Sun.Jun 23, 2024

article thumbnail

Weekly Update 405

Troy Hunt

Ah, sunshine! As much as I love being back in Norway, the word "summer" is used very loosely there. Not as much in Greece, however, which is just spectacular: Finally escaped the bitterly cold Norwegian summer for something… warmer 🇬🇷 pic.twitter.com/jk9knZvJar — Troy Hunt (@troyhunt) June 17, 2024 3 nights in Mykonos, 2 in Santorini and I'm pushing this post out just before our second night in Athens before embarking on the long journey home.

article thumbnail

Navigating the CISO Role: Common Pitfalls for New Leaders

Lohrman on Security

What are the top mistakes that I see new security leaders continue to make in 2024 as they start their CISO careers or take on new roles? How can these challenges be addressed?

CISO 167
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

The Hacker News

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.

Antivirus 144
article thumbnail

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

Security Affairs

Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept (PoC) code. Threat actors are actively exploiting a recently discovered vulnerability, tracked as CVE-2024-28995 , in SolarWinds Serv-U software. The vulnerability CVE-2024-28995 is a high-severity directory transversal issue that allows attackers to read sensitive files on the host machine.

Software 127
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Facebook PrestaShop module exploited to steal credit cards

Bleeping Computer

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. [.

126
126
article thumbnail

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

Security Affairs

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG. TEG (Ticketek Entertainment Group) is an Australian company that operates in the live entertainment and ticketing industry. The company operates across multiple countries and sells over 30 million tickets annually for more than 30,000 events, including live sports, concerts, theatre, festivals, and exhibitions.

More Trending

article thumbnail

Microsoft Photos update brings requested features to Windows 11

Bleeping Computer

Microsoft's updated Photos app is now available for Windows 11 in the Windows Insider Program, bringing requested interface changes and better image quality. [.

article thumbnail

RansomHub: A New Ransomware-as-a-Service Threatens Multiple Operating Systems

Penetration Testing

A new ransomware-as-a-service (RaaS) called RansomHub has emerged, targeting Windows, Linux, and ESXi operating systems. This multi-OS capability makes it a significant threat to a wide range of organizations. RansomHub affiliates are offered a... The post RansomHub: A New Ransomware-as-a-Service Threatens Multiple Operating Systems appeared first on Cybersecurity News.

article thumbnail

Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

Security Boulevard

In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft’s delayed release of CoPilot Plus PCs […] The post Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

Media 59
article thumbnail

CVE-2024-5756 (CVSS 9.8): Critical Icegram Express Flaw Puts 90,000 WordPress Sites at Risk

Penetration Testing

A critical vulnerability in Icegram Express, a popular email marketing plugin for WordPress with over 90,000 active installations, could put sensitive user data at risk. Tracked as CVE-2024-5756 (CVSS 9.8), the flaw allows unauthenticated... The post CVE-2024-5756 (CVSS 9.8): Critical Icegram Express Flaw Puts 90,000 WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 78
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

USENIX Security ’23 – Educators’ Perspectives of Using (or Not Using) Online Exam Proctoring

Security Boulevard

Authors/Presenters: David G. Balash, Elena Korkes, Miles Grant, Adam J. Aviv, Rahel A. Fainchtein, Micah Sherr Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

CVE-2024-27815: Apple XNU Kernel Vulnerability Uncovered, PoC Code Released

Penetration Testing

A security researcher has published details and proof-of-concept (PoC) code for a CVE-2024-27815 vulnerability in the XNU kernel that could be exploited to execute arbitrary code with kernel privileges. The vulnerability was introduced in... The post CVE-2024-27815: Apple XNU Kernel Vulnerability Uncovered, PoC Code Released appeared first on Cybersecurity News.

article thumbnail

Decoding the Rise of Zero-Trust Adoption in Government Sector

Security Boulevard

As cyber threats become increasingly sophisticated, government sectors turn to Zero-Trust architecture to revolutionize their cybersecurity measures. This strategy is crucial for safeguarding sensitive information and maintaining national security. The post Decoding the Rise of Zero-Trust Adoption in Government Sector appeared first on Security Boulevard.

article thumbnail

Zyxel NAS Devices Under Attack: CVE-2024-29973 Exploitation Attempts by Mirai-Like Botnet

Penetration Testing

Shadowserver, a leading threat monitoring platform, has raised a red flag regarding the active exploitation of a critical vulnerability in Zyxel NAS devices. The flaw, tracked as CVE-2024-29973 (CVSS 9.8), allows unauthenticated attackers to... The post Zyxel NAS Devices Under Attack: CVE-2024-29973 Exploitation Attempts by Mirai-Like Botnet appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The End of Our Dog Era

Security Boulevard

"That's the end of our Joplin era," my wife said to my oldest daughter. We were still crying and wiping our tears. I didn't say it out loud, but I thought "That was the end of our dog era," We'd just returned to the car from the vet's office where the three of us, through tears, accompanied our 15 year old black lab to the end of her life. Joplin had been the runt of her mother's litter.

article thumbnail

Rafel RAT Malware: A Growing Cybersecurity Threat to Android Devices

Penetration Testing

Check Point Research has released a comprehensive report detailing the alarming rise of Rafel RAT, an open-source Android malware that has been weaponized by a diverse range of threat actors, from espionage groups to... The post Rafel RAT Malware: A Growing Cybersecurity Threat to Android Devices appeared first on Cybersecurity News.

Malware 51
article thumbnail

Navigating the CISO Role: Common Pitfalls for New Leaders

Security Boulevard

What are the top mistakes that I see new security leaders continue to make in 2024 as they start their CISO careers or take on new roles? How can these challenges be addressed? The post Navigating the CISO Role: Common Pitfalls for New Leaders appeared first on Security Boulevard.

CISO 45
article thumbnail

GrimResource: A New Cybersecurity Threat Exploiting Microsoft Management Console

Penetration Testing

Elastic Security Labs has recently uncovered a novel cyberattack technique dubbed “GrimResource,” which leverages specially crafted MSC files to gain unauthorized code execution within Microsoft Management Console (mmc.exe). The GrimResource technique capitalizes on an... The post GrimResource: A New Cybersecurity Threat Exploiting Microsoft Management Console appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US government sanctions twelve Kaspersky Lab executives Experts found a bug in the Linux version of RansomHub ransomware UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models Russia-linked A

Firmware 121