Sun.Jun 30, 2024

article thumbnail

The State of Data Breaches, Part 2: The Trilogy of Players

Troy Hunt

Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.

article thumbnail

Montgomery County, Md.’s Chatbot Shows GenAI in Action

Lohrman on Security

I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. TeamViewer discovered that a threat actor has breached its corporate network and some reports attribute the intrusion to the Russia-linked APT group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

article thumbnail

Juniper Networks Releases Critical Security Update for Routers

The Hacker News

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Fake IT support sites push malicious PowerShell scripts as Windows fixes

Bleeping Computer

Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. [.

Malware 138
article thumbnail

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Infosys McCamish Systems data breach impacted over 6 million people A cyberattack shut down the University Hospital Centre Zagreb in Croatia US announces a $10M reward for Russia’s GRU hacker behind attacks on Ukraine New P2Pinfect version delivers

More Trending

article thumbnail

Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities

Penetration Testing

In a move towards greater transparency and security, Microsoft has announced a new practice of assigning Common Vulnerabilities and Exposures (CVE) numbers for significant vulnerabilities found and fixed within their cloud services. This shift... The post Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

Dev rejects CVE severity, makes his GitHub repo read-only

Bleeping Computer

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. [.

124
124
article thumbnail

Indirector – High-Precision Branch Target Injection Attacks: A New Threat to Intel CPUs

Penetration Testing

Researchers at the University of California San Diego have published a groundbreaking paper detailing a new class of security vulnerabilities in Intel’s high-end CPUs. These vulnerabilities, dubbed “Indirector” attacks, exploit weaknesses in the chip’s... The post Indirector – High-Precision Branch Target Injection Attacks: A New Threat to Intel CPUs appeared first on Cybersecurity News.

article thumbnail

Juniper releases out-of-cycle fix for max severity auth bypass flaw

Bleeping Computer

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. [.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Future of Manufacturing: Cutting-Edge Tech

SecureBlitz

In this post, I will address the future of manufacturing and talk about cutting-edge tech. Cutting-edge developments are about to trigger a technological revolution in the manufacturing sector. Innovations in artificial intelligence, 3D printing, robotics, quantum computing, and the Industrial Internet of Things are revolutionizing the design, manufacturing, and maintenance of products.

article thumbnail

Critical Vulnerability in WebRTC Media Servers Threatens Real-Time Communication

Penetration Testing

A critical denial-of-service (DoS) vulnerability has been identified in media servers handling WebRTC’s DTLS-SRTP. This flaw, stemming from a race condition between ICE and DTLS traffic, can disrupt media sessions, threatening the availability of... The post Critical Vulnerability in WebRTC Media Servers Threatens Real-Time Communication appeared first on Cybersecurity News.

Media 83
article thumbnail

Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO

Zero Day

Gen AI opens up all kinds of opportunities to obtain sensitive data without even building malware.

Malware 75
article thumbnail

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193)

Penetration Testing

A security researcher has released proof-of-concept (PoC) exploit code targeting a high-severity vulnerability (CVE-2024-0193) within the Linux kernel. This use-after-free flaw in the netfilter subsystem, scored 7.8 on the CVSS scale, can be exploited... The post PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193) appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

USENIX Security ’23 – Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators

Security Boulevard

Authors/Presenters:Athanasios Avgetidis, Omar Alrawi, Kevin Valakuzhy, Charles Lever, Paul Burbage, Angelos D. Keromytis, Fabian Monrose, Manos Antonakakis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Attackers Leveraging Public Cobalt Strike Profiles to Evade Detection

Penetration Testing

In a recent report, Unit 42 researchers have revealed a concerning trend: threat actors are increasingly exploiting publicly available Cobalt Strike profiles to mask their malicious activities and bypass security measures. Cobalt Strike, a... The post Attackers Leveraging Public Cobalt Strike Profiles to Evade Detection appeared first on Cybersecurity News.

article thumbnail

Montgomery County, Md.’s Chatbot Shows GenAI in Action

Security Boulevard

I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from. The post Montgomery County, Md.’s Chatbot Shows GenAI in Action appeared first on Security Boulevard.

article thumbnail

Water Sigbin Threat Actor Targets Oracle WebLogic Servers to Deploy XMRig Cryptominer

Penetration Testing

Security researchers at Trend Micro have uncovered a sophisticated campaign by the Water Sigbin threat actor, also known as the 8220 Gang, targeting Oracle WebLogic servers to deploy XMRig cryptocurrency miners. This group, primarily... The post Water Sigbin Threat Actor Targets Oracle WebLogic Servers to Deploy XMRig Cryptominer appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CVE-2024-5261 (CVSS 10): LibreOffice Patches Critical Vulnerability in LibreOfficeKit

Penetration Testing

The Document Foundation, the organization behind the popular open-source office suite LibreOffice, has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-5261) in its LibreOfficeKit component. This flaw could allow attackers to intercept... The post CVE-2024-5261 (CVSS 10): LibreOffice Patches Critical Vulnerability in LibreOfficeKit appeared first on Cybersecurity News.