Troy Hunt
JUNE 24, 2024
I've been harbouring some thoughts about the state of data breaches over recent months, and I feel they've finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on behalf of those executing data breaches but also very likely on behalf of some organisations handling them.
Schneier on Security
JUNE 24, 2024
Former NSA Director Paul Nakasone has joined the board of OpenAI.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 24, 2024
Which is better, Bitdefender VPN or NordVPN? Use our guide to help you compare pricing, features and more.
Security Affairs
JUNE 24, 2024
The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JUNE 24, 2024
Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz.
Security Affairs
JUNE 24, 2024
CISA warned chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was compromised in January. CISA warns chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was breached in January. In March, the Recorded Future News first reported that the US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JUNE 24, 2024
With cyberattacks increasingly targeting health care providers, an arduous bureaucratic process meant to address legal risk is keeping hospitals offline longer, potentially risking lives.
The Hacker News
JUNE 24, 2024
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.
Security Affairs
JUNE 24, 2024
Multiple threat actors are using an open-source Android remote administration tool called Rafel RAT to target Android Devices. Check Point Research identified multiple threat actors using Rafel, an open-source remote administration tool (RAT). The researchers spotted an espionage group using Rafel, highlighting the tool’s effectiveness across different threat profiles and goals.
The Hacker News
JUNE 24, 2024
Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureList
JUNE 24, 2024
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor , we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to successfully hook one of the functions related to RSA key manipulation.
The Hacker News
JUNE 24, 2024
A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024.
The Last Watchdog
JUNE 24, 2024
Secure Access Service Edge ( SASE ) has come a long way since Gartner christened this cloud-centric cybersecurity framework in 2019. Related: Can SASE stop tech sprawl? SASE blends networking architecture, namely SD-WAN, with cloud-delivered security services such as security web gateways, Zero Trust network access and more. Several distinct variants of SASE have come to be supplied by diverse sources.
The Hacker News
JUNE 24, 2024
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JUNE 24, 2024
Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide. In the first four months of 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide, including 55 in Italy. These findings, sourced from the Ransomfeed platform , shed light on the geographical distribution of attacks and the most impacted sectors.
NetSpi Technical
JUNE 24, 2024
Intro – What is Prototype Pollution? Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution. It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have var
Security Affairs
JUNE 24, 2024
The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed. Members of the ExCobalt group have been active since at least 2016, the researchers believe that the group is linked to the notorious Cobalt Gang.
Malwarebytes
JUNE 24, 2024
For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at pharmacies across the United States.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JUNE 24, 2024
Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency portfolio management and tracking platform CoinStats. The cryptocurrency portfolio management and tracking platform CoinStats suffered a massive security breach. Alleged North Korea threat actors have compromised 1,590 cryptocurrency wallets. CoinStats allows users to monitor their cryptocurrency holdings across various exchanges and wallets in a single platform.
Security Boulevard
JUNE 24, 2024
Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting files to espionage and ransomware. Rafel RAT is an open-source remote administration tool that is spread through phishing campaigns aimed at convincing targets.
The Hacker News
JUNE 24, 2024
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.
Security Boulevard
JUNE 24, 2024
In today’s business landscape, adhering to the Payment Card Industry Data Security Standard (PCI DSS) is essential. As a business owner, have you ever considered how secure your client’s credit card information is? In the modern digital age, safeguarding sensitive data is crucial. Protecting your clients’ card information not only maintains their trust in your […] The post What’s New in PCI DSS Version 4.1?
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
JUNE 24, 2024
Multiple threat actors are using an open-source Android remote administration tool called Rafel RAT to target Android Devices. Check Point Research identified multiple threat actors using Rafel, an open-source remote administration tool (RAT). The researchers spotted an espionage group using Rafel, highlighting the tool’s effectiveness across different threat profiles and goals.
Security Boulevard
JUNE 24, 2024
PKI ensures secure digital communication by verifying online entities. Root and intermediate certificates create a trust chain, ensuring information integrity. The post Intermediate vs Root Certificates appeared first on Security Boulevard.
Malwarebytes
JUNE 24, 2024
Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations, Malwarebytes finds Explained: Android overlays and how they are used to trick people TikTok facing fresh lawsuit in US over children’s privacy Was T-Mobile compromised by a zero-day in Jira?
Penetration Testing
JUNE 24, 2024
Recently, security researcher Miloš published the technical details and proof-of-concept (PoC) exploit code for a high severity vulnerability in the Bluetooth Low Energy library in Windows, designated as CVE-2023-24871. This integer overflow vulnerability, rated... The post Researcher Unveils PoC for Windows Bluetooth Service RCE Vulnerability appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
SecureWorld News
JUNE 24, 2024
Data is mission critical in the modern digital era. The ability to gain proactive actionable insights from business data can help foster innovation, enhance operating efficiency, support proactive continuous improvement (e.g., predictive analytics), and deliver actionable insights to support business decision making. The modern data- and cloud-centric digital era has given rise to the important principle of Data Sovereignty.
Bleeping Computer
JUNE 24, 2024
Google is testing a new feature called "Digital Credential API" for Chrome on Android that will allow websites to request identity information from mobile wallets using Android's IdentityCredential system. [.
Penetration Testing
JUNE 24, 2024
A serious security vulnerability in StreamPipes, a widely-used Industrial Internet of Things (IIoT) data processing platform, has left potentially thousands of users at risk of account hijacking. The flaw, designated CVE-2024-29868, stems from the... The post CVE-2024-29868 in Popular IoT Toolbox StreamPipes Opens Door to Account Takeovers appeared first on Cybersecurity News.
Bleeping Computer
JUNE 24, 2024
Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
293 
Let's personalize your content