The Last Watchdog

MARCH 25, 2024

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows: Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business go

Cybersecurity 203

Cybersecurity Artificial Intelligence Risk Government 203

Bleeping Computer

MARCH 25, 2024

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.

Phishing 143

Phishing Accountability Authentication 143

Penetration Testing

MARCH 25, 2024

Security researcher ma4ter has revealed details of a dangerous security vulnerability (CVE-2024-20767) in Adobe ColdFusion. This flaw originally reported to Adobe, could be exploited to read arbitrary files on an affected server, potentially exposing... The post CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing 142

Bleeping Computer

MARCH 25, 2024

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [.

Scams 140

Scams Malware Software 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MARCH 25, 2024

With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, or make payments to fake. The post Tax Scams Ramping Up as the April 15 Deadline Approaches appeared first on Security Boulevard.

Scams 135

Scams Social Engineering Engineering Phishing 135

Security Affairs

MARCH 25, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulne

Hacking 133

Hacking Cybersecurity Software Risk 133

Bleeping Computer

MARCH 25, 2024

Since Saturday, U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. [.

125

125

The Hacker News

MARCH 25, 2024

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site.

Accountability 127

Accountability 127

Security Affairs

MARCH 25, 2024

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems.

Phishing 138

Phishing Social Engineering Telecommunications Accountability 138

Graham Cluley

MARCH 25, 2024

In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC). What lessons can other organisations learn from the ransomware attack? Read more in my article on the Exponential-e blog.

Ransomware 121

Ransomware Data breaches Malware 121

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Trend Micro

MARCH 25, 2024

This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.

Ransomware 138

Ransomware 138

The Hacker News

MARCH 25, 2024

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations.

Encryption 136

Encryption 136

Bleeping Computer

MARCH 25, 2024

The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. [.

Malware 116

Malware 116

Security Affairs

MARCH 25, 2024

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys. A team of researchers from several US universities demonstrated a new microarchitectural side-channel attack named GoFetch that could allow attackers to extract secret keys from systems using Apple CPUs. GoFetch side-channel attack can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

Engineering 132

Engineering Hacking Software Information Security 132

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

MARCH 25, 2024

Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Read more in my article on the Tripwire State of Security blog.

Marketing 116

Marketing Data breaches DDOS Phishing 116

Security Affairs

MARCH 25, 2024

Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns Palo Alto Networks’ Unit42 spotted a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and US. The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware.

Malware 134

Malware Encryption Manufacturing Phishing 134

The Hacker News

MARCH 25, 2024

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera.

Phishing 119

Phishing Surveillance Manufacturing Technology 119

Security Boulevard

MARCH 25, 2024

Is your organization feeling stuck using Pivotal Cloud Foundry (PCF), now known as Tanzu Application Service (TAS or sometimes VMware Cloud Foundation)? You're not alone. Broadcom completed its acquisition of VMware in late 2023. To make the most of their acquisition, Broadcom is trying to squeeze money out of VMware — leading to skyrocketing costs for PCF (aka Tanzu) customers.

115

115

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

MARCH 25, 2024

Skater brand Vans emailed customers last week to tell them about a recent “data incident.” On December 13, 2023, Vans said it detected unauthorized activities on its IT systems, attributed to “external threat actors.” An investigation revealed that the incident involved some personal information of Vans’ customers. The affected information could include: Email address Full name Phone number Billing address Shipping address In certain cases, the affected data may also include order hi

Data breaches 116

Data breaches Phishing Identity Theft Passwords 116

Security Boulevard

MARCH 25, 2024

Ransomware is not going away. So how can organizations defend against it? Dig deeper to learn how to build cybersecurity resiliency. The post Building Resiliency in the Face of Ransomware appeared first on SafeBreach. The post Building Resiliency in the Face of Ransomware appeared first on Security Boulevard.

Ransomware 113

Ransomware Cybersecurity 113

Penetration Testing

MARCH 25, 2024

A bombshell awaits the cybersecurity world at the upcoming t2 Infosec Conference. Security researchers Christer, Claes, and Marcus of signedness.org have uncovered a severe flaw (CVE-2024-29937) in Network File System (NFS) implementations used by... The post CVE-2024-29937: Critical NFS Vulnerability Exposes BSD Systems to Remote Code Execution appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing InfoSec Cybersecurity 123

Bleeping Computer

MARCH 25, 2024

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. [.

113

113

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. Once an abbreviation that few knew the meaning of, VRM is now a basic component of responsible business processes. In our interconnected world, our security is only as strong as our weakest link, and the third-party vendors we choose are essential links in our business chains.

Risk 111

Risk Data collection Architecture Government 111

Bleeping Computer

MARCH 25, 2024

The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. [.

110

110

We Live Security

MARCH 25, 2024

Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.

Cybersecurity 123

Cybersecurity 123

The Hacker News

MARCH 25, 2024

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant.

Passwords 109

Passwords Hacking Accountability Software 109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

MARCH 25, 2024

Security researcher Yann Gascuel (Alter Solutions) has detailed a critical privilege escalation vulnerability (CVE-2023-42931) affecting the following macOS versions: macOS Monterey prior to 12.7.2 macOS Ventura prior to 13.6.3 macOS Sonoma prior to 14.2... The post CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation – Patch Now!

Penetration Testing 111

Penetration Testing 111

Security Boulevard

MARCH 25, 2024

The Change Healthcare security breach has impacted over 94% of hospitals as reported by the American Health Association (AHA). A cascading set of events was unleashed starting with the Feb 21, 2024 announcement of the data breach at Change Healthcare requiring nearly $2B in advance payments severely impacting nearly 900,000 physicians, 33,000 pharmacies, 5,500 hospitals […] The post Is it time to enforce an Authority-to-Operate (ATO) for Healthcare Organizations?

Healthcare 105

Healthcare Data breaches Cybersecurity 105

Penetration Testing

MARCH 25, 2024

A serious security vulnerability (CVE-2024-1538, CVSS 8.8) has been discovered in the File Manager plugin for WordPress. This plugin, with over 1 million active installations, allows website administrators to manage files and folders directly... The post CVE-2024-1538: Critical WordPress Plugin Flaw Exposes Over 1 Million Sites – Patch Immediately!

Penetration Testing 112

Penetration Testing 112

WIRED Threat Level

MARCH 25, 2024

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

Hacking 106

Hacking 106

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government