Troy Hunt

AUGUST 18, 2024

Whilst there definitely weren't 2.x billion people in the National Public Data breach, it is bad. It really is fascinating how much data can be collected and monetised in this fashion and as we've seen many times before, data breaches do often follow. The NPD incident has received a huge amount of exposure this week and as is often the case, there are some interesting turns; partial data sets, an actor turned data broker, a disclosure notice (almost) nobody can load and bad actors pedd

Data breaches 232

Data breaches Engineering 232

Lohrman on Security

AUGUST 18, 2024

Virginia Tech CISO Randy Marchany discusses his career, SANS training and all things cybersecurity at a major university in 2024.

CISO 197

CISO Cybersecurity 197

Penetration Testing

AUGUST 18, 2024

Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless gear-shifting tools used by professional cyclists. This flaw could allow hackers to... The post Shimano Di2 Wireless Protocol: Critical Vulnerabilities Uncovered appeared first on Cybersecurity News.

Wireless 145

Wireless Cybersecurity 145

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update screen to conceal data exfiltrating.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

AUGUST 18, 2024

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7.

Cybercrime 125

Cybercrime Cybersecurity 125

Security Affairs

AUGUST 18, 2024

A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extortion campaign that successfully compromised and extorted multiple victim organizations by leveraging exposed environment variable files (.env files). The exposed files contained sensitive variables such as credentials belonging to various applications.

Architecture 141

Architecture Internet Internet Media 141

Security Affairs

AUGUST 18, 2024

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints. A team of researchers from US universities demonstrated how to deceive fingerprint recognition systems through dictionary attacks using ‘MasterPrints,’ which are fingerprints that can match multiple other prints.

Architecture 140

Architecture Hacking Risk Information Security 140

Penetration Testing

AUGUST 18, 2024

Researchers have uncovered a new piece of malware named Cyclops, likely developed by the “Charming Kitten” group (APT 35). This malware first emerged in December 2023 and by 2024 had... The post Cyclops: Iranian APT 35 Hackers’ Latest Tool for Network Infiltration appeared first on Cybersecurity News.

Malware 97

Malware Cybersecurity 97

Security Affairs

AUGUST 18, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Deciphering the Brain Cipher Ransomware Ideal typosquat ‘solana-py’ steals your crypto wallet keys Ransomware attackers introduce new EDR killer to their arsenal Beyond the wail: deconstructing the BANSHEE infostealer A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers Tusk: unraveling a complex infostealer campaign Zero Day Ransomwar

Malware 130

Malware Social Engineering Ransomware Government 130

Tech Republic Security

AUGUST 18, 2024

With the increasing reliance on complex and global supply chains, more companies are exposed to a wide range of risks, including theft, counterfeiting, cyberattacks, natural disasters, geopolitical conflicts, and regulatory changes. These hazards can disrupt operations, compromise the quality and safety of products, and erode customer trust. So, to remain competitive and resilient, it is.

Risk 83

Risk 83

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

AUGUST 18, 2024

Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub) and it demands The post CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive appeared first on ARMO. The post CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive appeared first on Security Boulevard.

83

83

Penetration Testing

AUGUST 18, 2024

Palo Alto Networks has uncovered a large-scale ransomware campaign that has impacted over 100,000 domains. The perpetrators exploited misconfigured ENV files in AWS to gain access to data stored in... The post Cloud Attack: Extortionists Breach AWS, Expose 90,000 Variables appeared first on Cybersecurity News.

Ransomware 89

Ransomware Cybersecurity 89

Security Boulevard

AUGUST 18, 2024

In episode 342, we discuss the effectiveness of people-search removal tools like DeleteMe and Reputation Defender, based on a study by Consumer Reports. We also cover how almost every American’s social security number has potentially been stolen by hackers and shared on the dark web. Scott and Tom talk about the importance of protecting your […] The post The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S.

Data breaches 69

Data breaches Data privacy Technology InfoSec 69

Penetration Testing

AUGUST 18, 2024

A newly discovered security vulnerability, CVE-2024-7646, has been identified in the widely used ingress-nginx controller for Kubernetes, posing a severe threat to multi-tenant environments. With a CVSS score of 8.8,... The post CVE-2024-7646: A Threat to Kubernetes Clusters Running ingress-nginx appeared first on Cybersecurity News.

Cybersecurity 81

Cybersecurity 81

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Centraleyes

AUGUST 18, 2024

The digital age has revolutionized the financial sector , making it more efficient and interconnected. However, this transformation has also introduced new risks, particularly from third-party ICT (Information and Communication Technology) providers. Recognizing the critical role these providers play in the financial ecosystem, the European Union has introduced the Digital Operational Resilience Act (DORA).

Risk 69

Risk Financial Services Government Banking 69

Security Boulevard

AUGUST 18, 2024

" It is never too late to be who you might have been. " - George Elliot Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenges. You can view my previous two write-ups using the following links. Each one covered a specific challenge of the CMIYC contest: [ Striphash ] and [ Radmin3 hashes ]. I'll admit, in my previous posts I was focusing on the plumbing of the challenges.

Wireless 64

Wireless Passwords Penetration Testing Hacking 64

Penetration Testing

AUGUST 18, 2024

Debian 11, codenamed Bullseye and released on August 14, 2021, has now reached the end of its three-year regular security support period. Consequently, the Debian LTS team has taken over... The post Debian 11 ‘Bullseye’ Enters LTS: What You Need to Know appeared first on Cybersecurity News.

Cybersecurity 72

Cybersecurity 72

Security Boulevard

AUGUST 18, 2024

The digital age has revolutionized the financial sector, making it more efficient and interconnected. However, this transformation has also introduced new risks, particularly from third-party ICT (Information and Communication Technology) providers. Recognizing the critical role these providers play in the financial ecosystem, the European Union has introduced the Digital Operational Resilience Act (DORA).

Risk 59

Risk Technology 59

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

AUGUST 18, 2024

According to a new report, ransomware victims paid over $459 million to attackers in the first half of 2024. This staggering figure underscores the escalating cybersecurity crisis affecting organizations of... The post Ransomware Attacks Surge: $459 Million Paid in First Half of 2024 appeared first on Cybersecurity News.

Ransomware 72

Ransomware Cybersecurity Malware 72

Security Boulevard

AUGUST 18, 2024

Authors/Presenters:Zixuan Wang, Mohammadkazem Taram, Daniel Moghimi, Steven Swanson, Dean Tullsen, Jishen Zhao Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Network Security 59

Network Security 59

Penetration Testing

AUGUST 18, 2024

French authorities have arrested several suspects in connection with the devastating hacking attack on the Holograph platform, which resulted in the theft of tokens worth $14.4 million. The perpetrators exploited... The post French Police Crack Down on $14.4 Million Holograph Hack appeared first on Cybersecurity News.

Hacking 72

Hacking Cybersecurity 72

Hacker's King

AUGUST 18, 2024

In this article, we explore a comprehensive network scanning and vulnerability assessment tool that is very helpful for bug bounty hunters, security professionals, etc. SpyHunt is a comprehensive network scanning and vulnerability assessment tool. This tool is designed for security professionals and penetration testers to perform comprehensive reconnaissance and vulnerability assessments on target networks and web applications.

DNS 52

DNS Technology Hacking 52

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

AUGUST 18, 2024

Researchers at Aqua Nautilus have identified a new variant of the Gafgyt botnet that represents a significant evolution in malware targeting strategies. Originally known for infecting IoT devices to conduct... The post Gafgyt Botnet: Now Exploiting GPU Power in Cloud-Native Environments appeared first on Cybersecurity News.

IoT 69

IoT Malware Cybersecurity 69

The Security Ledger

AUGUST 18, 2024

Keyless lock maker Digilock withdrew a cease and desist order and allowed a DEF CON talk on security flaws in its devices to move forward. Other device makers should take note! The post A Digital Lock Maker Tried To Squash A DEF CON Talk. It Happened Anyway. Here’s Why. appeared first on The Security Ledger with Paul F. Roberts.

Hacking 52

Hacking Firmware Data privacy Internet 52

Penetration Testing

AUGUST 18, 2024

Security researchers warn of a new macOS malware, BANSHEE Stealer, which has recently emerged in underground forums. Developed by Russian threat actors and introduced on an underground forum, this malware... The post BANSHEE Stealer: $3,000/Month macOS Malware Targets Apple Users appeared first on Cybersecurity News.

Malware 57

Malware Cybersecurity 57

Security Affairs

AUGUST 18, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Large-scale extortion campaign targets publicly accessible environment variable files (.env) OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election National Public Data confirms a data breach Banshee Stealer, a new macOS

Data breaches 131

Data breaches Cybercrime Banking Hacking 131

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity