Troy Hunt

APRIL 28, 2024

Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking 163

Banking Passwords Password Management Data breaches 163

Penetration Testing

APRIL 27, 2024

Security researcher Gabe Kirkpatrick has released proof-of-concept (PoC) exploit code for CVE-2024-21345, a high-severity Windows Kernel Elevation of Privilege vulnerability. This exploit allows authenticated attackers to escalate privileges to the SYSTEM level, granting them... The post Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Authentication 145

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. The experts pointed out that this malware is actively evolving and poses a severe risk to the banking sector.

Malware 109

Malware Spyware Authentication Mobile 109

Bleeping Computer

APRIL 27, 2024

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. [.

Accountability 106

Accountability 106

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

APRIL 27, 2024

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.

Cybersecurity 94

Cybersecurity 94

Penetration Testing

APRIL 27, 2024

proctools Small toolkit for extracting information and dumping sensitive strings from Windows processes. Made to accompany another project that’s in the works. procsearch – find sensitive strings in the target process memory searches for... The post proctools: extracting information and dumping sensitive strings from Windows processes appeared first on Penetration Testing.

Penetration Testing 94

Penetration Testing 94

Bleeping Computer

APRIL 27, 2024

Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. [.

Scams 85

Scams 85

Security Boulevard

APRIL 27, 2024

The RSA Conference 2024 is set to kick off on May 6. Known as the “Oscars of Cybersecurity”, RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know the company Bedrock […] The post RSAC 2024 Innovation Sandbox | Bedrock Security: A Seamless and Efficient Data Security Solution appeared first on NSFOCUS, Inc., a global network

Cyber Attacks 70

Cyber Attacks Cybersecurity 70

Penetration Testing

APRIL 28, 2024

Sources within Google reveal that the company had already laid off a team responsible for maintaining a stable version of Python several days ago. This team consisted of approximately ten full-time engineers. While not... The post Google lays off its Python team appeared first on Penetration Testing.

Penetration Testing 93

Penetration Testing Engineering Technology 93

WIRED Threat Level

APRIL 27, 2024

This week in cybersecurity news: Google holds off on killing cookies, Samourai Wallet founders get arrested, GM stops its driver surveillance program, and a school principal's racist rant is revealed to be a deepfake.

Surveillance 65

Surveillance Cybersecurity 65

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow signal-2023-12-20-160512.ppsx) file uploaded from Ukraine to VirusTotal at the end of 2023.

VPN 69

VPN Hacking Engineering Information Security 69

Security Boulevard

APRIL 27, 2024

What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work? And what's that got to do with footballs anyway? I've written this simple breakdown of the five key cyber security terms - confidentiality, integrity, availability, authenticity and non-repudiation - with examples of what they mean in practice, and real life incidents illustrating what happens when they go wrong!

Cybersecurity 67

Cybersecurity Authentication 67

Penetration Testing

APRIL 27, 2024

In their latest security bulletins, Mitel Networks Corporation has addressed critical security concerns for users of the MiContact Center Business platform. These updates tackle significant vulnerabilities that could potentially allow unauthorized script execution through... The post Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business appeared first on Penetration Testing.

Penetration Testing 68

Penetration Testing 68

The Hacker News

APRIL 28, 2024

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services.

67

67

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

APRIL 28, 2024

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attac

68

68

Security Boulevard

APRIL 27, 2024

Authors/Presenters: *Shradha Neupane, Grant Holmes, Elizabeth Wyss, Drew Davidson, Lorenzo De Carli Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Network Security 62

Network Security 62

WIRED Threat Level

APRIL 27, 2024

A ban on weapons of mass destruction in orbit has stood since 1967. Russia apparently has other ideas.

67

67

Bleeping Computer

APRIL 28, 2024

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [.

58

58

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

APRIL 28, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

61

61

Security Boulevard

APRIL 27, 2024

The widespread adoption of cloud services has introduced cybersecurity challenges and compliance complexities due to various privacy regulations in different jurisdictions. According to Pew Research Center, 79% of respondents expressed concerns about the collection and processing of their personal data by companies and government entities. Customers relying on multiple cloud providers have limited control over […] The post What is General Data Protection Regulation Act (GDPR)?

Government 62

Government Cybersecurity Risk 62

Lohrman on Security

APRIL 28, 2024

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications?

134

134

Security Boulevard

APRIL 27, 2024

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Today let’s focus on new hotspots in network security and gain insights into new trends in security development by delving into Antimatter. Introduction of Antimatter […] The post RSAC 2024 Innovation Sandbox | Antimatter: A Comprehensive Data Security Management Tool appeared first on NSFOCUS, Inc., a global

Cyber Attacks 62

Cyber Attacks Network Security Cybersecurity 62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 28, 2024

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications? The post What Would a TikTok Ban Mean? appeared first on Security Boulevard.

57

57