Sun.Dec 15, 2024

article thumbnail

Weekly Update 430

Troy Hunt

I'm back in Oslo! Writing this the day after recording, it feels like I couldn't be further from Dubai; the temperature starts with a minus, it's snowing and there's not a supercar in sight. Back on business, this week I'm talking about the challenge of loading breaches and managing costs. A breach load immediately takes us from a very high percentage cache hit ratio on Cloudflare to zero.

article thumbnail

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

The Hacker News

94
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024

Security Boulevard

Its all too clear that the cybersecurity community, once more, is facing elevated challenges as well as opportunities. Part one of a four-part series The worlds reliance on interconnected digital infrastructure continues to deepen, even as the threats facing it (more) The post LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024 first appeared on The Last Watchdog.

article thumbnail

OpenAI Services Hit by Major Outage Due to Telemetry Service Deployment

Penetration Testing

OpenAI experienced a significant service disruption on December 11, 2024, impacting all its services, including ChatGPT, the API, and Sora. The outage, lasting over four hours, was caused by a... The post OpenAI Services Hit by Major Outage Due to Telemetry Service Deployment appeared first on Cybersecurity News.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Simple Math Behind Public Key Cryptography

WIRED Threat Level

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.

article thumbnail

CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass

Penetration Testing

A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library. This flaw stems from the misuse of the ServerConfig.PublicKeyCallbackfunction, potentially leading to authorization... The post CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass appeared first on Cybersecurity News.

Risk 73

More Trending

article thumbnail

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released

Penetration Testing

A critical vulnerability in the Spring Framework, tracked as CVE-2024-38819 (CVSS score 7.5), has been publicly disclosed, along with a proof-of-concept (PoC) exploit. This flaw allows attackers to conduct path... The post CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released appeared first on Cybersecurity News.

article thumbnail

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. IOCONTROL cyberweapon used to target infrastructure in the US and Isreael U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.

Spyware 71
article thumbnail

I'm an AI tools expert, and these are my only two I pay for

Zero Day

70
article thumbnail

The Zero-Detection PHP Backdoor Glutton Exposed

Penetration Testing

A discovery by XLab has detailed Glutton, a stealthy PHP backdoor targeting both traditional organizations and the cybercrime ecosystem itself. According to XLabs analysis, Glutton represents a new generation of... The post The Zero-Detection PHP Backdoor Glutton Exposed appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Scourge of the 'Industry Standard'

SecureWorld News

Let's talk about the phrase "industry standard." It is everywhere in contracts: "We'll adopt industry standards for security, compliance, and audit." It sounds like a solid commitment, but the truth is, the industry standard is remarkably low. A 2023 Navex Global survey found that only half of compliance professionals rated their programs as mature.

article thumbnail

Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks

Penetration Testing

A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a widely used open-source IT asset management and service desk software. These vulnerabilities, if... The post Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks appeared first on Cybersecurity News.

article thumbnail

Kali Linux 2024.4 Release (Python 3.12, Goodbye i386, Raspberry Pi Imager & Kali NetHunter)

Kali Linux

61
article thumbnail

Russian APT “Secret Blizzard” Leverages Cybercriminal Tools in Ukraine Attacks

Penetration Testing

A new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and Turla... The post Russian APT “Secret Blizzard” Leverages Cybercriminal Tools in Ukraine Attacks appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. PROXY.

Malware 61
article thumbnail

CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN

Penetration Testing

X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN application, revealing several vulnerabilities, including one rated as “critical” and two rated as... The post CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN appeared first on Cybersecurity News.

VPN 62
article thumbnail

5 Valuable Advertising Tips Every Entrepreneur Should Know

SecureBlitz

Here are 5 valuable advertising tips every entrepreneur should know… Successful advertising is about ensuring your message resonates and drives action, not only about getting it in front of people. For business owners negotiating the crowded market, the capacity to create and carry out successful campaigns can differentiate your brand. Understanding the nuances of advertising […] The post 5 Valuable Advertising Tips Every Entrepreneur Should Know appeared first on SecureBlitz Cyberse

article thumbnail

Hackers Hack Hackers: MUT-1244 Steals Credentials in Deceptive GitHub Attack

Penetration Testing

According to Datadog Security Labs, a cybercriminal group known as MUT-1244 has launched a sophisticated attack campaign that successfully compromised not only regular users but also other hackers and security... The post Hackers Hack Hackers: MUT-1244 Steals Credentials in Deceptive GitHub Attack appeared first on Cybersecurity News.

Hacking 54
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

‍Kovrr Reveals New Standardized Approach to Ensure Objectivity to Quantify Cybersecurity Control Impact & Financial Forecasts in New Report | Kovrr

Security Boulevard

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Kovrr Reveals New Standardized Approach to Ensure Objectivity to Quantify Cybersecurity Control Impact & Financial Forecasts in New Report | Kovrr appeared first on Security Boulevard.

article thumbnail

Pumakit: The Dangerous New Linux Rootkit Unveiled

Hacker's King

Linux, known for its robust security and reliability, has long been the operating system of choice for developers, enterprises, and cybersecurity experts. However, with great popularity comes great risk. The emergence of a new rootkit named Pumakit has sent shockwaves through the cybersecurity community, raising serious concerns about the vulnerabilities in Linux-based systems.

article thumbnail

Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)

Security Boulevard

Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution.

article thumbnail

Malicious ad distributes SocGholish malware to Kaiser Permanente employees

Malwarebytes

On December 15, we detected a malicious campaign targeting Kaiser Permanente employees via Google Search Ads. The fraudulent ad masquerades as the health care company’s HR portal used to check for benefits, download paystubs and other corporate related tasks. We believe the threat actors’ intent was to phish KP employees for their login credentials, but something unexpected happened.

Malware 52
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

Security Boulevard

In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking [] The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encry

article thumbnail

Google Ads Abused in Graphic Design Malvertising Attack

Penetration Testing

Silent Push Threat Analysts have revealed a widespread malvertising campaign exploiting Google Ads to target graphic design professionals. This ongoing operation, active since November, utilizes domains hosted on dedicated IP... The post Google Ads Abused in Graphic Design Malvertising Attack appeared first on Cybersecurity News.

article thumbnail

Empower Your SOC Teams with Cloud-Native Security Solutions

Security Boulevard

Can Cloud-Native Security Be a Game-Changer for Your SOC Teams? In todays complex digital landscape, organizations are increasingly challenged to protect their data while ensuring compliance with evolving cybersecurity regulations. From finance to healthcare, businesses are recognizing the need for a more comprehensive approach to securing machine identities, especially Non-Human Identities (NHIs).

article thumbnail

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Penetration Testing

In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10 security flaws in Ruijie Networks’ Reyee cloud management platform and its associated Reyee... The post Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover appeared first on Cybersecurity News.

IoT 51
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Proactively Securing Machine Identities to Prevent Attacks

Security Boulevard

Why Should Proactive Security Management of Machine Identities Be a Priority? With the rise of digitalization across various sectors, organizations have ramped up their security measures to safeguard sensitive data. An area that often gets overlooked in this process, yet is crucial to robust data security, is the management of non-human identities (NHIs).

article thumbnail

Stealth, Persistence, and Privilege Escalation: A Sophisticated PUMAKIT Linux Malware

Penetration Testing

Elastic Security Labs has uncovered “PUMAKIT,” a sophisticated multi-stage malware targeting Linux systems. Initially discovered during routine threat hunting on VirusTotal, PUMAKIT exemplifies cutting-edge techniques in stealth, persistence, and privilege... The post Stealth, Persistence, and Privilege Escalation: A Sophisticated PUMAKIT Linux Malware appeared first on Cybersecurity News.

Malware 51
article thumbnail

Empower Your Security with Cloud Compliance Innovations

Security Boulevard

How Can We Empower Security with Cloud Compliance Innovations? As we continue to leverage cloud services for our businesses, one cannot ignore the escalating complexity of cybersecurity. Non-Human Identities (NHIs) and Secrets Security Management has emerged as a core player in empowering security in this dynamic environment. But what is an NHI? How do they [] The post Empower Your Security with Cloud Compliance Innovations appeared first on Entro.

article thumbnail

Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances

Penetration Testing

Citrix has issued an advisory highlighting an increase in password spraying attacks aimed at NetScaler appliances worldwide. These attacks exploit authentication endpoints, causing significant operational disruptions for targeted organizations. Unlike... The post Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances appeared first on Cybersecurity News.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.