUARY 28, 2024

Canada-based Sandvine has long sold its web-monitoring tech to authoritarian regimes. This week, the US sanctioned the company, severely limiting its ability to do business with American firms.

Internet 96

Internet Internet 96

Bleeping Computer

FEBRUARY 28, 2024

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. [.

Hacking 116

Hacking Technology 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare