Sun.Jun 02, 2024

article thumbnail

Weekly Update 402

Troy Hunt

What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.

article thumbnail

Navigating Email: From Spam Wars to Trusted Relationships

Lohrman on Security

Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.

Marketing 232
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks

Penetration Testing

A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.

article thumbnail

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million San

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

The Hacker News

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware," cybersecurity firm eSentire said in a new report.

Malware 123
article thumbnail

Telegram: The Dark Horse of Website Malware Attacks

Penetration Testing

Telegram, the messaging platform known for its emphasis on privacy and security, has been revealed as a surprisingly potent tool in the hands of cybercriminals. A new in-depth analysis by Krasimir Konov, malware analyst... The post Telegram: The Dark Horse of Website Malware Attacks appeared first on Penetration Testing.

Malware 113

More Trending

article thumbnail

Minorities and the Cybersecurity Skills Gap: A 2024 Update

SecureWorld News

In 2022, the cybersecurity industry faced a significant skills gap , with millions of unfilled jobs projected by 2025. This shortage was exacerbated by a lack of diversity within the workforce, particularly among minorities. Factors such as limited access to education and training, lack of mentorship and role models, and systemic racism were identified as key contributors to this disparity.

article thumbnail

AI platform Hugging Face says hackers stole auth tokens from Spaces

Bleeping Computer

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. [.

article thumbnail

CVE-2024-35204: Veritas System Recovery Vulnerability Puts Data at Risk

Penetration Testing

A recent security advisory from Veritas has unveiled a high-severity vulnerability in their Veritas System Recovery software. Designated as CVE-2024-35204, this vulnerability has been assigned a CVSS score of 8.4, indicating its high severity.... The post CVE-2024-35204: Veritas System Recovery Vulnerability Puts Data at Risk appeared first on Penetration Testing.

article thumbnail

It's Time to Up-Level Your EDR Solution

Trend Micro

You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hugging Face Spaces Platform Hit by Unauthorized Access

Penetration Testing

Hugging Face, a leading provider of open-source machine learning and AI tools, has disclosed a recent security breach affecting its Spaces platform. The incident, which was detected last week, involved unauthorized access to Spaces... The post Hugging Face Spaces Platform Hit by Unauthorized Access appeared first on Penetration Testing.

article thumbnail

Comprehensive Guide to NIST SP 800-171 Revision 3 Compliance

Centraleyes

Few documents carry as much weight as the NIST Special Publication (SP) 800-171. Designed to safeguard sensitive information within non-federal systems and organizations, NIST 800-171 provides a framework of security requirements tailored to protect Controlled Unclassified Information (CUI). With the release of Revision 3 in May 2024, organizations are tasked with understanding and implementing the latest updates to ensure compliance and data security.

Risk 59
article thumbnail

BlueDelta: GRU-Linked Cyber Espionage Group Targets Critical European Networks

Penetration Testing

In a new report, cybersecurity firm Insikt Group has exposed a sophisticated cyber espionage campaign orchestrated by BlueDelta, a threat group with suspected ties to Russia’s GRU military intelligence agency. The campaign, which unfolded... The post BlueDelta: GRU-Linked Cyber Espionage Group Targets Critical European Networks appeared first on Penetration Testing.

article thumbnail

CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk

Penetration Testing

A critical security vulnerability has been discovered in wpDataTables, a widely-used WordPress plugin for creating tables and charts. The flaw, tracked as CVE-2024-3820 and rated with a maximum severity score of 10 (CVSS 10),... The post CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack

Penetration Testing

Censys data reveals over 13,800 internet-exposed Check Point gateways, with a significant majority being Quantum Spark Appliances aimed at small and medium-sized businesses, that may be vulnerable to CVE-2024-24919, a zero-day arbitrary file read... The post 13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack appeared first on Penetration Testing.

article thumbnail

CarnavalHeist Banking Trojan Targets Brazilian Financial Institutions with Sophisticated Overlay Attacks

Penetration Testing

A new banking Trojan named “CarnavalHeist” is targeting Brazilian users, exploiting the country’s festive spirit to steal financial data. Discovered by Cisco Talos, this malware campaign has been active since February 2024, using sophisticated... The post CarnavalHeist Banking Trojan Targets Brazilian Financial Institutions with Sophisticated Overlay Attacks appeared first on Penetration Testing.

Banking 53