Troy Hunt
JUNE 2, 2024
What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.
Lohrman on Security
JUNE 2, 2024
Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JUNE 2, 2024
A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.
The Hacker News
JUNE 2, 2024
Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware," cybersecurity firm eSentire said in a new report.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
JUNE 2, 2024
Telegram, the messaging platform known for its emphasis on privacy and security, has been revealed as a surprisingly potent tool in the hands of cybercriminals. A new in-depth analysis by Krasimir Konov, malware analyst... The post Telegram: The Dark Horse of Website Malware Attacks appeared first on Penetration Testing.
Bleeping Computer
JUNE 2, 2024
Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 2, 2024
AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. [.
SecureWorld News
JUNE 2, 2024
In 2022, the cybersecurity industry faced a significant skills gap , with millions of unfilled jobs projected by 2025. This shortage was exacerbated by a lack of diversity within the workforce, particularly among minorities. Factors such as limited access to education and training, lack of mentorship and role models, and systemic racism were identified as key contributors to this disparity.
Penetration Testing
JUNE 2, 2024
A recent security advisory from Veritas has unveiled a high-severity vulnerability in their Veritas System Recovery software. Designated as CVE-2024-35204, this vulnerability has been assigned a CVSS score of 8.4, indicating its high severity.... The post CVE-2024-35204: Veritas System Recovery Vulnerability Puts Data at Risk appeared first on Penetration Testing.
Trend Micro
JUNE 2, 2024
You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
JUNE 2, 2024
Hugging Face, a leading provider of open-source machine learning and AI tools, has disclosed a recent security breach affecting its Spaces platform. The incident, which was detected last week, involved unauthorized access to Spaces... The post Hugging Face Spaces Platform Hit by Unauthorized Access appeared first on Penetration Testing.
Centraleyes
JUNE 2, 2024
Few documents carry as much weight as the NIST Special Publication (SP) 800-171. Designed to safeguard sensitive information within non-federal systems and organizations, NIST 800-171 provides a framework of security requirements tailored to protect Controlled Unclassified Information (CUI). With the release of Revision 3 in May 2024, organizations are tasked with understanding and implementing the latest updates to ensure compliance and data security.
Penetration Testing
JUNE 2, 2024
In a new report, cybersecurity firm Insikt Group has exposed a sophisticated cyber espionage campaign orchestrated by BlueDelta, a threat group with suspected ties to Russia’s GRU military intelligence agency. The campaign, which unfolded... The post BlueDelta: GRU-Linked Cyber Espionage Group Targets Critical European Networks appeared first on Penetration Testing.
Penetration Testing
JUNE 2, 2024
A critical security vulnerability has been discovered in wpDataTables, a widely-used WordPress plugin for creating tables and charts. The flaw, tracked as CVE-2024-3820 and rated with a maximum severity score of 10 (CVSS 10),... The post CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk appeared first on Penetration Testing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
JUNE 2, 2024
Censys data reveals over 13,800 internet-exposed Check Point gateways, with a significant majority being Quantum Spark Appliances aimed at small and medium-sized businesses, that may be vulnerable to CVE-2024-24919, a zero-day arbitrary file read... The post 13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack appeared first on Penetration Testing.
Penetration Testing
JUNE 2, 2024
A new banking Trojan named “CarnavalHeist” is targeting Brazilian users, exploiting the country’s festive spirit to steal financial data. Discovered by Cisco Talos, this malware campaign has been active since February 2024, using sophisticated... The post CarnavalHeist Banking Trojan Targets Brazilian Financial Institutions with Sophisticated Overlay Attacks appeared first on Penetration Testing.
Expert insights. Personalized for you.
229 
Let's personalize your content